Resiliency of Gateway Load Balancer endpoints

0

I'm trying to grasp how resiliency / high availability is provided in case of Gateway Load Balancer. I understand that GWLB nodes can be defined in multiple Availability Zones. I also understand that GWLB endpoints also can be created in multiple AZs. I understand that if the whole AZ fails, then customers in other AZs still will continue using GWLB endpoints in their AZs to deliver/receive traffic to/from 3rd-party virtual appliances.

But what's going to happen if some AZ stays fine as a whole, but a specific GWLB endpoint or specific GWLB node of this AZ fail? Will this mean that customers of this AZ will remain without traffic? Is such type of failure possible at all?

As I understand, each GWLB endpoint can be assigned to one subnet only, so it has a single private IP and belongs to one AZ. Doesn't adding it as a destination in the routing tables of subnets of this AZ make it a single point of failure for everything hosted in these subnets?

Thanks!

2 Answers
1

That's a good question. Similar to other VPC endpoints, you don't need to worry about the failure of GWLB endpoint as it is a VPC endpoint that are horizontally scaled, redundant, and highly available component managed by AWS.

profile pictureAWS
EXPERT
answered 2 months ago
profile picture
EXPERT
reviewed 2 months ago
  • Thanks, I hope it's so. :-) My problem is, though, that I don't understand what GWLB endpoint is exactly is. Is it a VM? Is it some floating IP on AWS routers?

    In case of "gateway endpoint", I guess what happens is that a number of public prefixes are added to a route table, with "next hop" pointing to some VRRP address shared by physical routers.

    In case of "interface endpoint", I don't know, but it matters less, because its DNS name resolves to multiple IPs, one per AZ, and it's up to its client to try these IPs until success. It's not specificed as a "next hop" in route tables.

  • But how is "GWLB endpoint" implemented? Is it also a floating VIP on physical routers, but forwarding traffic to "GWLB nodes" rather than to public subnets (unlike "gateway endpoint")? Or is it some VM? How is its resilience achieved?

    Besides, what about resilience of "GWLB nodes"? Is "node" a VM? Let's say, I have deployments in two AZs, A and B, I have one "GWLB node" and one "GWLB endpoint" in each AZ. A "node" goes down, what happens? Will my subnets in this AZ be disconnected?

    Is there any documentation detailing this? I couldn't find answers to these questions.

    Thanks!

1

Gateway Load Balancer is backed by an AWS service called HyperPlane. There are other HyperPlane services such as Transit Gateway, Network Load Balancer and PrivateLink. HyperPlane is (as it mentioned in the other answer) a scalable service where each customer is run in separate cells that are spread across multiple sets of physical infrastructure in each Availability Zone. You can find out more information in this re:Invent talk.

There are no physical routers involved and the IP address that "belongs" to the endpoint is automatically routed by the VPC control plane to the HyperPlane cell that is handling your traffic.

For more information, you can read this blog post and this other blog post too.

profile pictureAWS
EXPERT
answered 2 months ago
profile pictureAWS
EXPERT
reviewed 15 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions