An Application Load Balancer (ALB) is a Layer 7 (application layer) load balancer that makes intelligent routing decisions by inspecting the content of incoming messages, such as HTTP headers, URLs, SSL session IDs, or cookies. Unlike lower-layer balancers, an ALB can direct traffic to different backend targets—like specific microservices or server groups—based on the request's path (/api/ vs /images/) or hostname, enabling sophisticated, content-aware traffic management essential for modern microservices architectures and containerized applications.
Glossary
Application Load Balancer (ALB)

What is Application Load Balancer (ALB)?
A definition of the Layer 7 load balancer that routes traffic based on application content.
Operating within the OSI model's highest layer, an ALB provides critical features including SSL/TLS termination, HTTP/2 and WebSocket support, and advanced health checks. It integrates with service discovery and auto-scaling groups to dynamically adjust to fleet changes. In heterogeneous fleet orchestration, this concept translates to middleware that routes high-level tasks—like 'fetch item'—to the most appropriate agent type based on the request's semantic content and the agent's declared capabilities, not just its network location.
Key Features of an Application Load Balancer
An Application Load Balancer (ALB) operates at the application layer (Layer 7) of the OSI model, enabling intelligent routing decisions based on the content of HTTP/HTTPS messages. This provides granular control over traffic distribution compared to lower-layer balancers.
Content-Based Routing
An ALB can inspect and route traffic based on the content of the HTTP request. This enables sophisticated routing rules that go beyond simple IP and port.
- Host-based routing: Direct traffic based on the
Hostheader (e.g.,api.example.comvs.www.example.com). - Path-based routing: Route requests to different backend services based on the URL path (e.g.,
/images/*to a storage service,/api/*to an application server). - Header-based routing: Make decisions using custom HTTP headers, such as
X-API-VersionorUser-Agent. - Query string parameter routing: Route based on key-value pairs in the URL query string.
This allows a single load balancer to front a microservices architecture, directing requests to the appropriate service based on the request context.
Advanced Session Persistence
Also known as sticky sessions, this feature ensures requests from a specific user are consistently sent to the same backend target. ALBs offer more flexible persistence mechanisms than lower-level balancers.
- Application-controlled cookies: The ALB generates and manages its own cookie to track the session.
- Duration-based cookies: The cookie expires after a specified time.
- Application cookies: The ALB uses an existing cookie set by the backend application, providing application-defined stickiness.
This is critical for stateful applications where user session data is stored locally on a server, such as shopping carts or multi-step forms.
SSL/TLS Termination & Management
An ALB can handle the computationally expensive process of decrypting incoming HTTPS traffic and optionally re-encrypting it to the backend. This centralizes certificate management and offloads work from application servers.
- Centralized SSL Certificates: Manage and renew TLS/SSL certificates at the load balancer level.
- Support for SNI: Allows hosting multiple secure applications (with different domain names) on a single load balancer using Server Name Indication.
- Security Policy Enforcement: Define supported TLS versions and cipher suites centrally.
- Client Certificate Authentication: The ALB can validate client certificates before forwarding requests.
This simplifies compliance, reduces backend server load, and provides a single point for cryptographic policy enforcement.
Integrated Health Checks
ALBs continuously monitor the health of registered backend targets (e.g., servers, containers) using configurable probes. Unhealthy targets are automatically taken out of rotation.
- Protocol Flexibility: Health checks can use HTTP, HTTPS, TCP, or gRPC protocols.
- Granular Configuration: Define the check interval, timeout, healthy/unhealthy threshold counts, and the specific path/port to probe.
- Application-Aware: An HTTP health check can verify a specific endpoint (e.g.,
/health) returns a2xxor3xxstatus code, ensuring the application logic is functioning.
This feature is fundamental for high availability, ensuring traffic is only directed to targets capable of handling requests.
WebSocket & HTTP/2 Support
Modern ALBs natively support advanced application protocols essential for real-time, interactive applications.
- WebSocket Protocol: Enables full-duplex, persistent communication channels between a client and server (e.g., for chat apps, live dashboards). The ALB efficiently proxies WebSocket connections without terminating them.
- HTTP/2: Supports multiplexing multiple requests over a single TCP connection, reducing latency and improving page load times. ALBs can accept HTTP/2 from clients and communicate with backends using HTTP/1.1 or HTTP/2.
- gRPC Support: Some ALBs can route gRPC traffic, which uses HTTP/2 as its transport, enabling efficient microservice communication.
