Static IP for NLB endpoint
A customer has imposed several artificial limitations on themselves resulting in the need to only route traffic from on-prem to AWS via direct connect, however they aren't willing to deploy DNS forwarders / resolvers and can only deal in IP address through their FW endpoint. They want to use an NLB to balance traffic to targets across multiple AZs.
I understand that the NLB can be deployed to multi-AZ and each NLB node can get a static IP address, however the actual endpoint is DNS only. Is there a workaround to use a static IP for an internal NLB endpoint, while still enabling multi-AZ for the NLB.
One (bad) workaround discussed was to deploy NLB only single AZ, then enable cross-zone balancing to still allow HA for targets. This has the obvious downside of NLB being single point of failure in 1 AZ.
Looking for other suggestions.
- 新しい順
- 投票が多い順
- コメントが多い順
As you noted, for each NLB, it gets a static per AZ. The IPs stay the same during the lifetime of the NLB. Therefore, the client can technically using those IPs directly.
As you mentioned, the might be events that impact an entire AZ. When that happens, the static IP of the NLB in that AZ usually would be removed from the DNS (DNS health check). When that happens, if the clients have that "bad" IP hard coded somewhere and keep connecting to it, they would still experience problem. That is why, DNS is preferred. If the clients has to use the static IP directly, some fail over logic need to be built into the client side so that it can switch over to another AZ's NLB static IP, when a single AZ failure happens.
関連するコンテンツ
AWS公式更新しました 1年前
Just a question related to the topic. Once the AZ is recovered, the static IP of that AZ is the same as before? If not, associating manually an EIP to an AZ will not change it in case of failure?
Thanks!