By using AWS re:Post, you agree to the Terms of Use

Obtain client IP address through a network load balancer (TCP socket server, Python)

0

Hi All,

I run a couple of TCP socket server on EC2, behind a network load balancer (NLB). even I've set the target_group to preserve client IP address. I am not able to obtain the actual client IP address in my Python TCP socket server. All I am getting seems to be a few fixed IP address, likely belong to the load balancer or some edge computing node ?

when I bypass the load balancer, my server app is able to obtain the proper client IP address.

any idea, what I am missing here ?

2 Answers
3

More info on this topic:

  • For Network Load Balancers, register your targets by instance ID to capture client IP addresses without additional web server configuration. For instructions, see Target group attributes instead of the following resolutions (refer the link)

  • For Network Load Balancers when you can register only IP addresses as targets, enable proxy protocol version 2 on the load balancer. For instructions, see Enable proxy protocol instead of the following resolutions.

Reference: https://aws.amazon.com/premiumsupport/knowledge-center/elb-capture-client-ip-addresses/

profile picture
answered a month ago
  • Yes,I've tested, it's working in my setup

  • thanks, but this is not relevant to me , I am using Network Loadbalancer

  • Thanks for the clarification, I modified the answer, the link I provided has information for NLB as well.

  • thank you.

0

Behaviour depends on the type of ELB - NLB preserves Source IP (except for IP Address targets), whereas servers behind CLB & ALB see load balancer IPs as Source IPs in client requests and rely on x-forwarded-for header to indicate true source.

answered a month ago
  • this is where the confusing part is:

    I am using NLB, and I am seeing a few IP addresses (all my client connection seems all come from these few IP address based on the TCP server log). but reality is I have thousands of client accessing, and they are definitely not from these few IP addresses.

    when I by pass the NLB, I see the correct IP address for the Client

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions