A target behind my Network Load Balancer is trying to connect to the same Network Load Balancer, but the connection fails. I want to troubleshoot this issue.
Short description
When the target of an internal Network Load Balancer establishes a TCP connection to the target's own Network Load Balancer, the target routes to itself. Because the Network Load Balancers keep the source IP address, the arriving packet's source and destination are the target's private IP address. The host operating system sees the packet as not valid, so the host doesn't send response traffic and the connection fails.
The connection failure happens only when the source and the target are the same. As a result, you can experience intermittent connection failures depending on the number of available targets to the Network Load Balancer.
To resolve the Network Load Balancer connection failure, use the preserve_client_ip.enabled target group attribute to deactivate client IP preservation for TCP and TLS target groups.
Resolution
To deactivate client IP preservation, complete the following steps:
- Open the Amazon Elastic Compute Cloud (Amazon EC2) console.
- In the navigation pane, under Load Balancing, choose Target Groups.
- Select the name of your target group.
- On the Attributes tab, choose Edit.
- Clear Preserve client IP addresses.
- Choose Save changes.
If your application needs the IP addresses of the clients, then activate proxy protocol support. Access the client IP addresses from the proxy protocol header.
Note: Before you activate proxy protocol on a Network Load Balancer, check that your target instance can support the proxy protocol header. If your target doesn't support the proxy protocol header, then traffic might not process correctly.
Related information
Connections time out for requests from a target to its load balancer