By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Network Load Balancers, Elastic IPs, and Fargate Services + Tasks?

0

Hi, I'm new to AWS and trying to get some of our on-prem VMs migrated over to Fargate. From what I've read, I need to use a Network Load Balancer since I want to setup an Elastic IP on the NLB which can be delegated via an A record from our on-prem DNS (Route 53 isn't an option right now).

In ECS, I have a Task Definition for my container, which runs Nginx, listening on TCP 80 and 443. Also in ECS, I've setup a Cluster and two Services; One Service for TCP 80, and another Service for TCP 443. Each of these services have at least one Task defined which spins up the Nginx container.

When I define the NLB, I create two Listeners/Target Groups. One for TCP 80 and the other for TCP 443. When defining the Listeners, I assign the EIP to each listener. The NLB has an A record associated with it named something like my-net-lb-xxxxxxx.elb.us-east-1.amazonaws.com. There are also two public IP addresses associated with the A record but here's where it gets weird.

If I do an nslookup on NLB A record, I only see one of the EIPs attached to it. Likewise, I can point a browser at that EIP and I can reach the Fargate Task. The second IP seems to be orphaned somewhere. It's setup as a listener, but doesn't show up anywhere except under the other AZ for the NLB. Pointing a browser at that orphaned IP goes nowhere.

I was expecting a Round Robin DNS setup on the NLB A record so if one of the EIPs is unroutable because a Task is down, the client has a chance to refresh and roll-over to the other IP address.

I must be missing something. I've tried finding specific documentation on this setup but everything I've found so far is either incomplete, or so old it's irrelevant.

Thanks for any insight, and apologies this is so long

Topics
ServerlessContainers
Tags
AWS FargateNetwork Load Balancer
Language
English
0x90
asked a year ago308 views
1 Answer
0
Accepted Answer

There are 2 types of DNS for NLB - regional and zonal. you should use regional DNS names and AWS will automatically resolve to zonal DNS in a round robin fashion; the reason is if you are using zonal DNS and if there is AZ level outage (unlikely but possible) there wont be any failover therefore its recommended to use Regional DNS of NLB for connectivity. See more information on this topic here

If you are using a single NLB deployed across multiple Availability Zones, you can use the Availability Zone-specific DNS names provided by the NLB in your DNS configuration. For example, suppose you have a workload, www.example.com, that operates behind an NLB in us-west-2a, us-west-2b, and us-west-2c. It has a Regional AWS provided DNS A record of my-load-balancer.elb.us-west-2.amazonaws.com, as well as zonal records for each Availability Zone such as us-west-2a.my-load-balancer.elb.us-west-2.amazonaws.com.

profile pictureAWS
EXPERT
Tushar_J
answered a year ago
  • 0x90
    a year ago

    Thanks for that answer and the link for the DNS explanation! The second EIP showed up in DNS a couple days later. I'm not clear why the second EIP took so long to propogate.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content