2

Question

Is NLB supported for ECS with dynamic port mapping?

Background

It looks there are attempts to use NLB with ECS but problems with health check.

When talked with AWS, they acknowledged that the NLB documentation of health check interval is not accurate as NLB has multiple instances sending health check respectively, hence the interval when an ECS task will get health check is not according to the HealthCheckIntervalSeconds.

Also the ECS task page says specifically about ALB to use the dynamic port mapping.

enter image description here

Hence, I suppose NLB is not supported for ECS? If there is a documentation which states NLB is supported for ECS, please suggest.

Update

Why are properly functioning Amazon ECS tasks registered to ELB marked as unhealthy and replaced?

Elastic Load Balancing is repeatedly flagging properly functioning Amazon Elastic Container Service (Amazon ECS) tasks as unhealthy. These incorrectly flagged tasks are stopped and new tasks are started to replace them. How can I troubleshoot this?

change the Health check grace period to an appropriate time period for your service
mon
  • 18,789
  • 22
  • 112
  • 205
  • So https://docs.aws.amazon.com/AmazonECS/latest/developerguide/create-network-load-balancer.html doesn't count? – Michael Hausenblas Feb 06 '20 at 06:29
  • 1
    @MichaelHausenblas, thanks for pointing out. I think the doc may need to be updated about the healtcheck interval that can ECS task fail due to health check failure by NLB. In my understanding, unless the health checks from the instances of a NLB are modified to be in sync so that an ECS task receives only 1 health check within one interval, the ECS task can get multiple checks within one interval. – mon Feb 06 '20 at 07:59
  • 1
    For instance, an ECS task can take 70 secs to start and it can be regarded as healthy if 3 checks with 90 seconds are acceptable. Specify the failure criteria 3 checks with 30 secs interval can fail because the task can get 3 checks within 30 seconds back to back from the NLB instances. – mon Feb 06 '20 at 08:02
  • Thank you, @mon and I will make sure this feedback is routed to the right place. – Michael Hausenblas Feb 07 '20 at 12:42

2 Answers2

0

You need to create a Network Target Group, Attach the ECS/Fargate Service to the Network Target Group. On the Network Target Group you should be able to specify the health check method, You can configure the Health URL and Protocol

An example of this is available @ https://github.com/go-fireball/cdk-examples/tree/main/nlb-fargate

Venkat S
  • 23
  • 5
-5

A Network Load Balancer makes routing decisions at the transport layer (TCP/SSL). It can handle millions of requests per second. After the load balancer receives a connection, it selects a target from the target group for the default rule using a flow hash routing algorithm. It attempts to open a TCP connection to the selected target on the port specified in the listener configuration. It forwards the request without modifying the headers. Network Load Balancers support dynamic host port mapping.

https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb

Wai Ha Lee
  • 8,598
  • 83
  • 57
  • 92
Mayank Vaishnav
  • 1