- Newest
- Most votes
- Most comments
Do you have Cross-Zone Load Balancing enabled?
--When to use Cross-Zone Load Balancing-- By default, the load balancer distributes traffic evenly across registered appliances within the same AZ. In this configuration, customers typically register more than one target within a single AZ behind the GWLB for firewall service availability and to distribute the traffic. In the event of a single target appliance failing health checks, the GWLB will route traffic to other healthy instances within the same AZ. This provides a cost-effective solution because the traffic does not cross AZ boundaries. While this setup is cost-effective, customers lose both the high availability and traffic distribution aspects in the event that all the targets in a specific AZ fail.
In order to achieve high availability and balanced traffic distribution, some customers choose another approach by enabling a feature called “cross-zone load balancing”. This feature makes it easier for you to deploy and manage your applications across multiple AZs. When you enable cross-zone load balancing, GWLB distributes traffic across all registered and healthy targets regardless of which AZs these targets are in. Enabling cross-zone load balancing incurs standard inter-AZ charges when the traffic crosses an AZ.
How do I configure the Palo Alto so it forwards back the packet to where originally came from?
- you will need to establish full mesh geneve tunnels between gwlb eni in 3 AZs and palo alto data interface
- configure specific subnets routes for subnets in those 3 AZs, each next hop will need to be the gateway IP of that subnets
do those steps will help you forwards back the packet to where originally came from
Relevant content
- asked 6 years ago
- asked 5 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
I didn't. Somehow I think the Cross-Zone feature should be mentioned more in the documentation. It was hard to find.
I tried it and now I see in the VPC flow of the 3 GWLB interfaces traffic to the Palo Alto. The problem now is that the default gateway of the Palo Alto is the GWLB interface of the AZ 1. How do I configure the Palo Alto so it forwards back the packet to where originally came from?