Client IP Preservation for Network Load Balancer endpoints for Global Accelerator

Hello there,

I understand that you would like to preserve Client IP for Network Load Balancer for Global Accelerator.

To achieve this, you can create a target group and specify its target type which determines how you specify its targets.

Possible target types include:

1. Instance: The targets are specified by instance ID. When you specify targets by instance ID, the client IP of all incoming traffic is preserved and provided to your applications.
2. IP: The targets are specified by IP address. When you specify targets by IP address, the following conditions apply:

• If the target group protocol is TCP or TLS, client IP preservation is disabled by default. In this case, If you need the IP addresses of the service consumers, enable Proxy protocol on the load balancer. See reference [3] to enable Proxy protocol.
• If the target group protocol is UDP and TCP_UDP, client IP preservation is enabled by default. For more information on Client IP Preservation with Network Load Balancer, refer to reference [1].

Global Accelerator doesn’t support source IP preservation with Network Load Balancer as endpoint, see reference [2] for more information. The client will connect to the Global Accelerator, then Global Accelerator will use its own IPs from the edge locations to reach the Network Load Balancer which will in turn pass the Global Accelerator IPs to the target EC2 instance. If the EC2 instance is not allowing the Global Accelerator source IPs, then the connection will time out.

References:

[1] https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#client-ip-preservation

[2] https://docs.aws.amazon.com/global-accelerator/latest/dg/preserve-client-ip-address.how-to-enable-preservation.html

[3] https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#proxy-protocol