aws NLB 导致超时 [英] aws NLB leads to time-out

问题描述

我有一个 NLB，它的目标组在不同的 AZ 中注册了 3 个实例.

i have NLB which has target group to which 3 instance in different AZ are registered.

当我浏览文档时，NLB 没有安全组.因此，我向 ec2 实例安全组添加了 3 个入站规则，这些规则允许来自所有三个可用区的 NLB 网络接口的私有 IP 将 tcp 流量发送到 ec2 实例.

as i went through documentation NLB doesn't have security group. so i added 3 inbound rules to ec2 instance security group which allow private IP of NLB's network interface from all the three AZ to send tcp traffic to ec2 instance.

注意:- 对所有 3 个 ec2 实例的健康检查都是健康的.

Note:- health checks to all 3 ec2 instances are healthy.

当我通过允许流量我的私有 IP 尝试同样的事情时，没有超时问题.

when i tried the same thing by allowing traffic my private IP there wasn't time-out issue.

推荐答案

基于评论.

由于 NLB 没有安全组 (SG)，目标实例需要允许 NLB 节点的私有 IP 地址或客户端的 IP 地址.这取决于 client是否启用 IP 保留.

Since NLB does not have security groups (SGs), the target instances need to allow either private IP addresses of NLB nodes or IP addresses of clients. This depends whether client IP preservation is enabled or not.

来自 默认:

当您通过实例 ID 指定目标时，所有传入流量的客户端 IP 都会保留并提供给您的应用程序.

When you specify targets by instance ID, the client IP of all incoming traffic is preserved and provided to your applications.

随后，实例的 SG 应允许所有客户端 IP 地址.或者，您可以禁用客户端 IP 保留，在这种情况下，SG 可以使用 NLB 节点的私有 IP 地址.

Subsequently, SGs of the instances should allow all client IP addresses. Alternatively, you can disable client IP preservation, in which case, the SGs can use private IP addresses of NLB nodes.

这篇关于aws NLB 导致超时的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！