Network Load Balancer not supporting Network Protocols

Question

I have a shared VPN Service in a target group, users can connect through the NLB to it with L2TP without issues.

However, I though the whole point in a Network Load Balancer was to ignore the application logic and just forward network traffic directly to the target groups.

And here comes the issue:
The NLB doesn't seem to support anything in the Custom Protocol arena, which seems completely bizarre considering its function.
My users also use PPTP for low latency, non secure VPN communications, but the NLB doesn't seem to be allowing GRE (Protocol 47) traffic through to the targets.  The PPTP TCP port 1723 target works fine, but without GRE, they cannot connect and because there is no SG on an NLB we cannot add any custom protocols.  Having a VPN cluster with PPTP behind an NLB seems impossible, one of the main functions of an NLB.

Is this intended?

Is there a workaround?

Why would someone create a Network Load Balancer that prevents Network traffic at its core?

Thanks in advance,

Iain

Answer

Hi!  Good question.

NLBs only support the following Protocols for Target Groups: TCP, TLS, UDP, TCP_UDP.  And only the following ports: 1-65535.

https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html

You could look into AWS Transit Gateway, which has AWS Transit Gateway Connect that supports GRE: https://docs.aws.amazon.com/vpc/latest/tgw/tgw-connect.html

Network Load Balancer not supporting Network Protocols

Relevanter Inhalt