AWS에서 TCP 소켓 통신 문제와 SSL/Handshake 관련 설정 문의[Questions on TCP Socket Communication and SSL/Handshake Setup in AWS]

0

AWS 환경에서 TCP 소켓 통신을 설정하는 과정에서 문제를 겪고 있습니다. 아래와 같은 상황에 대해 도움을 요청드립니다:

  1. 현재 단순히 byte 전송을 위한 TCP 소켓 통신을 사용하고 있습니다. HTTP/WS와 같은 프로토콜은 사용하지 않으며 SSL도 추가하지 않았습니다.
  2. 서버는 Windows Server를 제공받아 사용하고 있으나, AWS 환경 설정은 직접적으로 확인하지 못한 상태입니다.
  3. 서버에 들어온 첫 번째 패킷에서 SSL Handshake 오류가 발생했습니다. 이에 따라 서버에 SSL 설정을 추가하였으나, ELB-HealthChecker/2.0 패킷이 서버로 전달되고 있음을 확인했습니다.
  4. HTTP가 아닌 단순 TCP 통신 구조기 때문에 이를 처리하기 위해 HTTP 파이프라인을 추가해 응답을 생성했으나, AWS 측에서 이 과정이 정상적으로 처리되었는지 확인하는 방법이 있을까요.
  5. 만약 헬스채크가 정상이라면 클라이언트에서 TCP소켓통신을 시도해야할 거 같은데 , HTTP 400 에러 페이지 응답이 반환되었습니다.

이 상황에서 다음 질문들에 대한 가이드를 요청드립니다:

  • 순수 TCP 소켓 통신을 AWS 환경에서 HealthCheck 없이 설정할 수 있는 방법이 있습니까?
  • ELB(Elastic Load Balancer)를 통해 TCP 데이터를 전달받는 환경에서 추가로 확인해야 할 설정이 있습니까?
  • 클라이언트에서 HTTP 응답이 오는 경우, AWS에 추가적으로 문의하거나 수정해야 할 설정은 무엇인가요?

나는 서버 모듈만관리하는 개발자이고 AWS로 구성된 서버는 파트너사로부터 제공받았기 때문에 해당 이슈들에 대한 질의를 파트너사에 하기위해 이글을 작성했습니다.


We are encountering challenges in setting up TCP socket communication in the AWS environment. Below are the specifics of the situation:

  1. We are using plain TCP socket communication to transmit raw bytes, without any protocol like HTTP/WS or SSL.
  2. The server is hosted on a Windows Server provided by AWS, but we are unable to directly access or verify the AWS environment configurations.
  3. The first packet received by the server resulted in an SSL Handshake error. After adding SSL settings on the server, we noticed that the packet received was from ELB-HealthChecker/2.0.
  4. Since we are working with a simple TCP communication structure (not HTTP-based), we added an HTTP pipeline to respond to the health check requests. However, we need guidance on how to confirm that this process is functioning correctly in AWS.
  5. Assuming the health check is now successful, the client should be able to perform TCP socket communication. However, attempting to connect with the server returned an HTTP 400 error page response.

We would appreciate guidance on the following questions:

  • Is it possible to configure plain TCP socket communication in AWS without requiring HealthCheck?
  • Are there additional configurations to check when using an Elastic Load Balancer (ELB) to handle raw TCP data?
  • If the client is receiving HTTP responses instead of the expected TCP data, what additional steps should be taken to resolve this issue in AWS?

I am a developer responsible for managing the server-side module, while the AWS-based server environment is provided and managed by a partner company. This post was written to inquire about the mentioned issues and to communicate them effectively with the partner company.

1개 답변
0

Based on the situation you've described, here are some insights and recommendations:

  1. TCP Socket Communication without SSL/Handshake: Yes, it is possible to set up plain TCP socket communication in AWS without SSL/Handshake. However, the issues you're experiencing suggest that your current configuration might be set up for HTTPS traffic.

  2. ELB Configuration for TCP: When using an Elastic Load Balancer (ELB) for TCP traffic, you need to ensure it's configured correctly:

  • Check if you're using a Network Load Balancer (NLB) instead of an Application Load Balancer (ALB). NLBs are designed to handle TCP traffic at the transport layer.
  • Verify that the ELB listener is configured for TCP and not HTTPS.
  • Ensure that the security groups associated with your ELB and EC2 instances allow the necessary TCP ports.
  1. Health Checks: The ELB-HealthChecker/2.0 packets you're seeing are normal. Load balancers use these to verify if your instances are healthy. For TCP, you can configure a TCP health check instead of an HTTP one.

  2. HTTP 400 Error: Receiving an HTTP 400 error suggests that somewhere in your stack, the traffic is being interpreted as HTTP. This could be due to:

  • Misconfiguration of the ELB (e.g., using an ALB instead of an NLB)
  • A web server running on your Windows Server that's intercepting the traffic
  • Incorrect routing rules
  1. Additional Steps:
  • Review the ELB type and configuration
  • Check the Windows Server configuration to ensure no web server is unintentionally handling the traffic
  • Verify network ACLs and security group rules
  • Consider using AWS VPC flow logs to trace the path of your traffic

When communicating with your partner company, request:

  • Confirmation of the ELB type (it should be a Network Load Balancer for raw TCP)
  • Verification of the listener configurations on the ELB
  • Review of security groups and network ACLs
  • Confirmation that the Windows Server is not running any web server software that might intercept the TCP traffic

Remember, changing these configurations may require careful planning to avoid service disruptions. Always test changes in a non-production environment first if possible.
Sources
PERF04-BP05 Choose network protocols to improve performance - AWS Well-Architected Framework
PERF04-BP05 Choose network protocols to improve performance - AWS Well-Architected Framework
Networking 101 - Part 1 | AWS re:Post
PERF05-BP05 Choose network protocols to improve performance - AWS Well-Architected Framework (2023-04-10)

profile picture
답변함 2달 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인