{"id":2059,"date":"2026-02-15T13:17:09","date_gmt":"2026-02-15T13:17:09","guid":{"rendered":"https:\/\/sreschool.com\/blog\/alb\/"},"modified":"2026-02-15T13:17:09","modified_gmt":"2026-02-15T13:17:09","slug":"alb","status":"publish","type":"post","link":"https:\/\/sreschool.com\/blog\/alb\/","title":{"rendered":"What is ALB? Meaning, Architecture, Examples, Use Cases, and How to Measure It (2026 Guide)"},"content":{"rendered":"\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">Quick Definition (30\u201360 words)<\/h2>\n\n\n\n<p>An ALB is an Application Load Balancer that routes HTTP(S) and WebSocket traffic to application endpoints based on content, headers, and path. Analogy: ALB is the traffic conductor at a busy intersection directing cars by destination and type. Formal: ALB operates at Layer 7, enforcing routing, TLS termination, and application-aware health checks.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">What is ALB?<\/h2>\n\n\n\n<p>What it is:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>An ALB is an application-aware load balancing service that routes requests using HTTP semantics, host headers, paths, and advanced rules.<\/li>\n<li>It provides TLS termination, path-based routing, header rewrites, WebSocket support, and integration with service discovery and target groups.<\/li>\n<\/ul>\n\n\n\n<p>What it is NOT:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Not a generic network TCP load balancer; ALB specifically targets Layer 7 HTTP\/S and WebSocket flows.<\/li>\n<li>Not a full API gateway replacement when you need advanced features like API key management, complex rate-limiting, comprehensive WAF policies, or built-in transformations beyond basic rewrites.<\/li>\n<\/ul>\n\n\n\n<p>Key properties and constraints:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Layer 7 routing with host\/path\/header rules.<\/li>\n<li>TLS termination and certificate management (may integrate with managed certs).<\/li>\n<li>Health checks per target group and per-path.<\/li>\n<li>Sticky sessions via cookies (session affinity).<\/li>\n<li>Rate-limiting and WAF are often adjacent services, not always built-in.<\/li>\n<li>Limits vary by provider and region: connection limits, rule counts, certificates per load balancer \u2014 check provider docs. Varies \/ depends.<\/li>\n<\/ul>\n\n\n\n<p>Where it fits in modern cloud\/SRE workflows:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Edge routing for services exposed to clients and internal north-south traffic.<\/li>\n<li>Ingress controller role for Kubernetes clusters when wrapped with a controller.<\/li>\n<li>Integrated into CI\/CD pipelines for zero-downtime deploys using target group switching and weighted routing.<\/li>\n<li>Key control point for security teams: TLS, WAF, and DDoS mitigations tie into ALB.<\/li>\n<li>Observability hub: access logs, request tracing headers, metrics feed into SRE dashboards and alerting.<\/li>\n<\/ul>\n\n\n\n<p>Diagram description (text-only):<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Clients -&gt; CDN or Edge Cache -&gt; ALB -&gt; TLS termination -&gt; Listener rules evaluate host\/path\/header -&gt; select target group -&gt; route to backend instances or containers -&gt; backend health checks return status -&gt; ALB applies stickiness or retries -&gt; responses flow back through ALB -&gt; CDN or client.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">ALB in one sentence<\/h3>\n\n\n\n<p>ALB is a Layer 7 load balancer that routes HTTP(S) and WebSocket traffic using content-aware rules, SSL termination, and health checks to distribute requests to application endpoints.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">ALB vs related terms (TABLE REQUIRED)<\/h3>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>ID<\/th>\n<th>Term<\/th>\n<th>How it differs from ALB<\/th>\n<th>Common confusion<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>T1<\/td>\n<td>NLB<\/td>\n<td>Operates at Layer 4 and handles TCP\/UDP not HTTP routing<\/td>\n<td>People expect HTTP features like path routing<\/td>\n<\/tr>\n<tr>\n<td>T2<\/td>\n<td>Classic LB<\/td>\n<td>Older generation combining Layer 4 and some Layer 7 features<\/td>\n<td>Often assumed to be same as ALB<\/td>\n<\/tr>\n<tr>\n<td>T3<\/td>\n<td>API Gateway<\/td>\n<td>Has API management, throttling, auth features<\/td>\n<td>Confused as replacement for ALB for simple routing<\/td>\n<\/tr>\n<tr>\n<td>T4<\/td>\n<td>Ingress Controller<\/td>\n<td>Kubernetes-native routing controller that may use ALB<\/td>\n<td>People equate Ingress with ALB directly<\/td>\n<\/tr>\n<tr>\n<td>T5<\/td>\n<td>CDN<\/td>\n<td>Caches content close to users rather than routing to backends<\/td>\n<td>Assumed to handle origin load balancing<\/td>\n<\/tr>\n<tr>\n<td>T6<\/td>\n<td>Reverse Proxy<\/td>\n<td>Software like Nginx works at Layer 7 like ALB but self-managed<\/td>\n<td>Mistaken for managed ALB features like autoscaling<\/td>\n<\/tr>\n<tr>\n<td>T7<\/td>\n<td>Service Mesh<\/td>\n<td>Focuses on service-to-service communication inside clusters<\/td>\n<td>Confused about replacing ALB for north-south traffic<\/td>\n<\/tr>\n<tr>\n<td>T8<\/td>\n<td>WAF<\/td>\n<td>Web Application Firewall blocks attacks by rules, not load balancing<\/td>\n<td>People think WAF is built into all ALBs<\/td>\n<\/tr>\n<tr>\n<td>T9<\/td>\n<td>TLS Terminator<\/td>\n<td>Performs crypto operations only<\/td>\n<td>Assumed to perform routing decisions like ALB<\/td>\n<\/tr>\n<tr>\n<td>T10<\/td>\n<td>Edge Router<\/td>\n<td>Sits at network edge for multiple protocols<\/td>\n<td>People assume it includes ALB application rules<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\">Row Details (only if any cell says \u201cSee details below\u201d)<\/h4>\n\n\n\n<p>None<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">Why does ALB matter?<\/h2>\n\n\n\n<p>Business impact:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Revenue continuity: ALB ensures client requests reach healthy application instances, reducing downtime that directly impacts transactions and revenue.<\/li>\n<li>Trust and brand: Proper TLS termination and consistent routing preserve user trust and meet compliance requirements.<\/li>\n<li>Risk management: ALB centralizes attack surface controls (TLS policies, integration with WAF\/DDoS), lowering business risk.<\/li>\n<\/ul>\n\n\n\n<p>Engineering impact:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Incident reduction: Health checks and smart routing isolate unhealthy targets automatically, reducing P1 pages.<\/li>\n<li>Velocity: ALB enables blue-green and canary deployments by switching target groups, supporting rapid releases.<\/li>\n<li>Scalability: Autoscaling targets behind ALB scale application capacity without changing client endpoints.<\/li>\n<\/ul>\n\n\n\n<p>SRE framing:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>SLIs\/SLOs: ALB provides SLIs like request success rate, latency at edge, and availability for SLOs.<\/li>\n<li>Error budgets: ALB incidents consume error budgets if they affect routing, TLS, or availability.<\/li>\n<li>Toil reduction: Automate routing, health checks, and certificate rotation to reduce manual work.<\/li>\n<li>On-call: ALB alerts should be precise \u2014 OSI or backend issues should not page operations unless ALB behavior is root cause.<\/li>\n<\/ul>\n\n\n\n<p>What breaks in production (3\u20135 realistic examples):<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Misconfigured health checks mark healthy instances as unhealthy and push traffic to a small set of nodes, causing overload and increased latency.<\/li>\n<li>TLS certificate expiry on ALB causes browsers to block access, producing a sudden outage.<\/li>\n<li>Listener rule conflict routes traffic incorrectly after a deployment, causing 404s or security bypass.<\/li>\n<li>Burst traffic overwhelms backend target capacity because autoscaling was misconfigured or cooldowns too long.<\/li>\n<li>Access logs disabled or misrouted causes blindspots during incident response, delaying root cause analysis.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">Where is ALB used? (TABLE REQUIRED)<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>ID<\/th>\n<th>Layer\/Area<\/th>\n<th>How ALB appears<\/th>\n<th>Typical telemetry<\/th>\n<th>Common tools<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>L1<\/td>\n<td>Edge<\/td>\n<td>Public HTTP gateway with TLS termination<\/td>\n<td>Request rate latency TLS metrics<\/td>\n<td>ALB service CDN logs<\/td>\n<\/tr>\n<tr>\n<td>L2<\/td>\n<td>Network<\/td>\n<td>Routing for north-south flows<\/td>\n<td>Connection counts error rates<\/td>\n<td>NLB ALB combined tools<\/td>\n<\/tr>\n<tr>\n<td>L3<\/td>\n<td>Service<\/td>\n<td>Ingress to a microservice or target group<\/td>\n<td>Per-route responses 4xx 5xx<\/td>\n<td>Kubernetes Ingress controllers<\/td>\n<\/tr>\n<tr>\n<td>L4<\/td>\n<td>App<\/td>\n<td>Host\/path based routing to app versions<\/td>\n<td>Backend latency success rate<\/td>\n<td>Service discovery metrics<\/td>\n<\/tr>\n<tr>\n<td>L5<\/td>\n<td>Data<\/td>\n<td>Not for data plane heavy streams<\/td>\n<td>Bandwidth errors<\/td>\n<td>Monitoring tools<\/td>\n<\/tr>\n<tr>\n<td>L6<\/td>\n<td>Kubernetes<\/td>\n<td>ALB as Ingress via controller<\/td>\n<td>Ingress events pod health<\/td>\n<td>Controller logs kube-metrics<\/td>\n<\/tr>\n<tr>\n<td>L7<\/td>\n<td>Serverless<\/td>\n<td>Fronting serverless endpoints with HTTP rules<\/td>\n<td>Invocation latency error metrics<\/td>\n<td>Function platform logs<\/td>\n<\/tr>\n<tr>\n<td>L8<\/td>\n<td>CI\/CD<\/td>\n<td>Deployment switching target groups<\/td>\n<td>Deployment success failure<\/td>\n<td>CI tools telemetry<\/td>\n<\/tr>\n<tr>\n<td>L9<\/td>\n<td>Observability<\/td>\n<td>Source of access logs traces headers<\/td>\n<td>Access logs trace IDs<\/td>\n<td>Logging and APM tools<\/td>\n<\/tr>\n<tr>\n<td>L10<\/td>\n<td>Security<\/td>\n<td>TLS policies WAF integration<\/td>\n<td>Blocked requests anomalies<\/td>\n<td>WAF SIEM tools<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\">Row Details (only if needed)<\/h4>\n\n\n\n<p>None<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">When should you use ALB?<\/h2>\n\n\n\n<p>When it\u2019s necessary:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>You need HTTP(S) or WebSocket routing based on host, path, or headers.<\/li>\n<li>TLS termination close to the edge is required.<\/li>\n<li>You want managed autoscaling and high availability for web traffic.<\/li>\n<li>You need native integration with cloud target groups and service discovery.<\/li>\n<\/ul>\n\n\n\n<p>When it\u2019s optional:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Simple TCP services where Layer 4 load balancing suffices.<\/li>\n<li>Very small internal apps where reverse proxies per app are simpler.<\/li>\n<li>When a full API gateway is already handling advanced API management and rate-limiting.<\/li>\n<\/ul>\n\n\n\n<p>When NOT to use \/ overuse it:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Don\u2019t use ALB for non-HTTP protocols like SSH or SMTP.<\/li>\n<li>Avoid chaining multiple ALBs unless necessary; it increases latency and complexity.<\/li>\n<li>Don\u2019t offload business logic or complex request transformations to ALB; use an API gateway or application layer.<\/li>\n<\/ul>\n\n\n\n<p>Decision checklist:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>If you need content-aware routing and TLS termination -&gt; Use ALB.<\/li>\n<li>If you need advanced auth, API keys, or per-API quotas -&gt; Use API gateway or combine ALB with API gateway.<\/li>\n<li>If the workload is pure TCP\/UDP -&gt; Use network-level LB or NLB.<\/li>\n<\/ul>\n\n\n\n<p>Maturity ladder:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Beginner: Single ALB fronting a monolith with basic health checks and TLS.<\/li>\n<li>Intermediate: ALB with multiple target groups, path-based routing, blue-green deploys, basic observability.<\/li>\n<li>Advanced: ALB integrated with WAF, automated certificate rotation, granular SLIs, canary weighted routing, and traffic-shifting automation.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">How does ALB work?<\/h2>\n\n\n\n<p>Components and workflow:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Listener: Accepts incoming connections on a port (80\/443) and evaluates rules.<\/li>\n<li>Rules and priorities: List of conditions (host, path, headers) and actions.<\/li>\n<li>Target groups: Backends registered by instance ID, IP, or container port where traffic is forwarded.<\/li>\n<li>Health checks: Periodic probes per target group to mark targets healthy or unhealthy.<\/li>\n<li>Load balancer nodes: Managed compute that terminates TLS and forwards requests.<\/li>\n<li>Access logs and metrics: Request logs, latency histograms, and error counters for observability.<\/li>\n<\/ul>\n\n\n\n<p>Data flow and lifecycle:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Client connects to ALB listener.<\/li>\n<li>TLS handshake if HTTPS; ALB selects certificate.<\/li>\n<li>Listener evaluates request against rules by priority.<\/li>\n<li>Matching action forwards to a target group or redirects.<\/li>\n<li>ALB selects a healthy target using load-balancing algorithm (usually round-robin weighted).<\/li>\n<li>ALB forwards request, waits for backend response, possibly applying timeouts and retries.<\/li>\n<li>Response is returned to client; ALB logs request and updates metrics.<\/li>\n<\/ol>\n\n\n\n<p>Edge cases and failure modes:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Backend timeouts causing ALB to return 504.<\/li>\n<li>Misrouted traffic due to rule precedence errors causing unexpected backends.<\/li>\n<li>Sudden target group flapping if health checks are too strict.<\/li>\n<li>TLS policy mismatches causing handshake failures for certain clients.<\/li>\n<li>Cross-zone routing disabled causing uneven load if targets are unevenly distributed.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Typical architecture patterns for ALB<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Single ALB with multiple host-based rules: Good for small multi-tenant applications sharing a domain.<\/li>\n<li>ALB per application with CDN in front: Good for isolation and caching static content.<\/li>\n<li>ALB as Kubernetes Ingress via controller: Good for cluster-native workloads; integrates target groups with pod IPs.<\/li>\n<li>ALB fronting serverless endpoints: Connects HTTP services to functions or managed PaaS backends.<\/li>\n<li>ALB + API Gateway hybrid: ALB handles static routing, API gateway handles auth and rate-limits.<\/li>\n<li>Internal ALB for service-to-service north-south traffic: Keeps cross-team traffic internal without exposing to internet.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Failure modes &amp; mitigation (TABLE REQUIRED)<\/h3>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>ID<\/th>\n<th>Failure mode<\/th>\n<th>Symptom<\/th>\n<th>Likely cause<\/th>\n<th>Mitigation<\/th>\n<th>Observability signal<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>F1<\/td>\n<td>Backend flapping<\/td>\n<td>Frequent 5xx spikes<\/td>\n<td>Heath checks misconfigured<\/td>\n<td>Relax checks adjust thresholds<\/td>\n<td>Health check failures<\/td>\n<\/tr>\n<tr>\n<td>F2<\/td>\n<td>TLS handshake failures<\/td>\n<td>Clients report TLS errors<\/td>\n<td>Expired or wrong cert<\/td>\n<td>Rotate certs update policies<\/td>\n<td>TLS error counts<\/td>\n<\/tr>\n<tr>\n<td>F3<\/td>\n<td>Rule conflict<\/td>\n<td>Requests routed wrong<\/td>\n<td>Overlapping priorities<\/td>\n<td>Reorder rules test in staging<\/td>\n<td>Unexpected 404s 301s<\/td>\n<\/tr>\n<tr>\n<td>F4<\/td>\n<td>Autoscale lag<\/td>\n<td>Increased latency and 5xx<\/td>\n<td>Slow scale-up cooldowns<\/td>\n<td>Tune autoscale policies<\/td>\n<td>Instance launch metrics<\/td>\n<\/tr>\n<tr>\n<td>F5<\/td>\n<td>Access log gaps<\/td>\n<td>Missing forensic data<\/td>\n<td>Logging disabled misconfigured<\/td>\n<td>Enable and route logs<\/td>\n<td>Missing request IDs<\/td>\n<\/tr>\n<tr>\n<td>F6<\/td>\n<td>High connection churn<\/td>\n<td>CPU spikes on LB nodes<\/td>\n<td>Client keepalive poor settings<\/td>\n<td>Adjust timeouts and keepalives<\/td>\n<td>Connection churn metric<\/td>\n<\/tr>\n<tr>\n<td>F7<\/td>\n<td>DDoS or traffic spikes<\/td>\n<td>High request burst outages<\/td>\n<td>Insufficient WAF or limits<\/td>\n<td>Engage WAF rate-limits CDN<\/td>\n<td>Sudden traffic surge metric<\/td>\n<\/tr>\n<tr>\n<td>F8<\/td>\n<td>Internal routing loop<\/td>\n<td>Elevated latency and timeouts<\/td>\n<td>Redirect rules circular<\/td>\n<td>Fix redirect logic add guards<\/td>\n<td>High upstream latency<\/td>\n<\/tr>\n<tr>\n<td>F9<\/td>\n<td>Cross-zone imbalance<\/td>\n<td>Uneven backend utilization<\/td>\n<td>Cross-zone disabled<\/td>\n<td>Enable cross-zone balancing<\/td>\n<td>Per-az request counts<\/td>\n<\/tr>\n<tr>\n<td>F10<\/td>\n<td>Header truncation<\/td>\n<td>Auth failures downstream<\/td>\n<td>Header size limits<\/td>\n<td>Increase limits or compress<\/td>\n<td>4xx auth errors<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\">Row Details (only if needed)<\/h4>\n\n\n\n<p>None<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">Key Concepts, Keywords &amp; Terminology for ALB<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>ALB \u2014 Layer 7 load balancer for HTTP and WebSocket traffic \u2014 central request router \u2014 assuming Layer 4 features is a pitfall.<\/li>\n<li>Listener \u2014 Entry point configured with port\/protocol \u2014 receives connections \u2014 misconfigured ports cause no traffic.<\/li>\n<li>Target group \u2014 Set of backend endpoints \u2014 used for routing and health checks \u2014 forgetting registration causes 503.<\/li>\n<li>Health check \u2014 Probes to determine target health \u2014 prevents routing to unhealthy nodes \u2014 overly strict checks cause flapping.<\/li>\n<li>Rule \u2014 Condition-action pair on listener \u2014 defines routing logic \u2014 priority errors cause unexpected routing.<\/li>\n<li>Path-based routing \u2014 Routes by URL path \u2014 enables microservice segregation \u2014 incorrect prefixes can break routes.<\/li>\n<li>Host-based routing \u2014 Routes by host header \u2014 useful for multi-tenant domains \u2014 missing host header breaks routing.<\/li>\n<li>Sticky sessions \u2014 Session affinity using cookies \u2014 maintains session to a target \u2014 prevents true stateless scaling.<\/li>\n<li>TLS termination \u2014 Decrypts TLS at ALB \u2014 reduces backend CPU usage \u2014 mismanagement risks cert expiry outages.<\/li>\n<li>TLS passthrough \u2014 Leaves TLS to backend \u2014 needed for end-to-end encryption \u2014 not always supported by ALB.<\/li>\n<li>Certificate \u2014 Public key for TLS \u2014 must be valid and rotated \u2014 expired certs cause client errors.<\/li>\n<li>WAF \u2014 Web Application Firewall \u2014 blocks attacks by rules \u2014 may be separate service integrated with ALB.<\/li>\n<li>CDN \u2014 Content Delivery Network \u2014 caches responses before ALB \u2014 reduces backend load \u2014 invalid caches cause stale content.<\/li>\n<li>Access logs \u2014 Request level logs including headers and paths \u2014 essential for forensics \u2014 disabling leads to blindspots.<\/li>\n<li>Connection draining \u2014 Allows in-flight requests to complete on targets being deregistered \u2014 prevents abrupt terminations.<\/li>\n<li>Weighted routing \u2014 Distribute traffic by weight across targets \u2014 enables canary releases \u2014 wrong weights cause leakage.<\/li>\n<li>Canary deployment \u2014 Gradual rollout to subset of traffic \u2014 reduces risk \u2014 needs monitoring to rollback quickly.<\/li>\n<li>Blue-green deployment \u2014 Swap active target groups or endpoints \u2014 minimizes downtime \u2014 needs DNS or LB switching.<\/li>\n<li>Cross-zone load balancing \u2014 Distributes traffic evenly across availability zones \u2014 prevents hotspotting \u2014 disabled causes imbalance.<\/li>\n<li>Idle timeout \u2014 Connection timeout setting \u2014 affects long-polling and WebSockets \u2014 too low breaks long connections.<\/li>\n<li>Keepalive \u2014 Maintains persistent connections \u2014 reduces backend connection overhead \u2014 misconfigured can keep stale connections.<\/li>\n<li>Rate limiting \u2014 Limits request rate \u2014 protects backends \u2014 may need integration with API gateway or WAF.<\/li>\n<li>Retry logic \u2014 Retries transient failures \u2014 protect clients from intermittent errors \u2014 may hide persistent failures.<\/li>\n<li>Circuit breaker \u2014 Stops sending traffic to failing components \u2014 reduces cascading failures \u2014 must be tuned to backend behavior.<\/li>\n<li>Observability \u2014 Metrics logs traces fed into monitoring systems \u2014 necessary for response and capacity planning \u2014 missing traces hampers debugging.<\/li>\n<li>SLIs \u2014 Service Level Indicators like p99 latency and availability \u2014 measurable signals \u2014 choose ones that reflect user experience.<\/li>\n<li>SLOs \u2014 Service Level Objectives derived from SLIs \u2014 operational goals \u2014 unrealistic SLOs cause wasted effort.<\/li>\n<li>Error budget \u2014 Allowable failure margin for releases \u2014 drives risk-taking decisions \u2014 burning budget too fast limits deployments.<\/li>\n<li>Access control lists \u2014 Rules controlling source access \u2014 protects internal ALBs \u2014 misconfigured ACL blocks legit traffic.<\/li>\n<li>Mutual TLS \u2014 Two-way TLS authentication \u2014 enforces client certs \u2014 complex rotation management is a pitfall.<\/li>\n<li>HTTP\/2 \u2014 Protocol for multiplexed requests \u2014 reduces latency \u2014 some backends may not support it.<\/li>\n<li>WebSocket \u2014 Bidirectional persistent connections \u2014 requires idle timeout adjustment \u2014 broken by intermediate proxies with short timeouts.<\/li>\n<li>Header rewriting \u2014 Modify headers passing to backend \u2014 supports routing and security \u2014 incorrect rewrites break auth.<\/li>\n<li>Content-based routing \u2014 Decisions based on request body or headers \u2014 powerful but can be expensive \u2014 heavy parsing increases latency.<\/li>\n<li>Connection limit \u2014 Max concurrent connections the ALB supports \u2014 exceeding causes dropped traffic \u2014 monitor and scale.<\/li>\n<li>Target registration \u2014 Adding instances or IPs to target groups \u2014 mistakes leave apps unserved \u2014 automate registration.<\/li>\n<li>Health threshold \u2014 Number of consecutive successes\/failures to mark healthy\/unhealthy \u2014 tuning needed to avoid flapping.<\/li>\n<li>IPv6 support \u2014 Whether ALB handles IPv6 traffic \u2014 impacts global clients \u2014 not always available or configured.<\/li>\n<li>Internal ALB \u2014 Not internet-facing, used for internal traffic \u2014 reduces exposure \u2014 using internet ALB increases attack surface.<\/li>\n<li>DNS CNAME\/ALIAS \u2014 DNS records pointing to ALB \u2014 must be updated on IP changes \u2014 using alias records often required.<\/li>\n<li>Rate-based WAF rules \u2014 Block based on threshold of requests \u2014 useful for bot mitigation \u2014 fine-tuning required to avoid false positives.<\/li>\n<li>Auto scaling integration \u2014 Dynamic scaling of backends based on metrics \u2014 avoids overload \u2014 poor metrics lead to scaling mismatches.<\/li>\n<li>Latency histogram \u2014 Distribution of response times \u2014 helps identify p99 and outliers \u2014 averages hide tail latency.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">How to Measure ALB (Metrics, SLIs, SLOs) (TABLE REQUIRED)<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>ID<\/th>\n<th>Metric\/SLI<\/th>\n<th>What it tells you<\/th>\n<th>How to measure<\/th>\n<th>Starting target<\/th>\n<th>Gotchas<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>M1<\/td>\n<td>Request success rate<\/td>\n<td>Availability from client view<\/td>\n<td>Successful responses \/ total requests<\/td>\n<td>99.9% monthly<\/td>\n<td>4xx vs 5xx matter differently<\/td>\n<\/tr>\n<tr>\n<td>M2<\/td>\n<td>Latency p95 p99<\/td>\n<td>User-perceived responsiveness<\/td>\n<td>Histogram from ALB timings<\/td>\n<td>p95 &lt; 300ms p99 &lt; 1s<\/td>\n<td>Backend queuing inflates tail<\/td>\n<\/tr>\n<tr>\n<td>M3<\/td>\n<td>Error rate 5xx<\/td>\n<td>Backend failures through ALB<\/td>\n<td>5xx count \/ total<\/td>\n<td>&lt; 0.1%<\/td>\n<td>Retries can mask real errors<\/td>\n<\/tr>\n<tr>\n<td>M4<\/td>\n<td>Backend healthy targets<\/td>\n<td>Capacity available<\/td>\n<td>Healthy targets per group<\/td>\n<td>&gt;= 2 per AZ<\/td>\n<td>Flapping hides real capacity<\/td>\n<\/tr>\n<tr>\n<td>M5<\/td>\n<td>TLS handshake failures<\/td>\n<td>TLS problems between client and ALB<\/td>\n<td>TLS error counts<\/td>\n<td>0 per hour<\/td>\n<td>Some clients use legacy ciphers<\/td>\n<\/tr>\n<tr>\n<td>M6<\/td>\n<td>Connection count<\/td>\n<td>Concurrency and saturation risk<\/td>\n<td>Active connections gauge<\/td>\n<td>Depends on app<\/td>\n<td>Long-lived websockets inflate this<\/td>\n<\/tr>\n<tr>\n<td>M7<\/td>\n<td>Request per second<\/td>\n<td>Traffic baseline<\/td>\n<td>Sum requests per second<\/td>\n<td>Varies by app<\/td>\n<td>Bursts require spike handling<\/td>\n<\/tr>\n<tr>\n<td>M8<\/td>\n<td>4xx rate<\/td>\n<td>Client errors and routing issues<\/td>\n<td>4xx count \/ total<\/td>\n<td>Monitor trend<\/td>\n<td>Automated clients can cause spikes<\/td>\n<\/tr>\n<tr>\n<td>M9<\/td>\n<td>Access log volume<\/td>\n<td>Logging completeness and scale<\/td>\n<td>Log lines ingested<\/td>\n<td>All requests logged<\/td>\n<td>Sampling hides detail<\/td>\n<\/tr>\n<tr>\n<td>M10<\/td>\n<td>Retry rate<\/td>\n<td>Network or backend retries<\/td>\n<td>Retry attempts \/ requests<\/td>\n<td>Low single digits<\/td>\n<td>Retries can cause amplification<\/td>\n<\/tr>\n<tr>\n<td>M11<\/td>\n<td>Timeouts 504<\/td>\n<td>Backend or ALB timeouts<\/td>\n<td>Count of 504 responses<\/td>\n<td>0 in SLO window<\/td>\n<td>Long backend processing causes this<\/td>\n<\/tr>\n<tr>\n<td>M12<\/td>\n<td>CPU of targets<\/td>\n<td>Backend CPU pressure<\/td>\n<td>Target metrics from hosts<\/td>\n<td>Depends on instance<\/td>\n<td>Lack of autoscale causes slowdowns<\/td>\n<\/tr>\n<tr>\n<td>M13<\/td>\n<td>Latency broken down by route<\/td>\n<td>Identifies slow endpoints<\/td>\n<td>Per-rule histograms<\/td>\n<td>Baseline per route<\/td>\n<td>Aggregation hides hotspots<\/td>\n<\/tr>\n<tr>\n<td>M14<\/td>\n<td>Cache hit ratio<\/td>\n<td>If CDN in front of ALB<\/td>\n<td>Cache hits \/ requests<\/td>\n<td>&gt; 70% for static<\/td>\n<td>Dynamic content reduces ratio<\/td>\n<\/tr>\n<tr>\n<td>M15<\/td>\n<td>DDoS signals<\/td>\n<td>Attack detection<\/td>\n<td>Anomalous traffic volumes<\/td>\n<td>Alert on spikes<\/td>\n<td>High false positives possible<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\">Row Details (only if needed)<\/h4>\n\n\n\n<p>None<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Best tools to measure ALB<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">H4: Tool \u2014 Cloud provider metrics (native)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>What it measures for ALB: Request counts, latency, healthy hosts, TLS metrics, access logs.<\/li>\n<li>Best-fit environment: Cloud-hosted ALB in same provider.<\/li>\n<li>Setup outline:<\/li>\n<li>Enable ALB metrics in provider console.<\/li>\n<li>Enable access logs to storage.<\/li>\n<li>Configure log lifecycle and export to analytics.<\/li>\n<li>Hook metrics into cloud monitoring.<\/li>\n<li>Create dashboards for SLIs.<\/li>\n<li>Strengths:<\/li>\n<li>Rich native integration and low latency.<\/li>\n<li>Accurate source for LB-specific metrics.<\/li>\n<li>Limitations:<\/li>\n<li>Vendor-specific and less customizable.<\/li>\n<li>Retention and export costs may apply.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">H4: Tool \u2014 Prometheus + exporters<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>What it measures for ALB: Backend and controller metrics, exporter-sourced ALB metrics.<\/li>\n<li>Best-fit environment: Kubernetes or self-managed monitoring.<\/li>\n<li>Setup outline:<\/li>\n<li>Deploy cloud exporter or ALB controller metrics.<\/li>\n<li>Scrape exporter endpoints.<\/li>\n<li>Create recording rules for SLIs.<\/li>\n<li>Integrate with Alertmanager for alerting.<\/li>\n<li>Strengths:<\/li>\n<li>Highly customizable and open source.<\/li>\n<li>Good for cluster-native visibility.<\/li>\n<li>Limitations:<\/li>\n<li>Needs maintenance and scaling for high volumes.<\/li>\n<li>Exporter coverage varies by provider.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">H4: Tool \u2014 Distributed tracing (OpenTelemetry)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>What it measures for ALB: End-to-end latency, trace context propagation through ALB.<\/li>\n<li>Best-fit environment: Microservices and distributed systems.<\/li>\n<li>Setup outline:<\/li>\n<li>Instrument services with OpenTelemetry SDKs.<\/li>\n<li>Ensure ALB forwards trace headers.<\/li>\n<li>Collect traces centrally and connect to traces dashboard.<\/li>\n<li>Strengths:<\/li>\n<li>Pinpoints backend and network-induced latency.<\/li>\n<li>Visualizes dependency graphs.<\/li>\n<li>Limitations:<\/li>\n<li>Requires instrumentation; sampling trades off fidelity.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">H4: Tool \u2014 Log analytics (ELK \/ Lakes)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>What it measures for ALB: Access logs, request headers, error payloads.<\/li>\n<li>Best-fit environment: Teams needing deep search and forensics.<\/li>\n<li>Setup outline:<\/li>\n<li>Route ALB access logs to storage.<\/li>\n<li>Ingest logs into analytics pipeline.<\/li>\n<li>Parse fields and create dashboards.<\/li>\n<li>Strengths:<\/li>\n<li>Powerful ad-hoc investigation and alerting.<\/li>\n<li>Can retain long-term history.<\/li>\n<li>Limitations:<\/li>\n<li>Costly at large scale and needs storage management.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">H4: Tool \u2014 Application Performance Monitoring (APM)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>What it measures for ALB: End-to-end latency, error rates, traces correlated with ALB metrics.<\/li>\n<li>Best-fit environment: Production apps requiring deep performance insights.<\/li>\n<li>Setup outline:<\/li>\n<li>Install APM agents in services.<\/li>\n<li>Ensure incoming request tracing header integration.<\/li>\n<li>Correlate APM metrics with ALB request rates.<\/li>\n<li>Strengths:<\/li>\n<li>Rich UI for root cause analysis.<\/li>\n<li>Automatic anomaly detection.<\/li>\n<li>Limitations:<\/li>\n<li>License costs and potential overhead.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Recommended dashboards &amp; alerts for ALB<\/h3>\n\n\n\n<p>Executive dashboard:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Panels: Overall request success rate, p95\/p99 latency, monthly availability, top 5 affected services.<\/li>\n<li>Why: Business-level health and SLA visibility.<\/li>\n<\/ul>\n\n\n\n<p>On-call dashboard:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Panels: Current request\/s error rates, target group health, recent 5xx spikes, TLS failure rate, top slow routes.<\/li>\n<li>Why: Fast triage, identify if ALB or backend is root cause.<\/li>\n<\/ul>\n\n\n\n<p>Debug dashboard:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Panels: Per-route latency histogram, per-target CPU and memory, access logs tail, health check history, connection counts.<\/li>\n<li>Why: Deep debugging for incidents.<\/li>\n<\/ul>\n\n\n\n<p>Alerting guidance:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Page-worthy alerts: ALB total availability below SLO, TLS handshake failures affecting &gt;1% of traffic, persistent target group unhealthy count &gt;= threshold.<\/li>\n<li>Ticket-only alerts: Transient elevated latency not sustained beyond window, access log upload failure with retries in place.<\/li>\n<li>Burn-rate guidance: Use burn-rate calculations for error budget consumption; page if burn rate &gt; 3x for 1 hour and error budget still significant.<\/li>\n<li>Noise reduction tactics: Deduplicate alerts by grouping by ALB name, use suppression windows during known maintenance, set thresholds per-application baselines.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">Implementation Guide (Step-by-step)<\/h2>\n\n\n\n<p>1) Prerequisites\n&#8211; Inventory of applications and domains.\n&#8211; DNS plan for ALIAS\/CNAME records.\n&#8211; Certificates or certificate manager setup.\n&#8211; IAM or role permissions for provisioning ALBs and logging.\n&#8211; Monitoring and logging accounts prepared.<\/p>\n\n\n\n<p>2) Instrumentation plan\n&#8211; Decide SLIs and SLOs for request success and latency.\n&#8211; Ensure services propagate trace headers.\n&#8211; Enable ALB access logs and export to logging system.<\/p>\n\n\n\n<p>3) Data collection\n&#8211; Stream access logs to a durable storage.\n&#8211; Scrape ALB metrics and backend metrics into monitoring system.\n&#8211; Configure trace ingestion for distributed tracing.<\/p>\n\n\n\n<p>4) SLO design\n&#8211; Create SLI definitions: success rate, p99 latency per route.\n&#8211; Select SLO targets and error budgets based on business needs.<\/p>\n\n\n\n<p>5) Dashboards\n&#8211; Build executive, on-call, and debug dashboards as described above.<\/p>\n\n\n\n<p>6) Alerts &amp; routing\n&#8211; Implement alerting thresholds and connect to on-call rotation.\n&#8211; Configure escalation rules and runbooks.<\/p>\n\n\n\n<p>7) Runbooks &amp; automation\n&#8211; Create runbooks for common failures: TLS expiry, target flapping, rule misconfiguration.\n&#8211; Automate target registration, certificate rotation, and scale policies.<\/p>\n\n\n\n<p>8) Validation (load\/chaos\/game days)\n&#8211; Run load tests including TLS handshakes and long-lived connections.\n&#8211; Execute chaos experiments: kill targets, inject latency.\n&#8211; Perform game days simulating certificate expiry and large traffic spikes.<\/p>\n\n\n\n<p>9) Continuous improvement\n&#8211; Postmortem after incidents with action items.\n&#8211; Tune health checks and autoscale policies.\n&#8211; Refine SLOs based on observed data.<\/p>\n\n\n\n<p>Pre-production checklist:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Health checks validated against staging endpoints.<\/li>\n<li>TLS certificates uploaded and valid.<\/li>\n<li>Access logs enabled and verified.<\/li>\n<li>Test routing rules with synthetic traffic.<\/li>\n<li>Monitoring alerts configured and tested.<\/li>\n<\/ul>\n\n\n\n<p>Production readiness checklist:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Redundant AZs with targets in each.<\/li>\n<li>Minimum healthy targets per AZ verified.<\/li>\n<li>Autoscaling policies tested for spikes.