By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Mechanism of IP Selection in NAT Gateways

0

AWS recently launched that we can attach multiple Elastic Public IP addresses to NAT gateways(upto 8). As per documentation, AWS internally follows flow Hash mechanism. The fields included in this hash are the Elastic Network Interface ID of the source of traffic, the source and destination IP addresses, the source and destination ports, and the protocol. I tried testing this with maintaining these fields same but still getting different IP selection(randomly). How does this flow mechanism work? is it better than Round robin method? our usecase was to distribute traffic equally to all IP, but it seems it's being distributed randomly and with same input values of Hash also it's generating different IP instead of same IP. Is there a way to ensure that my traffic gets distributed to each IP equally?

Topics
Networking & Content DeliveryCompute
Tags
Amazon VPCAmazon EC2Networking & Content Delivery
Language
English
Kundan
asked a year ago616 views
1 Answer
2

The following article is the best source for your question

https://aws.amazon.com/blogs/networking-and-content-delivery/attach-multiple-ips-to-a-nat-gateway-to-scale-your-egress-traffic-pattern/

In summary

AWS NAT Gateway uses a hash-based system to distribute outgoing traffic among the available Elastic IPs. This hash is based on five factors: source IP, source port, destination IP, destination port, and the protocol being used.

The purpose of this design is to ensure consistency or "stickiness" in a connection. Once a connection is made between a source and a destination, it's important that all packets of that connection follow the same path - in other words, they use the same Elastic IP. This is crucial for applications that require session stickiness.

However, this hash-based system does not necessarily guarantee an equal distribution of traffic among all the Elastic IPs. The way traffic is spread largely depends on the variation in the five factors used in the hash. If there's little variation in these factors, it could result in an uneven distribution of traffic among the Elastic IPs.

In your tests, if you're sending traffic with the exact same values for all five factors, theoretically, it should always be hashed to the same Elastic IP. But keep in mind that many client-side libraries and systems will automatically assign a new source port for each new connection, which might explain the variation you're seeing even when other fields are constant.

profile picture
EXPERT
Sedat Salman
answered a year ago
profile pictureAWS
EXPERT
Tushar_J
reviewed a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content