0

I have a Network Load Balancer up and running. I know it is functioning properly because from one EC2 instance i can connect to it fine. However, from others or from my local machine I get "Request timed out" when pinging and "connection timed out" when trying a JDBC connection.

From my understanding Security Groups do not get applied to the Network Load Balancer directly and I should make sure the security group is applied to the target instance. So I am confident it is not a security group issue since I can make connections to the target instance without issue. It is only when going throught the NLB that there is a problem. Also, I have also confirmed the NLB is in a public subnet.

I reviewed Troubleshoot your Network Load Balancer but nothing seems to line up. Could someone please help with what could be the issue?

LakeMichigan
  • 677
  • 1
  • 7
  • 12
  • Ping is not a good way to test network connections because it might be blocked by security groups. It is better to test the _actual_ connection you want to make. Why do you mention JDBC in relation to Load Balancers? It would not be appropriate to make a JDBC connection via a Load Balancer, since it might send traffic to different targets. – John Rotenstein Mar 07 '23 at 05:51
  • @JohnRotenstein I'm making a connection to an RDBMS via JDBC. The database has an automation feature for AWS where it will deploy itself on EC2 instances and then redploy itself when the configuration changes. This works fine but the IP of the instance changes and the feature links it to a load balancer to provide a consistent accesspoint. This is why we are trying to route JDBC traffic to the load balancer rather than directly to the instance – LakeMichigan Mar 07 '23 at 05:57
  • You can temporarily change the Security Group to permit inbound traffic on all ports from anywhere. This will help you identify if the Security Group is the cause of the problem. It might also be that the Load Balancer is performing a [health check](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/target-group-health-checks.html) on the target and is not receiving the expected response, so traffic is not being routed to the EC2 instance. – John Rotenstein Mar 07 '23 at 06:07
  • @JohnRotenstein We just tried opening up all traffic on the security group and no luck. Also, connecting directly to the instance itself is no issue. Regarding the health check, the Load balancer seems to be working beacuse it is routing connections made by one instance, just not connections from everywhere else. Comparing that instance with a not working one, the only difference I see is that they are in different subnets, but what is interesting is that a non-connecting one is in the subnet as the NLB while the instance that can connect is in a different subnet from the NLB. – LakeMichigan Mar 07 '23 at 06:28
  • Is cross-zone load balancing enabled on the NLB? – Filippo Testini Mar 07 '23 at 07:14
  • @FilippoTestini It was not. As a test I turned it on, but still no luck. Per my understanding, it should not affect this situation as all instances and the load balancer are in the same zone. – LakeMichigan Mar 07 '23 at 07:27
  • Ok sorry, I thoght they were in different AZ :) you said that security groups are OK, have you check NACLs and Routing Tables? All the subnets uses the same of them? – Filippo Testini Mar 07 '23 at 07:30

0 Answers0