<\/li>\n<li>Runbooks and on-call escalation in place.<\/li>\n<li>Canary deployment strategy defined.<\/li>\n<\/ul>\n\n\n\n<p>Incident checklist specific to ALB:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Check ALB metrics for spikes and TLS failures.<\/li>\n<li>Verify target group health and recent health check history.<\/li>\n<li>Tail access logs for affected requests.<\/li>\n<li>Confirm rule changes or deployments in last 30 minutes.<\/li>\n<li>If needed, reroute traffic to backup target group or disable faulty rules.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">Use Cases of ALB<\/h2>\n\n\n\n<p>1) Multi-tenant web application\n&#8211; Context: Single domain with tenant-specific subdomains.\n&#8211; Problem: Need host-based routing to different backend clusters.\n&#8211; Why ALB helps: Routes by host header to specific target groups.\n&#8211; What to measure: Per-tenant request success rate and latency.\n&#8211; Typical tools: ALB, DNS alias, monitoring.<\/p>\n\n\n\n<p>2) Kubernetes Ingress\n&#8211; Context: Kubernetes cluster exposing many services.\n&#8211; Problem: Need managed ingress with cloud load balancing.\n&#8211; Why ALB helps: Integrates with Ingress controllers to register pod IPs.\n&#8211; What to measure: Ingress latency, pod readiness, rule evaluation time.\n&#8211; Typical tools: ALB controller, Prometheus.<\/p>\n\n\n\n<p>3) Serverless HTTP fronting\n&#8211; Context: Functions behind HTTP endpoints.\n&#8211; Problem: Functions need stable URL and TLS.\n&#8211; Why ALB helps: Fronts functions and applies routing rules.\n&#8211; What to measure: Invocation latency, cold-start impact.\n&#8211; Typical tools: ALB, serverless platform logs.<\/p>\n\n\n\n<p>4) Blue-green deployments\n&#8211; Context: Risk-averse release process.\n&#8211; Problem: Need instant rollback and zero downtime.\n&#8211; Why ALB helps: Swap target groups for zero-downtime switchover.\n&#8211; What to measure: Error rate during switch, traffic split.\n&#8211; Typical tools: CI\/CD orchestrator, ALB target groups.<\/p>\n\n\n\n<p>5) WebSocket backend\n&#8211; Context: Real-time chat or streaming.\n&#8211; Problem: Persistent connections require correct timeouts.\n&#8211; Why ALB helps: Supports WebSocket with long idle timeouts.\n&#8211; What to measure: Connection counts, idle timeout errors.\n&#8211; Typical tools: ALB, application logs.<\/p>\n\n\n\n<p>6) Path-based microservice routing\n&#8211; Context: Microservices with route prefixes.\n&#8211; Problem: Consolidate single public entry point.\n&#8211; Why ALB helps: Path-based routing to different target groups.\n&#8211; What to measure: Per-path latency and errors.\n&#8211; Typical tools: ALB, tracing.<\/p>\n\n\n\n<p>7) Canary testing with weighted routing\n&#8211; Context: New version rollout.\n&#8211; Problem: Gradual exposure to a subset of traffic.\n&#8211; Why ALB helps: Weighted routing to split traffic by percentages.\n&#8211; What to measure: Canary error rate compared to baseline.\n&#8211; Typical tools: ALB, CI pipeline.<\/p>\n\n\n\n<p>8) Internal service gateway\n&#8211; Context: Cross-team internal APIs.\n&#8211; Problem: Secure and monitor internal north-south traffic.\n&#8211; Why ALB helps: Internal ALB keeps traffic inside VPC with ACLs.\n&#8211; What to measure: Internal latency and success rates.\n&#8211; Typical tools: ALB internal mode, SIEM.<\/p>\n\n\n\n<p>9) TLS offload for legacy backends\n&#8211; Context: Old services that don&#8217;t support TLS.\n&#8211; Problem: Need TLS at edge while keeping backends unchanged.\n&#8211; Why ALB helps: TLS termination and re-encrypt if needed.\n&#8211; What to measure: TLS failure counts and backend errors.\n&#8211; Typical tools: ALB, certificate manager.<\/p>\n\n\n\n<p>10) Integration with WAF for security\n&#8211; Context: Web app under attack.\n&#8211; Problem: Block OWASP class attacks and bots.\n&#8211; Why ALB helps: Integrate WAF to block malicious requests at edge.\n&#8211; What to measure: Blocked requests and false positives.\n&#8211; Typical tools: ALB + WAF, SIEM.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">Scenario Examples (Realistic, End-to-End)<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Scenario #1 \u2014 Kubernetes ingress with ALB<\/h3>\n\n\n\n<p><strong>Context:<\/strong> A microservices platform in Kubernetes exposes multiple services to the internet.<br\/>\n<strong>Goal:<\/strong> Provide secure, path- and host-based routing with autoscaling.<br\/>\n<strong>Why ALB matters here:<\/strong> ALB integrates with Kubernetes controllers to register pods and provides managed TLS termination and routing.<br\/>\n<strong>Architecture \/ workflow:<\/strong> Client -&gt; CDN -&gt; ALB -&gt; Kubernetes Ingress Controller -&gt; Services (pods) -&gt; Tracing\/Logging.<br\/>\n<strong>Step-by-step implementation:<\/strong> <\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Install ALB Ingress controller with appropriate IAM role.<\/li>\n<li>Define Ingress resources with host and path rules.<\/li>\n<li>Configure target groups to use pod IPs or node ports.<\/li>\n<li>Enable access logs and metrics export.<\/li>\n<li>Setup health checks to use application-specific endpoints.\n<strong>What to measure:<\/strong> Per-route p95\/p99, target group healthy count, pod restart rates.<br\/>\n<strong>Tools to use and why:<\/strong> ALB controller, Prometheus, Grafana, OpenTelemetry for traces.<br\/>\n<strong>Common pitfalls:<\/strong> Incorrect service annotations causing wrong port registration; health check endpoints that require auth.<br\/>\n<strong>Validation:<\/strong> Run load test and scale pods, verify ALB distributes traffic, check traces for end-to-end latency.<br\/>\n<strong>Outcome:<\/strong> Managed external ingress with predictable routing and SLO-aligned observability.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Scenario #2 \u2014 Serverless API fronted by ALB<\/h3>\n\n\n\n<p><strong>Context:<\/strong> A managed serverless platform provides functions for an API.<br\/>\n<strong>Goal:<\/strong> Expose functions under a shared domain with TLS and routing.<br\/>\n<strong>Why ALB matters here:<\/strong> ALB provides the endpoint, TLS termination, and path-based routing to function endpoints.<br\/>\n<strong>Architecture \/ workflow:<\/strong> Client -&gt; ALB -&gt; Function gateway -&gt; Function runtime -&gt; Response.<br\/>\n<strong>Step-by-step implementation:<\/strong> <\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Create ALB with HTTPS listener and certificate.<\/li>\n<li>Configure rules mapping paths to serverless function endpoints or targets.<\/li>\n<li>Enable health checks where supported or rely on platform health.<\/li>\n<li>Instrument function with traces and propagate headers.\n<strong>What to measure:<\/strong> Invocation latency, cold start rate, error rates.<br\/>\n<strong>Tools to use and why:<\/strong> ALB logs, function metrics, APM for tracing.<br\/>\n<strong>Common pitfalls:<\/strong> Incorrect idle timeout causing function timeouts; rate-limits on function provider.<br\/>\n<strong>Validation:<\/strong> Synthetic requests and observe function scaling and latency.<br\/>\n<strong>Outcome:<\/strong> Secure, stable front door for serverless APIs.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Scenario #3 \u2014 Incident response: TLS expiry outage<\/h3>\n\n\n\n<p><strong>Context:<\/strong> Production web app experiences mass failures when TLS cert expires on ALB.<br\/>\n<strong>Goal:<\/strong> Restore access quickly and prevent recurrence.<br\/>\n<strong>Why ALB matters here:<\/strong> ALB serves certificate and handshake; expiry blocks all HTTPS traffic.<br\/>\n<strong>Architecture \/ workflow:<\/strong> Client -&gt; ALB with expired cert -&gt; TLS fail -&gt; No request reaches backend.<br\/>\n<strong>Step-by-step implementation:<\/strong> <\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>On-call receives TLS handshake failure alerts.<\/li>\n<li>Verify certificate expiry on ALB console or via monitoring.<\/li>\n<li>Upload new cert or attach managed cert.<\/li>\n<li>Validate handshake and route health.<\/li>\n<li>Create postmortem to adjust certificate rotation automation.\n<strong>What to measure:<\/strong> TLS failure counts before and after, user impact metrics.<br\/>\n<strong>Tools to use and why:<\/strong> Provider console, monitoring, ticketing, runbook.<br\/>\n<strong>Common pitfalls:<\/strong> Cert uploaded but wrong domain; IAM role blocking cert access.<br\/>\n<strong>Validation:<\/strong> Browser tests and synthetic checks for TLS versions.<br\/>\n<strong>Outcome:<\/strong> Restored HTTPS access and automated rotation implemented.