AWS Gateway LoadBalancer: A Load Balancer that we deserve

Nowadays, LoadBalancing is one of the basic needs for the application systems to perform optimally while considering some important factors like- scalability and high availability. Every cloud is providing LBaaS (LoadBalancing as a Service) as an offering so the consumers don’t have to worry about the setup and management of load-balancers by themselves.

But it’s not like that cloud is offering a single type of load balancer for every use case because for different use-case we require a different type of load balancer. For example- we have different load-balancers for Layer4 and Layer7 level traffic.

Recently AWS had a new family member in their load-balancer family and they named it “Gateway Load Balancer“. So gateway load-balancer is a load-balancing service provided by AWS to send traffic to the different appliances, applications, firewalls, etc. that are not part of the current VPC.

Gateway Load Balancer

I guess you are still confused with the use case of the gateway load balancer. Let me try to explain it with the use-case which we encountered. Since I am working in a DevOps consulting company, so every day I get to interact with different client and their use-cases. So I was having a discussion with a client who is in the security domain and they were explaining to me their use case. They have purchased a commercial firewall and set it up in shared VPC and wanted their other VPC applications (Dev, Pod) to use the firewall as a gateway for sending the traffic outside the world.

We gave a thought to this approach for a while and observed that this is a very genuine use case for security-specific domain-based companies. Then we started to evaluate the solution for this use-case and got introduced to the silver bullet of these kinds of use-cases “Gateway Load Balancer”. Here is the architecture diagram they wanted to achieve.

Architecture diagram


  • There will be a gateway load balancer created inside the shared VPC which will send the traffic to Firewall servers.
  • For the VPCs that want to communicate to the gateway load-balancer, we need to create a Gateway load-balancer endpoint similar to the VPC endpoint through which we can define the route in the routing table.

Properties of Gateway Load Balancer

  • It works on the third layer of the OSI model.
  • GWLB listens and transfers all the packets and the network is transparent i.e. no changes in the network.
  • Gateway load-balancer uses the concept of GENEVE port and sends traffic to appliances on the same protocol.
  • Provides the capability for the appliance as a service (example – firewall-as-a-service).


In the next part of this blog, I will explain how we can configure the gateway load balancer for a sample appliance running in a different VPC. It will be a more practical implementation of it.

I hope you guys have enjoyed the reading but if you have any feedback or suggestions, please reach out to me. If you have any interesting use-case for gateway load balancers please share them in the comments section.

Blog Pundit: Sandeep Rawat

Opstree is an End to End DevOps solution provider

Connect Us

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: