NLB sticky sessions

Question

Hello,
according to https://docs.aws.amazon.com//elasticloadbalancing/latest/network/introduction.html the AWS NLB will do a 6-tuple-hash (really?) to select a target server for TCP (5 tuple for UDP). Therefore, the same TCP connection always goes to the same target server. This is not configurable, right?

Then there is the setting called "stickiness.enabled" that you can optionally set to true. If I read the documentation correctly, this effectively changes the target selection algorithm to be source-IP-only. So from 6-tuple (5-tuple) to source-IP.

Shouldn't this be called "target selection strategy" or similar instead of using a hard-coded 5/6-tuple and then a separate flag called "stickiness" which actually just changes the algorithm?

I mean in any case, there is a "stickiness", either based on TCP connection or based on Client-IP. Having "stickiness.enabled" default to "false" implies that there is no stickiness which is not true.

Mary Jennings · Accepted Answer

That’s a really solid observation, I remember being confused by the same thing when setting up NLBs for a project that needed predictable routing.

You’re absolutely right: even with stickiness.enabled = false, there is a form of stickiness, just not the type AWS labels as such. The default 5/6-tuple hash behavior does keep the connection tied to the same target, which, for many use cases, feels like stickiness. But yeah, it’s session-bound, not client-bound.

The naming is a bit misleading. Stickiness in AWS-speak really means source-IP affinity across multiple connections, not connection persistence. So when you enable stickiness, you’re shifting from tuple-hashing to a simpler hash on just the source IP, which sticks even across reconnects.

It would make more sense if AWS exposed this as a routing mode or selection strategy, instead of a binary stickiness flag. I’ve seen people interpret it the way you described and get unexpected results.

Thilo · Answer

Funny thing, at least Azure has a similar silly naming scheme (they at least get  it right in the REST API...)

![azurelb](/media/postImages/original/IMfcffzGooS-C8GgFr6JMr5A)

rePost-User-1292312 · Answer

Hello,

As you would be aware that Network Load Balancer functions on layer 4 of the TCP/IP model.

[+] When Sticky Session is Enabled:

If 'sticky session' is enabled on Network Load Balancer, the NLB routes client traffic to the same target in a target group by creating a mapping between the source IP and the target[1].

-------

I would like to inform that the flow hash algorithm used in the NLB selects a target based on the protocol, source IP address, source port, destination IP address, destination port, and TCP sequence number in case of TCP traffic[2].

In case of UDP traffic, the load balancer selects a target using a flow hash algorithm based on the protocol, source IP address, source port, destination IP address, and destination port. Please refer to the document[2] for more information on the flow hash algorithm used in the Network Load Balancer.

Kindly note that this does not guarantee that the request is routed to the same target each time, as the TCP sequence number (in case of TCP traffic) may change, hence the hash value changes and a different target is selected.

Similarly, in case of UDP traffic, if the UDP flows have different source IP addresses and ports, the hash value changes and a different target is selected.

Therefore, if you would like client traffic to route to the same target in a target group, it is suggested to enable session stickiness in Network Load Balancer.

I hope you find this information useful.

==== References ====

[1] Sticky sessions :
https://docs.aws.amazon.com/elasticloadbalancing/latest/network/edit-target-group-attributes.html#sticky-sessions

[2] Network Load Balancer overview :
https://docs.aws.amazon.com/elasticloadbalancing/latest/network/introduction.html#network-load-balancer-overview

NLB sticky sessions

Add your answer

Relevant content