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Scenario #4 \u2014 Cost versus performance trade-off for ALB<\/h3>\n\n\n\n<p><strong>Context:<\/strong> High-traffic static site with dynamic endpoints; costs on ALB ingress become significant.<br\/>\n<strong>Goal:<\/strong> Reduce ALB costs without degrading latency for dynamic endpoints.<br\/>\n<strong>Why ALB matters here:<\/strong> ALB costs scale with request count and data processed.<br\/>\n<strong>Architecture \/ workflow:<\/strong> Client -&gt; CDN cache -&gt; ALB for misses -&gt; Dynamic backend.<br\/>\n<strong>Step-by-step implementation:<\/strong> <\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Move static assets fully to CDN and origin shield.<\/li>\n<li>Configure CDN to handle more logic via edge workers to avoid ALB.<\/li>\n<li>Keep ALB for dynamic API calls only; route static paths straight to CDN.<\/li>\n<li>Monitor ALB request volume and costs.\n<strong>What to measure:<\/strong> ALB request count, CDN cache hit ratio, latency for dynamic endpoints, cost per request.<br\/>\n<strong>Tools to use and why:<\/strong> CDN analytics, ALB metrics, cost reporting.<br\/>\n<strong>Common pitfalls:<\/strong> CDN cache misconfiguration causing cache misses; edge logic adding latency.<br\/>\n<strong>Validation:<\/strong> Compare cost and latency pre and post changes under load.<br\/>\n<strong>Outcome:<\/strong> Reduced ALB cost and preserved performance for dynamic traffic.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Scenario #5 \u2014 Canary release with weighted ALB routing<\/h3>\n\n\n\n<p><strong>Context:<\/strong> Deploy new service version with minimal risk.<br\/>\n<strong>Goal:<\/strong> Shift 5% traffic to canary and monitor.<br\/>\n<strong>Why ALB matters here:<\/strong> ALB supports weighted routing to target groups enabling canary tests.<br\/>\n<strong>Architecture \/ workflow:<\/strong> Client -&gt; ALB -&gt; Weighted target groups (v1 95% v2 5%) -&gt; Backends.<br\/>\n<strong>Step-by-step implementation:<\/strong> <\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Deploy new target group for v2.<\/li>\n<li>Configure weighted routing on ALB listener rules.<\/li>\n<li>Monitor canary SLOs and compare error rates.<\/li>\n<li>Gradually increase weight or rollback on anomalies.\n<strong>What to measure:<\/strong> Canary error rate, latency delta, resource usage.<br\/>\n<strong>Tools to use and why:<\/strong> ALB metrics, APM, CI\/CD rollback automation.<br\/>\n<strong>Common pitfalls:<\/strong> Insufficient telemetry on canary; cross-AZ distribution differences.<br\/>\n<strong>Validation:<\/strong> Canary steady for defined window then increase or roll back.<br\/>\n<strong>Outcome:<\/strong> Safer releases with measurable impact.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Scenario #6 \u2014 Internal service gateway with ALB<\/h3>\n\n\n\n<p><strong>Context:<\/strong> Multiple internal teams share APIs inside VPC.<br\/>\n<strong>Goal:<\/strong> Secure internal traffic and centralize routing and monitoring.<br\/>\n<strong>Why ALB matters here:<\/strong> Internal ALB restricts exposure and integrates with IAM and ACLs.<br\/>\n<strong>Architecture \/ workflow:<\/strong> Internal client -&gt; Internal ALB -&gt; Internal services -&gt; Observability.<br\/>\n<strong>Step-by-step implementation:<\/strong> <\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Create internal ALB with private subnets.<\/li>\n<li>Configure security groups and ACLs for allowed sources.<\/li>\n<li>Enable internal access logs and monitoring.<\/li>\n<li>Integrate with service discovery for dynamic targets.\n<strong>What to measure:<\/strong> Internal latency, auth failures, internal access patterns.<br\/>\n<strong>Tools to use and why:<\/strong> ALB, SIEM, service discovery tools.<br\/>\n<strong>Common pitfalls:<\/strong> Overly permissive ACLs; missing internal DNS records.<br\/>\n<strong>Validation:<\/strong> Internal clients test routes and SLO validation.<br\/>\n<strong>Outcome:<\/strong> Secure internal API routing and centralized monitoring.<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">Common Mistakes, Anti-patterns, and Troubleshooting<\/h2>\n\n\n\n<p>1) Symptom: 5xx spikes after deployment -&gt; Root cause: Health checks point to wrong path -&gt; Fix: Update health check path and verify probe response.\n2) Symptom: TLS errors from clients -&gt; Root cause: Expired certificate -&gt; Fix: Rotate certificate and automate renewal.\n3) Symptom: Uneven load across AZs -&gt; Root cause: Cross-zone disabled -&gt; Fix: Enable cross-zone balancing.\n4) Symptom: Missing access logs -&gt; Root cause: Logging disabled or permissions error -&gt; Fix: Enable logs and verify IAM.\n5) Symptom: High p99 latency -&gt; Root cause: Backend queuing and CPU saturation -&gt; Fix: Scale backends and optimize code.\n6) Symptom: Frequent target flapping -&gt; Root cause: Health check thresholds too strict -&gt; Fix: Relax thresholds and add warming period.\n7) Symptom: Redirect loops -&gt; Root cause: Misconfigured redirect rules -&gt; Fix: Review rule precedence and add loop detection.\n8) Symptom: WebSocket disconnects -&gt; Root cause: Idle timeout too short -&gt; Fix: Increase idle timeout for long connections.\n9) Symptom: Unexpected 404s -&gt; Root cause: Rule priority order incorrect -&gt; Fix: Reorder rules and test synthetic requests.\n10) Symptom: High costs with many small requests -&gt; Root cause: Static assets served through ALB not CDN -&gt; Fix: Move static content to CDN edge.\n11) Symptom: Canary leaked traffic -&gt; Root cause: Weighting misconfigured -&gt; Fix: Correct weight or use separate listener rule.\n12) Symptom: Monitoring blind spot -&gt; Root cause: Tracing headers not propagated -&gt; Fix: Ensure ALB forwards trace headers and services accept them.\n13) Symptom: Burst traffic causes outages -&gt; Root cause: Insufficient autoscale policies -&gt; Fix: Tune scale policies and pre-warm capacity.\n14) Symptom: Auth failures downstream -&gt; Root cause: Header rewrite removed auth token -&gt; Fix: Preserve auth headers or perform auth at ALB gateway.\n15) Symptom: Too many alerts -&gt; Root cause: Low thresholds and no aggregation -&gt; Fix: Raise thresholds, aggregate by ALB, add dedupe.\n16) Symptom: Per-route slowdowns -&gt; Root cause: Backend cold starts or DB contention -&gt; Fix: Warm backends, scale DB, add caching.\n17) Symptom: Long deploy impact -&gt; Root cause: No connection draining -&gt; Fix: Enable connection draining before deregistration.\n18) Symptom: Incorrect origin IPs in logs -&gt; Root cause: Missing X-Forwarded-For configuration -&gt; Fix: Ensure ALB sets X-Forwarded-For and backend reads it.\n19) Symptom: Header size errors -&gt; Root cause: Headers exceed ALB limit -&gt; Fix: Reduce header size or compress payloads.\n20) Symptom: Security breaches -&gt; Root cause: Weak TLS policy or open ACLs -&gt; Fix: Harden TLS policy and restrict ingress.\n21) Symptom: Inconsistent TLS ciphers for clients -&gt; Root cause: TLS policy misconfigured -&gt; Fix: Set supported cipher suites aligned with client base.\n22) Symptom: Slow rule evaluation -&gt; Root cause: Too many rules with complex conditions -&gt; Fix: Consolidate rules and use prefix matching.\n23) Symptom: Backend IP changes not reflected -&gt; Root cause: Static target registration instead of Dynamic discovery -&gt; Fix: Use service discovery or controller integration.\n24) Symptom: Failed retries masking issues -&gt; Root cause: Aggressive retries hide persistent backend failures -&gt; Fix: Reduce automatic retries and surface errors.\n25) Symptom: Observability missing request IDs -&gt; Root cause: ALB not injecting or passing trace ID header -&gt; Fix: Ensure header injection and propagate across services.<\/p>\n\n\n\n<p>Observability pitfalls (at least 5):<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Missing access logs prevents accurate incident reconstruction -&gt; Fix: Enable logs and retention.<\/li>\n<li>Tracing not propagated through ALB -&gt; Fix: Ensure ALB forwards trace headers.<\/li>\n<li>Aggregated metrics hide per-route issues -&gt; Fix: Create per-route SLIs.<\/li>\n<li>Sampling rates too high or too low -&gt; Fix: Tune sampling to capture important traces without overload.<\/li>\n<li>No alert on missing telemetry -&gt; Fix: Monitor logging pipeline health and configure alerts.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">Best Practices &amp; Operating Model<\/h2>\n\n\n\n<p>Ownership and on-call:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Assign ALB ownership to infrastructure or platform team with SLAs for updates and incidents.<\/li>\n<li>Include ALB in on-call rotation and document escalation for DNS and cert issues.