Want to load balance the incoming udp traffic as well as use specific ip as src for outgoing traffic

0

I have a situation. I have EKS cluster running, with two pods handling incoming udp traffic, load balanced using NLB. The external server/client will send udp packets to NLB ip and NLB load balances to udp pods. The peer here only knows about NLB ip only.

So, now while sending messages to peer, I am not able to use NLB ip address, the packet goes out with src ip as EC2 instance public ip, which peer does not recognizes and drops it.

As per application requirement, the src ip should be same as NLB ip, as peer is configured with it.

Can someone help me here, whether it is possible in aws while using NLB ?

질문됨 3달 전128회 조회
1개 답변
0

On your target group disable the setting to preserve client IP. All future packets are sourced from the NLB so return traffic will be via the NLB.

I believe this may get you result you’re looking for.

https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#client-ip-preservation

profile picture
전문가
답변함 3달 전
  • We want to use client-ip for this UDP use case. Moreover, client ip preservation cannot be disabled for UDP packets for Network load balancer.

    From https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#client-ip-preservation :

    "By default, client IP preservation is enabled (and can't be disabled) for instance and IP type target groups with UDP and TCP_UDP protocols."

  • Yes that is correct. I miss read the type. Hmm You need the return packets to be sourced from the NLB still? The only way I’ve done this in the past was with F5s on prem with return packets flow around the load balancer and layer 2 arping with loop backs on the target NICS.

    You need some kind of source NAT firewall.

  • Actually return packet works fine, if it is sent back immediately. But if it is sent after sometime, it does not go via NLB, it source ip/port shows up as ec2 instance ip/port at peer, which I do not want !!

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