Private IP changed for Load Balancer

0

Hi folks,

we experienced with a problem - private IP changed for Load Balancer, docs says it shouldn't change during LB lifetime:

https://docs.aws.amazon.com/elasticloadbalancing/latest/network/network-load-balancers.html

These private IP addresses provide your load balancer with static IP addresses that will not change during the life of the load balancer.

Enter image description here

We saw this today, our production version has broken, it's very bad. Question to AWS specialists - how could it be? And how often to expect such undocumented behavior?

Dmitry

  • Have you redeployed/reprovisioned it with different info?

  • Hi Dmitry,

    I would not expect this behavior at all. Do you have AWS config activated in your account? Can you verify in the configuration timeline that this modification was indeed induced by the service?

  • @alatech, no we haven't redeployed/reprovisioned anything.

  • Hi Andreas,

    thanks for your reply. No, we haven't enabled AWS Config, it seems it might help, I tried it, I selected AWS EC2 NetworkInterface as a target resource, but I have stuck on choosing AWS Managed Rules for it - the urls looks strange and not relevant on what we need to track - we need to track address change, but all rules are bout checking dropping HTTP headers, checking SSL certificates etc. How I should correctly set this up to catch this type of change (IP change)?

    Thanks, Dmitry

Dmitry
asked a year ago605 views
1 Answer
1
Accepted Answer

The IPs from the printscreen belongs an Application Load Balancer (ALB), at least the filter it is using.
ALB doesn't have static IPs, like Network Load Balancer (NLB).

Network Interfaces for NLB will have a description with pattern "ELB net/xxxxxxxxxxxxxx"
Network Interfaces for ALB will have a description with pattern "ELB app/xxxxxxxxxxxxxx"

profile pictureAWS
answered a year ago
  • Hi Leonardo!

    thanks for your reply and explanation! It is helpful! :) We had a problem that target server standing behind this LB haven't got a traffic because firewall rules disallowed new IP. We solved it by changing a rule from type of IP to type of Security group. Security group is static.

    Best, Dmitry

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions