After you create a Network Load Balancer, you can edit its attributes.
Deletion protectionTo prevent your Network Load Balancer from being deleted accidentally, you can enable deletion protection. By default, deletion protection is disabled for your Network Load Balancer.
If you enable deletion protection for your Network Load Balancer, you must disable it before you can delete the Network Load Balancer.
Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
In the navigation pane, choose Load Balancers.
Select the name of the Network Load Balancer to open its details page.
On the Attributes tab, choose Edit.
Under Protection, enable or disable Deletion protection.
Choose Save changes.
Use the modify-load-balancer-attributes command with the deletion_protection.enabled attribute.
aws elbv2 modify-load-balancer-attributes \
--load-balancer-arn load-balancer-arn \
--attributes "Key=deletion_protection.enabled,Value=true"Update the AWS::ElasticLoadBalancingV2::LoadBalancer resource to include the deletion_protection.enabled attribute.
Resources:
myLoadBalancer:
Type: 'AWS::ElasticLoadBalancingV2::LoadBalancer'
Properties:
Name: my-nlb
Type: network
Scheme: internal
Subnets:
- !Ref subnet-AZ1
- !Ref subnet-AZ2
SecurityGroups:
- !Ref mySecurityGroup
LoadBalancerAttributes:
- Key: "deletion_protection.enabled"
Value: "true"With Network Load Balancers, cross-zone load balancing is off by default at the load balancer level, but you can turn it on at any time. For target groups, the default is to use the load balancer setting, but you can override the default by explicitly turning cross-zone load balancing on or off at the target group level. For more information, see Cross-zone load balancing for target groups.
Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
In the navigation pane, under Load Balancing, choose Load Balancers.
Select the name of the load balancer to open its details page.
On the Attributes tab, choose Edit.
On the Edit load balancer attributes page, turn Cross-zone load balancing on or off.
Choose Save changes.
Use the modify-load-balancer-attributes command with the load_balancing.cross_zone.enabled attribute.
aws elbv2 modify-load-balancer-attributes \
--load-balancer-arn load-balancer-arn \
--attributes "Key=load_balancing.cross_zone.enabled,Value=true"Update the AWS::ElasticLoadBalancingV2::LoadBalancer resource to include the load_balancing.cross_zone.enabled attribute.
Resources:
myLoadBalancer:
Type: 'AWS::ElasticLoadBalancingV2::LoadBalancer'
Properties:
Name: my-nlb
Type: network
Scheme: internal
Subnets:
- !Ref subnet-AZ1
- !Ref subnet-AZ2
SecurityGroups:
- !Ref mySecurityGroup
LoadBalancerAttributes:
- Key: "load_balancing.cross_zone.enabled"
Value: "true"When using the default client routing policy, requests sent to your Network Load Balancers DNS name will receive any healthy Network Load Balancer IP addresses. This leads to the distribution of client connections across the Network Load Balancer's Availability Zones. With the Availability Zone affinity routing policies, client DNS queries favor Network Load Balancer IP addresses in their own Availability Zone. This helps improve both latency and resiliency, as clients do not need to cross Availability Zone boundaries when connecting to targets.
Availability Zone affinity routing policies only apply to clients resolving the Network Load Balancers DNS name using Route 53 Resolver. For more information, see What is Amazon Route 53 Resolver? in the Amazon Route 53 Developer Guide
Client routing policies available to Network Load Balancers using Route 53 resolver:Availability Zone affinity â 100 percent zonal affinity
Client DNS queries will favor Network Load Balancer IP address in their own Availability Zone. Queries may resolve to other zones if there are no healthy Network Load Balancer IP addresses in their own zone.
Partial Availability Zone affinity â 85 percent zonal affinity
85 percent of client DNS queries will favor Network Load Balancer IP addresses in their own Availability Zone, while the remaining queries resolve to any healthy zone. Queries may resolve to other healthy zones if there are no healthy IPs in their zone. When there are no healthy IPs in any zone, queries resolve to any zone.
Any Availability Zone (default) â 0 percent zonal affinity
Client DNS queries are resolved among healthy Network Load Balancer IP addresses across all Network Load Balancer Availability Zones.
Availability Zone affinity helps route requests from the client to the Network Load Balancer, while cross-zone load balancing is used to help route requests from the Network Load Balancer to the targets. When using Availability Zone affinity, cross-zone load balancing should be turned off, this ensures the Network Load Balancer traffic from clients to targets remains within the same Availability Zone. With this configuration, client traffic is sent to the same Network Load Balancer Availability Zone, so it's recommended to configure your application to scale independently in each Availability Zone. This is an important consideration when the number of clients per Availability zone, or the traffic per Availability Zone are not the same. For more information, see Cross-zone load balancing for target groups.
When an Availability Zone is considered unhealthy, or when a zonal shift is started, the zonal IP address will be considered unhealthy and not returned to clients unless fail open is in effect. Availability Zone affinity is maintained when the DNS record fails open. This helps keep Availability Zones independent and prevent potential cross zone failures.
When using Availability Zone affinity, times of imbalance between Availability Zones are expected. It's recommended ensuring your targets are scaling at the zonal level, to support each Availability Zones workload. In cases where these imbalances are significant, it's recommended turning off Availability Zone affinity. This allows even distribution of client connections between all the Network Load Balancer's Availability Zones within 60 seconds, or the DNS TTL.
