1 Resposta
- Mais recentes
- Mais votos
- Mais comentários
3
I think you'll find that the IP addresses are still in the VPC and allocated to NLB. What you're seeing is NLB remove the IP addresses from the DNS responses because there are no healthy targets for those NLB nodes.
Once new instances replace the unhealthy targets the DNS records will be updated. Note it may take some time for the health checks to pass.
Definitely agree with Brett here, but I would add that this is the desired behavior because you have cross-zone load balancing turned off. You wouldn't want an NLB in an AZ without a healthy target to get traffic it can't route. If cross zone load balancing was desirable and enabled the IPs would not be removed from DNS as they would still have healthy targets in the one AZ. I would also call out that if there were no NLBs with healthy targets there is a fail safe back to responding to DNS with all the NLB IP addresses.
I think the answers to question 2/3 are implied, but the NLB DNS entry will start responding with the IPs of the addtional AZs of NLB once health checks pass and for 3 assuming cross zone load balancing is disabled the NLBs will not route requests across zones, but DNS will only respond with the IPs of AZs NLB that have healthy targets, so you shouldn't end-up in this situation if you are using the provided DNS.
Thank you, you're right. I managed to find the NLB associated IPs under EC2 -> Network Interfaces. Regarding the DNS record updates, I've had a healthy test instance from a different AZ attached to the NLB for over a week now. The NLB's DNS still reports that single A record as mentioned.
Please raise a support case about that - it's important to find out why that is happening.
Thank you Brettski, you've been very helpful. I'll follow your suggestion and raise this with support.