Category: Gateway Load Balancer

Today, on 30th August 2023, AWS launched a new enhancement to the Amazon Virtual Private Cloud (Amazon VPC) Ingress Routing feature. With this enhancement, customers can now specify a Gateway Load Balancer Endpoint (GWLBE) as the next-hop in the virtual private gateway (VGW) route table. This allows customers to inspect their traffic coming into AWS […]

At re:Invent 2020, AWS introduced  Gateway Load Balancer (GWLB), an AWS service that helps you deploy, scale, and manage third-party virtual network appliances, such as firewalls, intrusion detection and prevention systems, and others. GWLB is a type of load balancer under the Elastic Load Balancing (ELB) family. Other load balancers within the ELB family include […]

In 2020, we launched Gateway Load Balancer (GWLB), allowing you to deploy in-line inspection and filtering of packets. Various customers are leveraging this service to implement firewalls, intrusion detection, and network monitoring appliances in a centralized location. The ability to use multiple GWLB endpoints installed in workload VPCs allows distributed access to these centralized inspection […]

Introduction: AWS Gateway Load Balancer (GWLB) is an Elastic Load Balancing (ELB) service that allows customers to insert third-party virtual appliances such as firewall, intrusion detection and prevention systems (IDS/IPS), network observability and others, transparently into the traffic path. Application Load Balancer (ALB) and Network Load Balancer (NLB) are reverse proxies and traffic is routed […]

When I meet with customers and discuss AWS Gateway Load Balancer (GWLB), I often get asked for suggestions regarding integrating it with their existing Linux appliances. GWLB utilizes GENEVE encapsulation with some important custom metadata, which doesn’t natively work with either Linux or Linux’s GENEVE module (which is designed only for Ethernet (Layer 2) packets, […]

Network architects need the ability to gain insights into real-time traffic between different resources within their VPCs. Since the announcement of VPC Traffic Mirroring in 2019, the VPC feature has provided this by copying network traffic from elastic networking interfaces (ENIs) on customer’s instances as source, and then sending the traffic to a destination target […]

Introduction Exposing Internet-facing applications requires careful consideration of what security controls are needed to protect against external threats and unwanted access. These security controls can vary depending on the type of application, size of the environment, operational constraints, or required inspection depth. For some scenarios, running Network Access Control Lists (NACL) and Security Groups (SG) […]

The Gateway Load Balancer (GWLB) service launched with support from the partner network. These partners provide networking appliances that enable customers to perform varying levels of packet inspection on flows that pass through them, taking action as necessary and as defined within their configuration. For a list of partners that support GWLB, refer to the […]

Updated 03/04/2023: The following updates were made to this blog: Expanded the behavior of idle timeout to address TCP flow and UDP packets. Referenced price reduction announcement for inter-az charges Referenced enhancement made in target failover of the existing flows in GWLB Introduction At re:Invent 2020, we launched Gateway Load Balancer (GWLB), a service that […]

In our conversations with customers, we are often asked about the best way to architect centralized inspection architectures. Since the launch of AWS Gateway Load Balancer (GWLB), those discussions increasingly revolve around how to use AWS Transit Gateway, Gateway Load Balancer and Gateway Load Balancer Endpoints (GWLBE) together. In this post, we explain how to […]