Amazon recently announced that the Application Load Balancer supports AWS PrivateLink and static IP addresses by direct integration with the Network Load Balancer.
The new feature combines the capabilities of two AWS services, the Network Load Balancer (NLB) and the Application Load Balancer (ALB). The NLB is a layer 4 load balancer for both TCP and UDP traffic that supports AWS PrivateLink and can provide a static IP per availability zone, while the ALB is a managed layer 7 load balancing service that supports TLS termination, AWS Web Application Firewall (WAF) integration and request routing features based on parameters or path. Rohit Aswani, senior specialist solutions architect at AWS, explains how static IP addresses are supported:
This new feature allows AWS customers to directly register an ALB as an NLB target, eliminating the need to actively manage changing ALB IP addresses in a daisy chain configuration. This is achieved by making use of a newly introduced Application Load Balancer-type target group for NLB. You can now easily combine the benefits of NLB, including PrivateLink and zonal static IP addresses, with the advanced routing offered by ALB to load balance traffic to your applications.
Source: https://aws.amazon.com/blogs/networking-and-content-delivery/application-load-balancer-type-target-group-for-network-load-balancer/
Among the suggested use cases, AWS highlights applications that use multi-protocol connections, such as media services using HTTP for signaling, and RTP to stream content. Victor Feinman, solutions architect at AWS, comments:
If any teams out there who have tried to get a static IP address for an ALB, you know how important this new feature is.
While the ALB scales automatically, the IP addresses are dynamic and the ability to configure static ones has been a long term request. Previously, AWS suggested creating a Lambda function to keep a mapping between the NLB and the IP addresses of the ALB, or use AWS Global Accelerator to get static IP addresses that act as a fixed entry point to the application.
Some users welcome the new option and the ability to remove HAProxy running on EC2 from their deployments, others believe that the new approach is suboptimal. Matthew Venne, senior solutions director at stackArmor, tweets:
Is the NLB or ALB free when used in the configuration? Seems like a real gut punch to customers since AWS created the problem with lack of foresight and their only solution is adding unnecessary cost and complexity.
Patrick Ryan, software developer, highlights the lack of a Lambda target for the NLB while user "Best of Amazon Blind" tweets:
Application Load Balancer now makes it easier to add unnecessary dependencies to your application.
The feature does not incur additional AWS costs, but having to deploy a Network Load Balancer in front of an Application Load Balancer can significantly increase the costs of a deployment.