This native support allows developers to build modern applications without complex workarounds for protocol handling.
Deployment & Traffic Management
ALBs provide features that facilitate safe, controlled application updates and sophisticated traffic shaping.
- Weighted Routing: Distribute traffic across multiple backend target groups based on assigned weights (e.g., 90% to current version, 10% to new version), enabling canary deployments.
- Redirects & Fixed Responses: The ALB can return HTTP redirects (e.g., from HTTP to HTTPS) or static HTTP responses (like a maintenance page) without hitting a backend.
- Request Tracing: Insert unique identifiers (like
X-Amzn-Trace-Id) into requests for end-to-end tracing across distributed services. - Integration with Auto Scaling: Seamlessly works with cloud auto-scaling groups to register and deregister instances dynamically based on load.
These capabilities make the ALB a critical component for implementing continuous deployment strategies and managing application lifecycle.
How an Application Load Balancer Works
An Application Load Balancer (ALB) is a critical component in modern distributed systems, intelligently routing client requests to backend services based on application-layer content.
An Application Load Balancer (ALB) is a Layer 7 load balancer that distributes incoming client requests across multiple backend targets—such as virtual machines or containers—based on the content of the application message. Unlike lower-layer balancers, an ALB examines HTTP/HTTPS headers, URLs, cookies, and request methods to make intelligent routing decisions. This enables advanced features like host-based and path-based routing, allowing a single ALB to direct traffic to multiple different applications or microservices. It operates as a reverse proxy, terminating client connections and establishing new ones to the backend, which provides security and abstraction.
Core to its operation are listeners, which check for connection requests on a configured port and protocol, and rules, which define how to route requests to target groups. The ALB performs regular health checks on registered targets and only routes traffic to healthy instances. It also manages SSL/TLS termination, offloading decryption work from backend servers. By understanding application semantics, an ALB provides session persistence for stateful applications and supports complex deployment strategies like blue-green and canary deployments, making it essential for scalable, resilient web architectures.
ALB vs. Network Load Balancer (NLB): A Comparison
A technical comparison of AWS Application Load Balancer (ALB) and Network Load Balancer (NLB), highlighting their architectural layers, core features, and optimal use cases for systems design.
| Feature / Metric | Application Load Balancer (ALB) | Network Load Balancer (NLB) |
|---|---|---|
OSI Model Layer | Layer 7 (Application) | Layer 4 (Transport) |
Primary Protocol Support | HTTP, HTTPS, HTTP/2, WebSocket, gRPC | TCP, UDP, TLS |
Routing Decision Basis | HTTP headers, URLs, hostnames, cookies, query strings | Source/destination IP addresses, TCP/UDP ports |
SSL/TLS Termination | ||
Preserves Source IP Address | ||
Static IP / Elastic IP Support | ||
Connection Draining / Deregistration Delay | ||
Target Types | Instance, IP, Lambda, Application Load Balancer | Instance, IP, Application Load Balancer |
Health Checks | HTTP/HTTPS status codes | TCP, HTTP, HTTPS (configurable) |
Request-Level Load Balancing | ||
Web Application Firewall (WAF) Integration | ||
Zonal Failover | ||
Cross-Zone Load Balancing | ||
Typical Latency (p99) | < 100 ms | < 50 ms |
Optimal Use Case | Microservices, container-based apps, API routing, web apps | Extreme performance, UDP, static IPs, gaming, financial trading |
Frequently Asked Questions
An application load balancer (ALB) is a critical component of modern distributed systems, operating at the application layer to intelligently route traffic. These questions address its core functions, architecture, and role in heterogeneous fleet orchestration.
An Application Load Balancer (ALB) is a load balancer that operates at Layer 7 (application layer) of the OSI model, making routing decisions based on the content of the message, such as HTTP headers, URLs, SSL session IDs, or cookies.
It works by terminating the client's TCP connection, inspecting the full HTTP/HTTPS request, and then applying user-defined rules to determine which backend target—such as a server, container, or microservice—should receive the request. Key mechanisms include:
- Listener Rules: IF-THEN logic (e.g.,
IF path = '/api/*' THEN forward to backend-service-A) that evaluate request attributes. - Target Groups: Logical groupings of backend endpoints (e.g., EC2 instances, IP addresses, Lambda functions).
- Health Checks: Periodic HTTP/HTTPS requests to targets to verify their operational status before routing traffic.
