- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
Hi all! I am commenting here with an update.
It turns out that the traffic going through the VPC was initiation traffic only and that the response was never making it back to the client. Since the connection never made the establishing round trip, no logs were present on the ALB, since no data flow was initiated. We opened a support ticket with AWS, as it turned out to be an internal routing issue that has now been resolved.
Thank you for your responses!
I said exactly that on my answer.. “The return packets are being sent else where.”
Glad it’s resolved.
Have you checked the Security Group? It sounds like the traffic was blocked, hence no log. Were you able to ping the LB? https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-update-security-groups.html
I have checked the security group, and the rules are: 0.0.0.0/0 and ::/0 for the port being used (in this case 443). I agree that it sounds like the traffic is blocked, but I can't for the life of me figure out where.
I'm not sure what you mean by "pinging the LB". We tried to hit it from the customer site, where it just times out (their firewall is open and shows the outbound traffic with no response). From anywhere else, we can get to the load balancer just fine.
I am going to update my question, because it's possible that the originating request is malformed in some way. The client originating the request used to have a proxy setup that was removed. If that's the case, would the ALB drop it without any indication? I would expect it to at least have a log entry with a failure, but perhaps I am wrong.
The first thing that jumps out is network ACL.
Feels like an ACL is blocking it or you’ve a route on your network where the return packets are being sent else where.
Check both inbound and outbound rules on the ACL.
Can you share your acl rules? Check there source IP and make sure you’ve no routes which match there source IP/CIDR range
I would also check the WAF logs if you have them on your ALB
Contenuto pertinente
- AWS UFFICIALEAggiornata un anno fa
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata 10 mesi fa
Are your targets showing as healthy?
Yes! This was only one specific customer. It did not affect our targets. I will edit the question with what we discovered.