Static IP For Network Load Balancer in front of EKS Cluster created with eksctl

0

Hello,

I have a Network Load Balancer (NLB) in front of an EKS cluster, and the docs note that I should be using the DNS Name to update DNS records for my site:

Because the set of IP addresses associated with a load balancer can change over time, you should never create a DNS A record using any specific IP address. If you prefer using a friendly DNS name, instead of the name generated by the Elastic Load Balancing service, create a CNAME record using the load balancer's DNS name. You can also use Amazon Route 53 to create a hosted zone.

With this in mind, my DNS provider is not able to create a CNAME record for the root domain - their platform does not allow CNAME flattening.

So, I need to be able to use a static IP for my Network Load Balancer instead of the DNS Name. I noticed that eksctl did create a single public Elastic IP for my cluster (and not one for each availability zone when creating the cluster). Is this the public IP I should use for an A/AAAA record pointing to my cluster? Is there a better way to do this?

I'd like to avoid transferring my domain to Route53 at this time to avoid downtime on my platform.

Any help would be greatly appreciated!

Mike
asked a year ago1512 views
2 Answers
0

Hi Mike, I hope you are doing great today. Based in your current scenario, the immediate solution that I see for you is the following.

  1. You will need to enable cross-zone load balancing. To do that, go to EC2 > Load Balancer > Select your network load balancer (NLB) and click in the tab "Attributes" From there, click edit and select "Cross-zone load balancing"
  2. To get one of the IPs of the NLB, run the following in a Linux/MacOS terminal
dig A cname-of-yourloadbalancer.elb-region.amazonaws.com

Then get one of the IPs in the answer section

;; ANSWER SECTION:
cname-of-yourloadbalancer.elb-region.amazonaws.com. 60 IN A 52.123.123.123
cname-of-yourloadbalancer.elb-region.amazonaws.com. 60 IN A 54.124.124.124

About your concern, the following statement applies for ELB/ALBs:

Because the set of IP addresses associated with a load balancer can change over time, you should never create a DNS A record using any specific IP address. If you prefer using a friendly DNS name, instead of the name generated by the Elastic Load Balancing service, create a CNAME record using the load balancer's DNS name. You can also use Amazon Route 53 to create a hosted zone.

What applies for Network Load balancer (NLB) is the following [1]:

Static IP support: Network Load Balancer automatically provides a static IP per Availability Zone (subnet) that can be used by applications as the front-end IP of the load balancer.

Things to keep in mind with this solution.

1.- This is a temporary solution for your current scenario, using a single IP means that you are relying in a single availability zone (AZ) If there is any issue with that AZ in the region, then your application might get impacted and you will need to update your DNS to use the second IP address to recover from a failure.

2.- If your EKS cluster is using multiple AZs, then you need to consider inter-AZ traffic. Using the cross-zone load balancing enabled, allow the NLB node to send traffic to a healthy instance in the same AZ or in a different one. As you are going to be using a single IP, this configuration is needed to distribute the traffic across multiple AZs.

I hope the information above helps!

Have great rest of your week

Network Load Balancer* [1] https://aws.amazon.com/elasticloadbalancing/network-load-balancer/

profile pictureAWS
EXPERT
Sercast
answered a year ago
0

In this scenario I would suggest a Global Accelerator. It provides you with 2 Static IPs that never change and then present this in front of your NLB.

Use these 2 IPs on the root of your domain dns record.

AWS Global Accelerator is a networking service that helps you improve the availability, performance, and security of your public applications. Global Accelerator provides two global static public IPs that act as a fixed entry point to your application endpoints, such as Application Load Balancers, Network Load Balancers, Amazon Elastic Compute Cloud (EC2) instances, and elastic IPs.

https://aws.amazon.com/global-accelerator/

profile picture
EXPERT
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions