Want to load balance the incoming udp traffic as well as use specific ip as src for outgoing traffic

I have a situation. I have EKS cluster running, with two pods handling incoming udp traffic, load balanced using NLB. The external server/client will send udp packets to NLB ip and NLB load balances to udp pods. The peer here only knows about NLB ip only.

So, now while sending messages to peer, I am not able to use NLB ip address, the packet goes out with src ip as EC2 instance public ip, which peer does not recognizes and drops it.

As per application requirement, the src ip should be same as NLB ip, as peer is configured with it.

Can someone help me here, whether it is possible in aws while using NLB ?

Topics

Networking & Content Delivery

Tags

Elastic Load Balancing

Language

English

priyanavneet

asked a year ago507 views

1 Answer

Newest
Most votes
Most comments

Are these answers helpful? Upvote the correct answer to help the community benefit from your knowledge.

On your target group disable the setting to preserve client IP. All future packets are sourced from the NLB so return traffic will be via the NLB.

I believe this may get you result you’re looking for.

https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#client-ip-preservation

EXPERT

Gary Mclean

answered a year ago

priyanavneet
a year ago
We want to use client-ip for this UDP use case. Moreover, client ip preservation cannot be disabled for UDP packets for Network load balancer.

From https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#client-ip-preservation :

"By default, client IP preservation is enabled (and can't be disabled) for instance and IP type target groups with UDP and TCP_UDP protocols."
Gary Mclean EXPERT
a year ago
Yes that is correct. I miss read the type. Hmm You need the return packets to be sourced from the NLB still? The only way I’ve done this in the past was with F5s on prem with return packets flow around the load balancer and layer 2 arping with loop backs on the target NICS.

You need some kind of source NAT firewall.
priyanavneet
a year ago
Actually return packet works fine, if it is sent back immediately. But if it is sent after sometime, it does not go via NLB, it source ip/port shows up as ec2 instance ip/port at peer, which I do not want !!

Relevant content

why nlb (NLB->DX->IP target) can not disable Client IP - udp traffic
rePost-User-9370243
asked 4 months ago
IP Details for incoming traffic
Dilpreet
asked 5 months ago
ECS Fargate + Network Load Balancer for TCP+UDP
aball
asked a year ago
Network Load Balancer blocks incoming SMTP traffic?
John Doe
asked a year ago
What's the source IP address of the traffic that Elastic Load Balancing sends to my web servers?
AWS OFFICIALUpdated 2 years ago
How do I use iptables to test a Gateway Load Balancer that has an Amazon EC2 instance as a target?
AWS OFFICIALUpdated 9 months ago
Why is Elastic Load Balancing unequally routing my load balancer traffic?
AWS OFFICIALUpdated 3 years ago
How do I set up UDP load balancing with my Network Load Balancer?
AWS OFFICIALUpdated 7 months ago
SAP High Availability on AWS with Network Load balancer
EXPERT
Khaliluddin_S
published a year ago
External Traffic Fails to Reach EKS Pods with NLB Client IP Preservation
EXPERT
Shubham Sharan
published 2 years ago