1 Answer
- Newest
- Most votes
- Most comments
0
Short answer: There is no workaround - NLB and many other things don't support ICMP.
You could create an EC2 instance with an Elastic IP to do the job but it kind of defeats the purposes as it isn't linked (in health terms) to the service that you're running.
As you point out: There are other ways of doing this (curl is a good example) and they generally have the advantage of testing more than just reachability of an IP address - you're testing the availability of (at least part of) the service.
Relevant content
- asked 7 months ago
- Accepted Answerasked 10 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
Thank you. I understand that the ping will never reach the service. I was hoping that there would be a way to redirect it to one or even load balance the requests between the nodes themselves, but I will accept that it's not.
Accepting the limitation of false representation of the service health, care to expand on that "EC2 instance with an Elastic IP" idea anyway? How would that be configured? I can't share the same elastic IP between the load balancer and the extra EC2 can I?
You can create an EC2 instance with an Elastic IP and then have it respond to whatever queries you like (including ICMP). You could even be a little tricky about it - have a script that runs on the EC2 instance that checks the health of the load balancer and its targets and if they are not healthy, disable ICMP responses by modifying the instance security group or using iptables. And no, you can't share Elastic IP addresses between the instance and the load balancer.
My inquiry is how to make the same domain name point to this EC2 instance for ICMP requests, but keeps pointing to the load balancer for the rest of the services usage.
You can't do that - you'd need to have a DNS record for the health check; and another for the load balancer. Again: Performing the health checks on the application port/protocol is a little more difficult on the application side but a lot easier elsewhere.
Yes, as I explained the goal is not doing health check, I can do that already. The goal is just to provide a semblance of ping functionality for the end user contacting the public domain name. I never saw any big system ".com" domains not answering to ping requests. This is highly disappointing, but thanks anyway.