Why does ELB need one public IP address for each public subnet?

Question

Hi,  
I'm creating my first scalable application on AWS. For that, I'll use a Network Load Balancer so I can balance traffic to some container instances spread in two availability zones.  
Basically, I need to do something like this.

I see I need to create one subnet for each availability zone and that's fine, but I'm a bit puzzled about why they need to be public and have their own public IP address.  
I mean, when I establish a TCP connection to the Network Load Balancer from the internet, couldn't it forward packets to private subnets directly? Why does it need to go through the public subnets first?  
There's some technical reason I fail to see here since I don't know how the Network Load Balancer is built.  
  
Thanks,  
Moreno

Answer

Hi there  
  
As you probably know load balancers distribute traffic from Clients to the instances in your Availability Zones. Since clients communicate with load balancer via internet (public network) your load balancer must be in the public subnet of your VPC. And it must have targets instances to forward traffic to. Private addresses are for communication within the VPC and public subnets are used to communicate over the internet.  
  
When you create a Network load balancer to be internet facing it will have a public IP and by default it will come with nodes (each node per AZ) depending on the number of AZs you have. The nodes will be the one having a private IP to communicate internally with instances.   
  
Here is a link where you can read more about the Network Load Balancer: https://docs.aws.amazon.com/elasticloadbalancing/latest/network/introduction.html  
   
Please feel free to give me back any feedback or if you would like more clarity on certain things.  
Thank you  
Hlulanib

Why does ELB need one public IP address for each public subnet?

Relevant content