<\/li>\n<\/ul>\n\n\n\n<p>Runbooks vs playbooks:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Runbooks: Short prescriptive steps for known failures (TLS expiry, target flapping).<\/li>\n<li>Playbooks: Higher-level incident management patterns and cross-team coordination steps.<\/li>\n<\/ul>\n\n\n\n<p>Safe deployments (canary\/rollback):<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use weighted routing and metrics-based automation to increase traffic to new versions.<\/li>\n<li>Have automatic rollback trigger when canary exceed error thresholds.<\/li>\n<\/ul>\n\n\n\n<p>Toil reduction and automation:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Automate cert rotation, target registration, and logging configuration.<\/li>\n<li>Use infrastructure-as-code for ALB configuration and tests.<\/li>\n<\/ul>\n\n\n\n<p>Security basics:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use strong TLS policies and prefer managed certificates.<\/li>\n<li>Integrate ALB with WAF and DDoS protection.<\/li>\n<li>Restrict ALB management access with least privilege roles.<\/li>\n<\/ul>\n\n\n\n<p>Weekly\/monthly routines:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Weekly: Check ALB health, review failed health checks and spike patterns.<\/li>\n<li>Monthly: Rotate TLS certs as needed, review rule complexity, audit logging configuration.<\/li>\n<\/ul>\n\n\n\n<p>What to review in postmortems related to ALB:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Was ALB part of the failure chain or did it mask another failure?<\/li>\n<li>Were health checks and thresholds appropriate?<\/li>\n<li>Was observability sufficient to detect the issue early?<\/li>\n<li>Action items: improved automation, updated runbooks, changed thresholds.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">Tooling &amp; Integration Map for ALB (TABLE REQUIRED)<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>ID<\/th>\n<th>Category<\/th>\n<th>What it does<\/th>\n<th>Key integrations<\/th>\n<th>Notes<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>I1<\/td>\n<td>Monitoring<\/td>\n<td>Collects LB metrics and alerts<\/td>\n<td>Cloud metrics Prometheus<\/td>\n<td>Native metrics are authoritative<\/td>\n<\/tr>\n<tr>\n<td>I2<\/td>\n<td>Logging<\/td>\n<td>Stores ALB access logs for analysis<\/td>\n<td>Log analytics APM<\/td>\n<td>Retention impacts cost<\/td>\n<\/tr>\n<tr>\n<td>I3<\/td>\n<td>Tracing<\/td>\n<td>End-to-end request tracing<\/td>\n<td>OpenTelemetry APM<\/td>\n<td>Requires header propagation<\/td>\n<\/tr>\n<tr>\n<td>I4<\/td>\n<td>CI\/CD<\/td>\n<td>Automates deploys and target switches<\/td>\n<td>GitOps pipelines<\/td>\n<td>Use safe deploy strategies<\/td>\n<\/tr>\n<tr>\n<td>I5<\/td>\n<td>WAF<\/td>\n<td>Blocks malicious requests at edge<\/td>\n<td>ALB WAF rules SIEM<\/td>\n<td>Tuning needed to avoid false positives<\/td>\n<\/tr>\n<tr>\n<td>I6<\/td>\n<td>CDN<\/td>\n<td>Caches content reducing ALB load<\/td>\n<td>Origin config ALB<\/td>\n<td>Improves cost and latency<\/td>\n<\/tr>\n<tr>\n<td>I7<\/td>\n<td>IAM<\/td>\n<td>Controls ALB provisioning and cert access<\/td>\n<td>Cloud IAM roles<\/td>\n<td>Least privilege for changes<\/td>\n<\/tr>\n<tr>\n<td>I8<\/td>\n<td>Service discovery<\/td>\n<td>Registers targets dynamically<\/td>\n<td>DNS consul Kubernetes<\/td>\n<td>Prevent stale registrations<\/td>\n<\/tr>\n<tr>\n<td>I9<\/td>\n<td>Chaos tools<\/td>\n<td>Exercises failure modes<\/td>\n<td>Chaos frameworks monitoring<\/td>\n<td>Test removal of targets and latency<\/td>\n<\/tr>\n<tr>\n<td>I10<\/td>\n<td>Cost tools<\/td>\n<td>Tracks ALB cost and usage<\/td>\n<td>Billing dashboards<\/td>\n<td>Useful for optimization<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\">Row Details (only if needed)<\/h4>\n\n\n\n<p>None<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">Frequently Asked Questions (FAQs)<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">H3: What exactly does ALB stand for?<\/h3>\n\n\n\n<p>ALB stands for Application Load Balancer, indicating Layer 7 routing for HTTP and WebSocket traffic.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">H3: Can ALB terminate TLS?<\/h3>\n\n\n\n<p>Yes, ALB commonly performs TLS termination and can use managed certificates or uploaded certs.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">H3: Is ALB suitable for WebSocket traffic?<\/h3>\n\n\n\n<p>Yes, ALBs typically support WebSocket with appropriate idle-timeout configuration.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">H3: Should I use ALB or an API Gateway?<\/h3>\n\n\n\n<p>Use ALB for simple routing and TLS termination; use an API Gateway when you need API management features like throttling, auth, and API keys.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">H3: How do health checks work with ALB?<\/h3>\n\n\n\n<p>Health checks are configured per target group and probe endpoints to mark targets healthy or unhealthy based on consecutive successes or failures.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">H3: Does ALB support IPv6?<\/h3>\n\n\n\n<p>Varies \/ depends on provider and region; check provider capabilities for IPv6 support.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">H3: Can I do sticky sessions with ALB?<\/h3>\n\n\n\n<p>Yes, ALB supports session affinity using cookies for sticky sessions.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">H3: How do I debug high p99 latency?<\/h3>\n\n\n\n<p>Trace end-to-end requests, break down per-route latency, and inspect backend resource metrics to find hotspots.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">H3: What happens when an ALB certificate expires?<\/h3>\n\n\n\n<p>Clients will receive TLS errors and browsers will block connections; rotate certs immediately and automate renewal.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">H3: How many rules can an ALB have?<\/h3>\n\n\n\n<p>Varies \/ depends on provider; check provider limits and design to minimize rule complexity.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">H3: Should ALB be public or internal?<\/h3>\n\n\n\n<p>Use public ALB for internet-facing services and internal ALB for private intra-VPC traffic.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">H3: How do I measure ALB availability?<\/h3>\n\n\n\n<p>Use SLIs like request success rate from client perspective and p99 latency; compute SLOs with business context.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">H3: Can ALB perform rate limiting?<\/h3>\n\n\n\n<p>ALB may not provide built-in granular rate limiting; combine with WAF or API gateway for rate enforcement.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">H3: How do I test ALB changes safely?<\/h3>\n\n\n\n<p>Use staging environments, canary releases, and weighted routing to validate changes before full rollout.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">H3: What metrics are most important for ALB?<\/h3>\n\n\n\n<p>Request success rate, p99 latency, 5xx rate, healthy hosts, TLS failures, and connection counts.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">H3: Are ALB access logs necessary?<\/h3>\n\n\n\n<p>Yes, they are essential for postmortems, security analysis, and deep debugging.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">H3: How do I reduce ALB costs?<\/h3>\n\n\n\n<p>Move static content to CDN, consolidate rules, and ensure high cache hit ratio to reduce ALB request volume.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">H3: Can ALB rewrite headers?<\/h3>\n\n\n\n<p>ALB can perform basic header manipulations but advanced transformations should be handled upstream in application or API gateway.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">Conclusion<\/h2>\n\n\n\n<p>ALBs are a critical Layer 7 component for modern cloud architectures, providing content-aware routing, TLS termination, and integration points for observability and security. Properly instrumented and configured ALBs reduce incidents, enable safer deployments, and provide the observability needed for effective SRE practices.<\/p>\n\n\n\n<p>Next 7 days plan:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Day 1: Inventory ALBs, domains, and certificates; enable access log if missing.<\/li>\n<li>Day 2: Define SLIs (success rate and p99 latency) and implement metrics collection.<\/li>\n<li>Day 3: Create executive and on-call dashboards for ALB health.<\/li>\n<li>Day 4: Implement or verify automated certificate rotation and health-check tuning.<\/li>\n<li>Day 5: Run a small canary with weighted routing for a non-critical service.<\/li>\n<li>Day 6: Conduct a game day simulating target flapping and TLS expiry.<\/li>\n<li>Day 7: Review findings and update runbooks, alerts, and automation tasks.