Why can’t clients connect to my Elastic Load Balancing load balancer?

3 minute read
0

I want to troubleshoot why clients can’t connect to my load balancer.

Resolution

Note: If you receive errors when running AWS Command Line Interface (AWS CLI) commands, make sure that you're using the most recent AWS CLI version.

Check your port listener

Verify that the appropriate listeners for your load balancer port are configured correctly:

Check the security group for your target instances

Check the settings of the security group for the instances behind your load balancer. For each subnet that's attached to your load balancer, confirm that traffic is allowed in both directions for the listener and health check ports:

Check the security group for your load balancers

Check the settings of the security group for your load balancers.

Note: Load Balancer security groups must allow outbound traffic to instances on the listener and health check port.

Check your network ACLs (for load balancers in a VPC)

Confirm that the network ACLs associated with your load balancer subnets allow the appropriate traffic. You must allow traffic in both directions on the listener port and health check port for each subnet that's attached to your virtual private cloud (VPC). For more information, see Network ACLs for load balancers in a VPC.

Check your route tables

Confirm that the route tables for the attached subnets of your load balancer allow load balancer connections. The load balancer connections must use a default route that points to an internet gateway.

Note: An internet gateway is required when you use an external load balancer.

Verify the connectivity of your load balancer

To verify connectivity to your load balancer from an Amazon Elastic Compute Cloud (Amazon EC2) instance, complete the following steps:

1.    Connect to your Amazon EC2 instance (see steps for Linux instances or Windows instances).

2.    Verify that either netcat (nc) or telnet is installed on your instance.

3.    If you have a public load balancer, then verify that your instance has internet connectivity. To confirm internet connectivity, use an internet gateway or network address translation (NAT) gateway.

4.    Verify that your Amazon EC2 instance security group allows outbound connections to the internet. Then, confirm that the network ACL that's attached to the subnet where your instance is running allows inbound and outbound traffic.

5.    Run one of the following commands, based on your configuration:

nc -v <elb_ip_address> <listener_port>
telnet <elb_ip_address> <listener_port>

6.    From an external client, run the traceroute (Linux clients) or tracert (Windows clients) utility to your load balancer listener's IP address.

7.    Review the output.

Note: If you receive other error codes from a Classic Load Balancer, Application Load Balancer, or Network Load Balancer, then see the following:

Check for load or capacity issues

Sporadic connectivity issues might indicate load or capacity related issues. For troubleshooting steps, see How do I troubleshoot Classic Load Balancer capacity issues in ELB?

Related information

How Elastic Load Balancing works

The load balancer generates an HTTP error

Troubleshoot a Classic Load Balancer: HTTP errors

AWS OFFICIAL
AWS OFFICIALUpdated a year ago
2 Comments

Is there a way to find list of active connections from NLB perspective at the current moment? I need client and taget IP info

Lenny
replied a year ago

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

profile pictureAWS
MODERATOR
replied a year ago