Network Load Balancer Target Groups

Network Load Balancer Target Groups

Network Load Balancer Target Groups

Hello Everyone

Welcome to CloudAffaire and this is Debjeet.

In the last blog post, we have discussed how to create a Network Load Balancer using AWS CLI.

https://cloudaffaire.com/how-to-create-a-network-load-balancer-using-aws-cli/

In this blog post, we will create a Network Load Balancer Target Groups.

Network Load Balancer Target Groups:

What are target groups:

Target group is used to route requests to one or more registered targets. When you create each listener rule, you specify a target group and conditions. When a rule condition is met, traffic is forwarded to the corresponding target group. You can create different target groups for different types of requests.

You define health check settings for your load balancer on a per target group basis. Each target group uses the default health check settings, unless you override them when you create the target group or modify them later on. After you specify a target group in a rule for a listener, the load balancer continually monitors the health of all targets registered with the target group that are in an Availability Zone enabled for the load balancer. The load balancer routes requests to the registered targets that are healthy.

Routing Configuration:

By default, a load balancer routes requests to its targets using the protocol and port number that you specified when you created the target group. Alternatively, you can override the port used for routing traffic to a target when you register it with the target group. Target groups for Network Load Balancers support the following protocols and ports:

  • Protocols: TCP, TLS, UDP, TCP_UDP
  • Ports: 1-65535

Target Type:

When you create a target group, you specify its target type, which determines how you specify its targets. After you create a target group, you cannot change its target type. The following are the possible target types:

  • instance: The targets are specified by instance ID.
  • ip: The targets are specified by IP address.

Note: Network Load Balancers do not support the lambda target type, only Application Load Balancers support the lambda target type.

Request Routing and IP Addresses:

If you specify targets using an instance ID, traffic is routed to instances using the primary private IP address specified in the primary network interface for the instance. The load balancer rewrites the destination IP address from the data packet before forwarding it to the target instance.

If you specify targets using IP addresses, you can route traffic to an instance using any private IP address from one or more network interfaces. This enables multiple applications on an instance to use the same port. Note that each network interface can have its own security group. The load balancer rewrites the destination IP address before forwarding it to the target.

Source IP Preservation:

If you specify targets using an instance ID, the source IP addresses of the clients are preserved and provided to your applications.

If you specify targets by IP address, the source IP addresses are the private IP addresses of the load balancer nodes. If you need the IP addresses of the clients, enable Proxy Protocol and get the client IP addresses from the Proxy Protocol header.

If you have micro services on instances registered with a Network Load Balancer, you cannot use the load balancer to provide communication between them unless the load balancer is internet-facing or the instances are registered by IP address.

Registered Targets:

Your load balancer serves as a single point of contact for clients and distributes incoming traffic across its healthy registered targets. Each target group must have at least one registered target in each Availability Zone that is enabled for the load balancer. You can register each target with one or more target groups. You can register each EC2 instance or IP address with the same target group multiple times using different ports, which enables the load balancer to route requests to microservices.

Deregistration Delay:

When you deregister an instance, the load balancer stops creating new connections to the instance. The load balancer uses connection draining to ensure that in-flight traffic completes on the existing connections. If the deregistered instance stays healthy and an existing connection is not idle, the load balancer can continue to send traffic to the instance. To ensure that existing connections are closed, you can ensure that the instance is unhealthy before you deregister it, or you can periodically close client connections.

The initial state of a deregistering target is draining. By default, the load balancer changes the state of a deregistering target to unused after 300 seconds. To change the amount of time that the load balancer waits before changing the state of a deregistering target to unused, update the deregistration delay value. We recommend that you specify a value of at least 120 seconds to ensure that requests are completed.

Proxy Protocol:

Network Load Balancers use Proxy Protocol version 2 to send additional connection information such as the source and destination. Proxy Protocol version 2 provides a binary encoding of the Proxy Protocol header. The load balancer prepends a proxy protocol header to the TCP data. It does not discard or overwrite any existing data, including any proxy protocol headers sent by the client or any other proxies, load balancers, or servers in the network path. Therefore, it is possible to receive more than one proxy protocol header. Also, if there is another network path to your targets outside of your Network Load Balancer, the first proxy protocol header might not be the one from your Network Load Balancer.

If you specify targets by IP address, the source IP addresses provided to your applications are the private IP addresses of the load balancer nodes. If your applications need the IP addresses of the clients, enable Proxy Protocol and get the client IP addresses from the Proxy Protocol header.

If you specify targets by instance ID, the source IP addresses provided to your applications are the client IP addresses. However, if you prefer, you can enable Proxy Protocol and get the client IP addresses from the Proxy Protocol header.

Network Load Balancer Target Group Demo:

Step 1: Create a custom VPC for your Network Load Balancer.

Step 2: Create two EC2 instances for your Network Load Balancer Target.

Step 3: Create your Network Load Balancer.

Step 4: Create target group with instance as targets.

Step 5: Create target group with IP as targets.

Network Load Balancer Target Groups

Step 6: Cleanup.

Hope you have enjoyed this article, In the next blog post, we will discuss Health Checks in Network Load Balancer.

All the public cloud providers are changing the console user interface rapidly and due to this some of the screenshots used in our previous AWS blogs are no longer relevant. Hence, we have decided that from now onwards most of the demo will be done programmatically. Let us know your feedback on this in the comment section.

To get more details on AWS ELB, please refer below AWS documentation

https://docs.aws.amazon.com/elasticloadbalancing/index.html

 

Leave a Reply

Close Menu