This content-aware routing enables advanced traffic management, such as splitting traffic between different service versions for canary deployments or routing API calls to specific backend clusters.
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Related Terms
Application Load Balancers (ALBs) rely on sophisticated algorithms to distribute traffic intelligently. These related terms define the core logic and supporting mechanisms that enable ALBs to optimize performance, ensure availability, and maintain session integrity.
Layer 7 Load Balancing
Layer 7 load balancing is the foundational principle of an Application Load Balancer (ALB). It operates at the application layer of the OSI model, enabling routing decisions based on the actual content of HTTP/HTTPS messages.
- Key differentiator: Unlike Layer 4 load balancers that only see IPs and ports, Layer 7 can inspect URL paths, HTTP headers (like
HostorX-Forwarded-For), SSL session IDs, and cookies. - Primary use case: This allows for advanced routing, such as sending requests for
/api/*to a pool of API servers and requests for/images/*to a static content server, all from a single entry point.
Session Persistence (Sticky Sessions)
Session persistence, commonly called sticky sessions, is a method where an ALB directs all requests from a specific user session to the same backend server.
- Mechanism: The ALB uses a cookie (either generated by the ALB itself or based on an existing application cookie) to identify the client. Subsequent requests containing this cookie are routed to the originally assigned server.
- Critical for state: This is essential for applications where user session data is stored locally on a server's memory (stateful applications), preventing errors or data loss that would occur if requests were distributed randomly.
- ALB Implementation: AWS ALB, for example, supports application-controlled cookies (duration set by the app) and load balancer-generated cookies with configurable durations.
Health Checks
A health check is a periodic, automated test performed by the ALB to verify the operational status and readiness of its registered backend targets (e.g., EC2 instances, containers, IP addresses).
- Purpose: To dynamically route traffic only to healthy targets, ensuring high availability and removing the need for manual intervention during failures.
- Configuration: Administrators define the protocol (HTTP, HTTPS, TCP), port, request path (e.g.,
/health), success codes (e.g., 200), and check interval. A target is marked unhealthy after consecutive failed checks and stops receiving traffic until it passes consecutive checks. - Proactive failure handling: This is a core component of creating a self-healing system, allowing the ALB to seamlessly handle instance crashes, application errors, or network issues.
Content-Based Routing
Content-based routing is the flagship feature of an ALB, allowing it to make intelligent forwarding decisions by examining the content of incoming HTTP/HTTPS requests.
- Routing Rules: Rules are evaluated in order and consist of a condition and a target group action.
- Common Conditions:
- Path-based:
Path is /api/*orPath matches /users/[0-9]+. - Host-based:
Host is app.example.com(enabling virtual hosting). - Header-based:
HeaderX-API-Versionisv2``. - Query string-based:
Queryactionisdelete``. - HTTP method-based:
Http request method is POST.
- Path-based:
- Example Flow: A request to
https://shop.example.com/checkoutcan be routed to acheckout-servicetarget group, while a request tohttps://shop.example.com/images/logo.pngis routed to astatic-assetstarget group.
SSL/TLS Termination
SSL/TLS termination is the process where the ALB decrypts incoming HTTPS traffic, performs load balancing logic on the plaintext HTTP request, and can then optionally re-encrypt the traffic (or send it unencrypted) to the backend targets.
- Performance Benefit: Offloading the computationally expensive cryptographic decryption/encryption from backend servers to the specialized ALB hardware improves backend server performance and capacity.
- Certificate Management: SSL certificates are installed and managed centrally on the ALB, simplifying renewal and security policy enforcement (e.g., enforcing TLS 1.2+).
- Backend Security: Traffic from the ALB to backend instances can travel over the internal network (unencrypted for speed) or be re-encrypted using a separate certificate for end-to-end encryption, depending on security requirements.
Connection Draining
Connection draining (also called deregistration delay) is a process that allows an ALB to gracefully remove a backend target from service without disrupting existing user connections.
- Scenario: When a target is being taken down for deployment, scaling in, or maintenance, the ALB stops sending new requests to it but allows in-flight requests to complete.
- Configurable timeout: Administrators set a drain duration (e.g., 300 seconds). The ALB waits for existing sessions to finish within this period before fully terminating the connection to the target.
- Importance for Zero-Downtime Deployments: This feature is critical for implementing blue-green and canary deployments, as it ensures users do not experience errors or interrupted transactions during backend updates.

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us