Direkt zum Inhalt
Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post
Über re:Post

Unreachable Application Load Balancer

0

Hi there,

I'm new to AWS ALB and have been trying for a few days to find what is wrong with my setup:

  • I have two instances in two AZs. These instances can be accessed correctly using HTTP and SSH through their public IP addresses. The security groups associated with the instances allow all traffic from any source. The subnets they are associated to include a route to the VPC IGW. Network ACLs associated with these subnets allow all traffic.
  • These instances are referenced in a target group and show up as healthy. I can see the healthchecks traffic on the instances.
  • The load balancer is set up with a listener for HTTP and forwards everything to the target group. The load balancer is associated with the two subnets the instances are located in. The security group associated with the load balancer allows all traffic. The load balancer shows up as Active. The monitoring doesn't show anything.

I have been trying to connect to the load balancer name from several locations, the DNS resolution works but the connection fails. I can see TCP SYN packets leaving to the load balancer addresses but no reply. Ping does not get any reply either but I guess this is normal. Traceroute goes all the way to AWS network. For testing I have also set up another listener that should just send back a static response without communicating with the instances. I don't receive any response from this second listener either. I've followed the LB trouble shooting instructions (https://repost.aws/knowledge-center/elb-troubleshoot-connection-errors) without success. Is there anything that I am missing ? Any test that I could do to identify the source of the problem ?

Thanks !

Paul

Themen
KalkulationVernetzung & Bereitstellung von Inhalten
Tags
Amazon EC2Elastic Load BalancingVernetzung & Bereitstellung von Inhalten
Sprache
English
gefragt vor 3 Jahren2479 Aufrufe
3 Antworten
1
Akzeptierte Antwort

Problem solved: It was just a wrong security group associated with the load balancer. To find that the VPC flow logs were very helpful.

beantwortet vor 3 Jahren
  • cdeln
    vor 2 Jahren

    I have exactly the same issue. The security group associated with the load balancer is the "default VPC security group", which have very permissive settings allowing all traffic on all ports. In what way was your security group wrong? I would be very grateful to hear more how you solved it. Thanks!

0

Thanks for the answer. The ALB is Internet Facing. Where is the ALB located in the VPC ? Is it between the IGW and the subnets ? Is there a way to capture flows before they reach the ALB in the VPC ?

beantwortet vor 3 Jahren
  • Riku_Kobayashi EXPERTE
    vor 3 Jahren

    ALB is between the Internet Gateway and the subnet.
    What is the HTTP status code when accessing ALB?
    504(Gateway Timeout)?

0

Are you creating ALB for internal use?
If accessed from the outside, it must be created with Internet Facing.

EXPERTE
beantwortet vor 3 Jahren

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Relevanter Inhalt