1 個回答
- 最新
- 最多得票
- 最多評論
1
NLB works at the network layer (Layer 4 in the OSI model). Ignoring the ability to perform TLS offload (which is what you're asking) it "looks" different at the network level to the client than using ALB. ALB works at the application layer (Layer 7).
From the client to the back-end target, when configured for pass-through (ALB) and not offloading TLS (NLB) it they both look like this:
Client ---(A)---> Load Balancer ---(B)---> Target
With NLB:
- In (A) the source IP is the client; the destination IP is the load balancer
- In (B) the source IP is the client (there are exceptions but in most cases); the destination IP is the target instance - it is the same TCP session
NLB is doing source (client) IP preservation.
With ALB:
- In (A) the source IP is the client; the destination IP is the load balancer
- In (B) the source IP is the load balancer the destination IP is the target instance - and it is a different TCP session (port numbers, sequence numbers)
相關內容
- 已提問 4 個月前
- AWS 官方已更新 1 年前
- AWS 官方已更新 7 個月前
- AWS 官方已更新 2 年前
- AWS 官方已更新 8 個月前