Questions tagged with Elastic Load Balancing
Content language: English
Sort by most recent
I need to forward traffic received from Site to Site VPN to another VPN, but SNATing is required before packets can be sent through ipsec tunnel.
I am thinking of using PrivateLink with Private NAT Gateway as a target for the Network Load Balancer.
Is Private NAT Gateway as NLB target a supported configuration?
If yes, then how to set up health checks for target group?
When I create an internal NLB and attach it to target instances in a set of private subnets, the NLB is assigned private IPs from these subnets. Are these IPs subject to change over the NLBs lifetime?
I'm aware that a public-facing NLB can be given a static elastic IP, but this is strictly about an internal NLB.
so i have a fargate proxy service for which public ip is disabled , i have configure load balancers, nat and internet gateway for the service because the servie was in private subnet , so i did all the configurations ,now i am trying to access the service using cloud front distribution wiht behaviour as token - loadbalancer origin , the service is working fine sometimes and sometimes giving me 504 cloud front error as this
"504 ERROR
The request could not be satisfied.
CloudFront attempted to establish a connection with the origin, but either the attempt failed or the origin closed the connection. We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
Generated by cloudfront (CloudFront)
Request ID: RCHf8wHj1tiIdHY1XGCIjAYl2PClTVwR4F3k5hzUbiTsEsfbb0-Oug=="
i have configured the security group of the load balancer to allow all the traffic from internet and same with the secuirty group of my fargate service , for testing purpose , i have also configured a nat gateway , sothat the service can access the internet because it forward the service to another service on the internet and i have also configured an internet gateway so that the service on the internet can talk to the fargate service.
how should i resolve this error , can this be a cloud front specific error and if so how should i resolve it ???.
also in the fargate service logs i am not able to see any issue neither in the load balancer logs ,as well it is showing that the traffic is being forwarded.
Hi, I'm a newbie taking the AWS Cloud Architect course on Coursera and currently on Course 1, Module 4, Exercise 7. I believe I followed all the instructions to a T and have tried it twice now and continue to get stuck on the following Task within the assignment:
Task 5: Testing the application
In this task, you will stress-test the application and confirm that it scales.
Return to the Amazon EC2 console.
In the navigation pane, under Load Balancing, choose Target Groups.
Make sure that app-target-group is selected and choose the Targets tab.
You should see two additional instances launching.
Wait until the Status for both instances is healthy.
My Status never goes to "healthy" state and keeps failing, "Unhealthy", "Draining" (Target deregistration is in progress)
Can someone tell me why this would happen and where i should check to correct this?
Thank you in advance.
I have an NLB -> Target Group -> Targets setup.
I added a new target which is healthy. However, the traffic distribution is not even after 4 hours.
I came across a couple of posts indicating possibilities around:
- Target IP caching
- Long-lived TCP connections
As I don't have control over the client, is there a way I can reach a balanced distribution?
My supervisor asked this question but I'm not sure how to scientifically measure it, currently I make several requests to a HTTP service and measure the `time_starttransfer` cURL statistic with the domain name resolving to the IP address of the ELB and the EC2 instance and subtract the numbers to provide an answer but I'm not sure this is the proper way to do so.
I also checked the CloudWatch dashboard and unable to found similar metrics, is there any?
I would like answers for either the NLB(OSI layer 4) and ALB(OSI layer 7), thanks in advance!
Hi,
I am using nlb for serving rtmp connections. Targets of nlb are multiple nodes in eks cluster and on nodes there are nginx-rtmp pods. When i stream multiple streams, i am getting connection dropped at client side, and getting "drop idle stream" log on nginx-rtmp. my idle timeout configuration on nginx-rtmp is 30 sec. I am using ec2 instances to generating load which have 5GB bandwidth.
I am not able to found why this is happening. Multiple connections dropping in a single second. and sometimes all of them are on same node.
Also when i am checking NLB access logs i found only two ips in target ip and i am not able to found both ip on any pod or node.
my ecs service need change a target group ,split from others
but I cant find a area to change service alb target in update service page
Hi, we recently came across a problem with ECS service deployments, which is in our view a lack of robustness.
Our setup roughly looks like this:
We have an ECS service, which is reachable via different domains, which may change (even if not often).
Due to technical reasons, the requests for the different domains are routed to the service task containers via separate target groups.
Changes to the service are done with a deployment configuration allowing a minium of 100% and a maximum of 200%.
In the automation, when switching the domains, a target group associated with the service might be deleted before the deployment has deregistered the existing container targets.
As a result, the deployment is stuck in a state, where it can't remove the old task anymore.
This can be observed in CloudTrail:
```
{
...
"eventSource": "elasticloadbalancing.amazonaws.com",
"eventName": "DescribeTargetGroups",
"awsRegion": "eu-central-1",
"sourceIPAddress": "ecs.amazonaws.com",
"userAgent": "ecs.amazonaws.com",
"errorCode": "TargetGroupNotFoundException",
"errorMessage": "One or more target groups not found",
...
}
```
We are aware that our solution should handle this situation better, i.e. the target groups should not be deleted too early and we are already looking into this.
However we were a bit surprised, that the deployment was completely stuck in this case, blocking all subsequent deployments due to the min/max configuration.
Could this be handled in a more robust way on AWS side? And any suggestions how to handle this in our automation? We would not like to have a "polling configuration" waiting for the service to
be in steady state with each change as we would like to keep this async.
Thanks in advance
Hi there,
I'm looking for some suggestion here. I have over 1000 publicly accessible endpoints, all pointing to the same NLB, as CNAMEs. NLB does a TCP proxy and sends it to a pair of HA-Proxy, where TLS off-loaded and the host_header gets rewritten to a local domain, like: `www.example.com => main.example.net.local`, `www.mydomain.co.uk => main.example.net.local` etc. but it's becoming a huge overhead with monster ha-proxy config file. Hence I'm trying to replace the ha-proxy with some sort of native AWS services. I know ALB can terminate the TLS but couldn't find anything in th e AWS docs that it can rewrite the host header and can also add some custom headers. Thought about AP Gateway but I think many to one mapping's gonna be challenging? Does anyone have any suggestions about what AWS services (one or combine) can replace the ha-proxy functionalities?
-S
asked 18 days ago
I have an app with in instances EC2, the request or consult to the app is using ALB, the ALB is public for internet but, I would like restrict that only ip´s from MEXICO access to the APP.
What service of AWS is recommended for our architecture?
API Gateway is able to provide the rawQueryString from a request going to the API Gateway and then to the lambda, but I cannot find this attribute in the load balancer.
For example, same request to API Gateway and ALB
```
API Gateway proxy event
{
rawQueryString: 'filters[siteId][$in]=85ff70e0-2870-4cf7-a693-f62f4367daa&filters[siteId][$in]=321',
queryStringParameters: { 'filters[siteId][$in]': '85ff70e0-2870-4cf7-a693-f62f4367daa,321' }
}
ALB event forwarding to Lambda:
{
queryStringParameters: { 'filters[siteId][$in]': '321' }
}
```
I am not able to find this in the documentation in the load balancer:
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/lambda-functions.html#multi-value-headers
Why is ALB modifying the request and the query string? I would expect to get the same request passed to the lambda and have the same raw query parameters.