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">Appendix \u2014 ALB Keyword Cluster (SEO)<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Primary keywords<\/li>\n<li>Application Load Balancer<\/li>\n<li>ALB<\/li>\n<li>Layer 7 load balancer<\/li>\n<li>ALB tutorial<\/li>\n<li>\n<p>ALB best practices<\/p>\n<\/li>\n<li>\n<p>Secondary keywords<\/p>\n<\/li>\n<li>ALB architecture<\/li>\n<li>ALB metrics<\/li>\n<li>ALB health checks<\/li>\n<li>ALB TLS<\/li>\n<li>\n<p>ALB routing rules<\/p>\n<\/li>\n<li>\n<p>Long-tail questions<\/p>\n<\/li>\n<li>How does an application load balancer work in 2026<\/li>\n<li>How to measure ALB p99 latency<\/li>\n<li>How to configure TLS on ALB<\/li>\n<li>How to do canary releases with ALB<\/li>\n<li>How to troubleshoot ALB 504 timeouts<\/li>\n<li>What is the difference between ALB and NLB<\/li>\n<li>When to use ALB vs API gateway<\/li>\n<li>How to enable ALB access logs<\/li>\n<li>How to secure ALB with WAF<\/li>\n<li>How to set health checks for ALB target groups<\/li>\n<li>How to use ALB with Kubernetes<\/li>\n<li>How to configure WebSocket on ALB<\/li>\n<li>How to reduce ALB costs<\/li>\n<li>How to automate ALB certificate rotation<\/li>\n<li>\n<p>How to implement weighted routing with ALB<\/p>\n<\/li>\n<li>\n<p>Related terminology<\/p>\n<\/li>\n<li>Listener<\/li>\n<li>Target group<\/li>\n<li>Health check<\/li>\n<li>Listener rule<\/li>\n<li>Path based routing<\/li>\n<li>Host based routing<\/li>\n<li>Sticky sessions<\/li>\n<li>Cross zone load balancing<\/li>\n<li>Idle timeout<\/li>\n<li>Access logs<\/li>\n<li>TLS termination<\/li>\n<li>Mutual TLS<\/li>\n<li>WAF<\/li>\n<li>CDN<\/li>\n<li>Ingress controller<\/li>\n<li>Service discovery<\/li>\n<li>OpenTelemetry<\/li>\n<li>APM<\/li>\n<li>Prometheus<\/li>\n<li>Grafana<\/li>\n<li>Canary deployment<\/li>\n<li>Blue-green deployment<\/li>\n<li>Circuit breaker<\/li>\n<li>Retry policy<\/li>\n<li>Rate limiting<\/li>\n<li>Connection draining<\/li>\n<li>WebSocket support<\/li>\n<li>HTTP\/2 support<\/li>\n<li>Certificate manager<\/li>\n<li>IAM roles<\/li>\n<li>Internal ALB<\/li>\n<li>Public ALB<\/li>\n<li>Autoscaling<\/li>\n<li>Cross-AZ distribution<\/li>\n<li>Access control list<\/li>\n<li>Header rewriting<\/li>\n<li>Content-based routing<\/li>\n<li>Latency histogram<\/li>\n<li>Error budget<\/li>\n<li>SLIs and SLOs<\/li>\n<li>Observability pipeline<\/li>\n<li>Trace propagation<\/li>\n<li>Load testing<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>&#8212;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[149],"tags":[],"class_list":["post-2059","post","type-post","status-publish","format-standard","hentry","category-terminology"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>What is ALB? Meaning, Architecture, Examples, Use Cases, and How to Measure It (2026 Guide) - SRE School<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/sreschool.com\/blog\/alb\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"What is ALB? Meaning, Architecture, Examples, Use Cases, and How to Measure It (2026 Guide) - SRE School\" \/>\n<meta property=\"og:description\" content=\"---\" \/>\n<meta property=\"og:url\" content=\"https:\/\/sreschool.com\/blog\/alb\/\" \/>\n<meta property=\"og:site_name\" content=\"SRE School\" \/>\n<meta property=\"article:published_time\" content=\"2026-02-15T13:17:09+00:00\" \/>\n<meta name=\"author\" content=\"Rajesh Kumar\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Rajesh Kumar\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"33 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/sreschool.com\/blog\/alb\/\",\"url\":\"https:\/\/sreschool.com\/blog\/alb\/\",\"name\":\"What is ALB? Meaning, Architecture, Examples, Use Cases, and How to Measure It (2026 Guide) - SRE School\",\"isPartOf\":{\"@id\":\"https:\/\/sreschool.com\/blog\/#website\"},\"datePublished\":\"2026-02-15T13:17:09+00:00\",\"author\":{\"@id\":\"https:\/\/sreschool.com\/blog\/#\/schema\/person\/0ffe446f77bb2589992dbe3a7f417201\"},\"breadcrumb\":{\"@id\":\"https:\/\/sreschool.com\/blog\/alb\/#breadcrumb\"},\"inLanguage\":\"en\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/sreschool.com\/blog\/alb\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/sreschool.com\/blog\/alb\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/sreschool.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"What is ALB? Meaning, Architecture, Examples, Use Cases, and How to Measure It (2026 Guide)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/sreschool.com\/blog\/#website\",\"url\":\"https:\/\/sreschool.com\/blog\/\",\"name\":\"SRESchool\",\"description\":\"Master SRE. Build Resilient Systems. Lead the Future of Reliability\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/sreschool.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/sreschool.com\/blog\/#\/schema\/person\/0ffe446f77bb2589992dbe3a7f417201\",\"name\":\"Rajesh Kumar\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en\",\"@id\":\"https:\/\/sreschool.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f901a4f2929fa034a291a8363d589791d5a3c1f6a051c22e744acb8bfc8e022a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f901a4f2929fa034a291a8363d589791d5a3c1f6a051c22e744acb8bfc8e022a?s=96&d=mm&r=g\",\"caption\":\"Rajesh Kumar\"},\"sameAs\":[\"http:\/\/sreschool.com\/blog\"],\"url\":\"https:\/\/sreschool.com\/blog\/author\/admin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"What is ALB? Meaning, Architecture, Examples, Use Cases, and How to Measure It (2026 Guide) - SRE School","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/sreschool.com\/blog\/alb\/","og_locale":"en_US","og_type":"article","og_title":"What is ALB? Meaning, Architecture, Examples, Use Cases, and How to Measure It (2026 Guide) - SRE School","og_description":"---","og_url":"https:\/\/sreschool.com\/blog\/alb\/","og_site_name":"SRE School","article_published_time":"2026-02-15T13:17:09+00:00","author":"Rajesh Kumar","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Rajesh Kumar","Est. reading time":"33 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/sreschool.com\/blog\/alb\/","url":"https:\/\/sreschool.com\/blog\/alb\/","name":"What is ALB? Meaning, Architecture, Examples, Use Cases, and How to Measure It (2026 Guide) - SRE School","isPartOf":{"@id":"https:\/\/sreschool.com\/blog\/#website"},"datePublished":"2026-02-15T13:17:09+00:00","author":{"@id":"https:\/\/sreschool.com\/blog\/#\/schema\/person\/0ffe446f77bb2589992dbe3a7f417201"},"breadcrumb":{"@id":"https:\/\/sreschool.com\/blog\/alb\/#breadcrumb"},"inLanguage":"en","potentialAction":[{"@type":"ReadAction","target":["https:\/\/sreschool.com\/blog\/alb\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/sreschool.com\/blog\/alb\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/sreschool.com\/blog\/"},{"@type":"ListItem","position":2,"name":"What is ALB? Meaning, Architecture, Examples, Use Cases, and How to Measure It (2026 Guide)"}]},{"@type":"WebSite","@id":"https:\/\/sreschool.com\/blog\/#website","url":"https:\/\/sreschool.com\/blog\/","name":"SRESchool","description":"Master SRE. Build Resilient Systems. Lead the Future of Reliability","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/sreschool.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en"},{"@type":"Person","@id":"https:\/\/sreschool.com\/blog\/#\/schema\/person\/0ffe446f77bb2589992dbe3a7f417201","name":"Rajesh Kumar","image":{"@type":"ImageObject","inLanguage":"en","@id":"https:\/\/sreschool.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/f901a4f2929fa034a291a8363d589791d5a3c1f6a051c22e744acb8bfc8e022a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f901a4f2929fa034a291a8363d589791d5a3c1f6a051c22e744acb8bfc8e022a?s=96&d=mm&r=g","caption":"Rajesh Kumar"},"sameAs":["http:\/\/sreschool.com\/blog"],"url":"https:\/\/sreschool.com\/blog\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/sreschool.com\/blog\/wp-json\/wp\/v2\/posts\/2059","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sreschool.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sreschool.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sreschool.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sreschool.com\/blog\/wp-json\/wp\/v2\/comments?post=2059"}],"version-history":[{"count":0,"href":"https:\/\/sreschool.com\/blog\/wp-json\/wp\/v2\/posts\/2059\/revisions"}],"wp:attachment":[{"href":"https:\/\/sreschool.com\/blog\/wp-json\/wp\/v2\/media?parent=2059"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sreschool.com\/blog\/wp-json\/wp\/v2\/categories?post=2059"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sreschool.com\/blog\/wp-json\/wp\/v2\/tags?post=2059"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}