I want to resolve IP addresses that aren't listed for my Network Load Balancer.
Short description
Network Load Balancers have a single static IP address per Availability Zone (AZ). If the Network Load Balancer is public, then each AZ has a static private IP address and a static public IP address. When additional AZs are added, additional IP addresses are added to the DNS name of the Network Load Balancer. To view your Network Load Balancer IP addresses, perform a DNS lookup on the Network Load Balancer DNS name.
Resolution
If cross-zone is deactivated on a Network Load Balancer, then only reachable IP addresses appear. If the Network Load Balancer views the target groups as unhealthy or empty, then IP addresses appear in a fail open state. A target group is unhealthy when there isn't at least one healthy target per Availability Zone in each target group.
To resolve this issue, make sure that you have at least one healthy target per availability zone. Or, turn on cross-zone for your Network Load Balancer to connect across different Availability Zones.
For more information, see the following target group designs for a Network Load Balancer that's activated in us-east-1a and us-east-1b:
- target-group-1: target in us-east-1a, target-2 in us-east-1b - This design allows both Network Load Balancer IP addresses to be reachable and to appear in a DNS lookup whether cross zone is on or off.
- target-group-1: target in us-east-1a - This design allows only the IP address in us-east-1a to be resolved because there are no healthy targets in us-east-1b. To resolve this issue, add another target for us-east-1b in the same target group. Or, turn on cross zone.
- target-group-1: target-1 listens on port 80 in us-east-1a and target-group-2: target-2 listens on port 8080 in us-east-1b - This design might result in intermittent connectivity because there isn't at least one healthy target per Availability Zone in each target group. In target group 1, a us-east-1b AZ target is missing. In target group 2, a us-east-1b AZ target is missing. For this design, the Network Load Balancer DNS fails open and all IP addresses appear. To resolve this issue, add another target for each AZ in each target group. Or, turn on cross zone.