Anatomy of the AWS Gateway Load Balancer
Start course
2h 49m

This section of the Solution Architect Associate learning path introduces you to the core computing concepts and services relevant to the SAA-C03 exam. We start with an introduction to the AWS compute services, understand the options available and learn how to select and apply AWS compute services to meet specific requirements. 

Want more? Try a lab playground or do a Lab Challenge

Learning Objectives

  • Learn the fundamentals of AWS compute services such as EC2, ECS, EKS, and AWS Batch
  • Understanding how load balancing and autoscaling can be used to optimize your workloads
  • Learn about the AWS serverless compute services and capabilities

The Gateway Load Balancer consists of two parts. The first part is basically a VPC interface endpoint to the Gateway Load Balancer. Let's call it a VPC Gateway Load Balancer Endpoint. This endpoint is expected to be defined in the VPC where you want to protect the traffic. The second part is the actual Gateway Load Balancer, which sends traffic to a fleet of EC2 instances running third party network appliance software. The Gateway Load Balancer is required to forward packets without alteration. 

In order to make this happen, the Gateway Load Balancer uses a tunneling protocol called GENEVE. More formally, by definition, GENEVE is a tunneling mechanism which provides extensibility while still using the offload capabilities of Network Interface Cards for performance improvement. GENEVE works by creating a Layer 2 logical network that is encapsulated in UDP packets. If that sounded a bit technical, let's break it down. 

A tunnel is created between the Gateway Load Balancer and the fleet of instances on the back-end. Traffic is encapsulated and sent through the tunnel to the security appliances implemented in EC2 instances, which will examine and act on packets as they're sent or received. The Gateway Load Balancer encapsulates the packets to the target to provide separation and add some additional information about which Gateway Load Balancer Endpoint the packet came from. GENEVE uses port 6081 to get traffic from the Gateway Load Balancer, and it uses HTTP port 80 for health checks.


About the Author
Learning Paths

Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.

To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.

Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.

He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.

In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.

Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.