Before using Availability Zone affinity, consider the following:Availability Zone affinity causes changes on all of the Network Load Balancers clients who are using Route 53 Resolver.
Clients aren't able to decide between zonal-local and multi-zone DNS resolutions. Availability Zone affinity decides for them.
Clients aren't provided with a reliable method to determine when they're being impacted by Availability Zone affinity, or how to know which IP address is in which Availability Zone.
When using Availability Zone affinity with Network Load Balancers and Route 53 Resolver, we recommend clients use the Route 53 Resolver inbound endpoint in their own Availability Zone.
Clients will remain assigned to their zone-local IP address until it is deemed fully unhealthy according to DNS health checks, and is removed from DNS.
Using Availability Zone affinity with cross-zone load balancing on can lead to unbalanced distribution of client connections between Availability Zones. It's recommended to configure your application stack to scale independently in each Availability Zone, ensuring it can support zonal clients traffic.
If cross-zone load balancing is on, the Network Load Balancer is subject to cross zone impact.
The load on each of the Network Load Balancers Availability Zones will be proportional to the zonal locations of clients requests. If you don't configure how many clients are running in which Availability Zone, you will have to independently scale each Availability Zone reactively.
It is recommended to track the distribution of connections between Availability Zones, using the zonal Network Load Balancer metrics. You can use metrics to view the number of new and active connections per zone.
We recommend tracking the following:
ActiveFlowCount â The total number of concurrent flows (or connections) from clients to targets.
NewFlowCount â The total number of new flows (or connections) established from clients to targets in the time period.
HealthyHostCount â The number of targets that are considered healthy.
UnHealthyHostCount â The number of targets that are considered unhealthy.
For more information, see CloudWatch metrics for your Network Load Balancer
Enable Availability Zone affinityOpen the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
In the navigation pane, choose Load Balancers.
Select the name of the Network Load Balancer to open its details page.
On the Attributes tab, choose Edit.
Under Availability Zone routing configuration, Client routing policy (DNS record), select Availability Zone affinity or Partial Availability Zone affinity.
Choose Save changes.
Use the modify-load-balancer-attributes command with the dns_record.client_routing_policy attribute.
aws elbv2 modify-load-balancer-attributes \
--load-balancer-arn load-balancer-arn \
--attributes "Key=dns_record.client_routing_policy,Value=partial_availability_zone_affinity"Update the AWS::ElasticLoadBalancingV2::LoadBalancer resource to include the dns_record.client_routing_policy attribute.
Resources:
myLoadBalancer:
Type: 'AWS::ElasticLoadBalancingV2::LoadBalancer'
Properties:
Name: my-nlb
Type: network
Scheme: internal
Subnets:
- !Ref subnet-AZ1
- !Ref subnet-AZ2
SecurityGroups:
- !Ref mySecurityGroup
LoadBalancerAttributes:
- Key: "dns_record.client_routing_policy"
Value: "partial_availability_zone_affinity"If you experience port allocation errors and you can't add targets to the target group to resolve them, you can add secondary IP addresses to the load balancer network interfaces. For each zone where the load balancer is enabled, we select IPv4 addresses from the load balancer subnet and assign them to the corresponding network interface. These secondary IP addresses are used to establish connections with targets. They are also used for health check traffic. We recommend that you add one secondary IP address to start with, monitor the PortAllocationErrors metric, and add another secondary IP address only if the port allocation errors are not resolved.
After you add secondary IP addresses, you can't remove them. The only way to release the secondary IP addresses is to delete the load balancer. Before you add secondary IP addresses, verify that there are enough available IPv4 addresses in the load balancer subnets.
Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
In the navigation pane, choose Load Balancers.
Select the name of the Network Load Balancer to open its details page.
On the Attributes tab, choose Edit.
Expand Special case attributes, unlock the Secondary IP addresses auto assigned per subnet attribute, and choose the number of secondary IP addresses.
Choose Save changes.
Use the modify-load-balancer-attributes command with the secondary_ips.auto_assigned.per_subnet attribute.
aws elbv2 modify-load-balancer-attributes \
--load-balancer-arn load-balancer-arn \
--attributes "Key=secondary_ips.auto_assigned.per_subnet,Value=1"You can use the describe-network-interfaces command to get the IPv4 addresses for the load balancer network interfaces. The --filters parameter scopes the results to the network interfaces for Network Load Balancers and the --query parameter further scopes the results to the load balancer with the specified name and displays only the specified fields. You can include additional fields as needed.
aws elbv2 describe-network-interfaces \
--filters "Name=interface-type,Values=network_load_balancer" \
--query "NetworkInterfaces[?contains(Description,'my-nlb')].{ID:NetworkInterfaceId,AZ:AvailabilityZone,Addresses:PrivateIpAddresses[*]}"Update the AWS::ElasticLoadBalancingV2::LoadBalancer resource to include the secondary_ips.auto_assigned.per_subnet attribute.
Resources:
myLoadBalancer:
Type: 'AWS::ElasticLoadBalancingV2::LoadBalancer'
Properties:
Name: my-nlb
Type: network
Scheme: internal
Subnets:
- !Ref subnet-AZ1
- !Ref subnet-AZ2
SecurityGroups:
- !Ref mySecurityGroup
LoadBalancerAttributes:
- Key: "secondary_ips.auto_assigned.per_subnet"
Value: "1"RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4