Published 9月 01, 2021 by with 0 comment

AWS ELB Translate IP


When traffic go out from ELB, does source IP (SIP), destination IP (DIP), Source port (SP) and destination port (DP) will be change?


1. When your use instance ID to setup the Target Groups:

The ELB will not change the SIP.

The ELB will use the instance primary interface IP to rewrite the DIP.

The ELB will use the Target Groups port to rewrite the DP.

Traffic flow: 

SIP(A.A.A.A),    DIP(FQDN_ELB_IP),                    SP(aaaa),        DP(ELB Listerner Port)

> ELB > 

SIP(A.A.A.A),    DIP(EC2 primary interface IP),    SP(aaaa),        DP(Target Groups port)



2. When you setup the Target Groups by IP addres with TCP or TLS:

The ELB will change the SIP to ELB network interface IP.

The ELB will use the Target Groups IP to rewrite the DIP.

The ELB will use the Target Groups port to rewrite the DP.

Traffic flow: 

SIP(A.A.A.A),                                 DIP(FQDN_ELB_IP),        SP(aaaa),        DP(ELB Listener Port)

> ELB > 

SIP(ELB network interface IP), DIP(Target Groups IP),    SP(aaaa),        DP(Target Groups port)



3. When you setup the Target Groups by IP addres with UDP or TCP_UDP:

The ELB will not change the SIP.

The ELB will use the Target Groups IP to rewrite the DIP.

The ELB will use the Target Groups port to rewrite the DP.

Traffic flow: 

SIP(A.A.A.A),        DIP(FQDN_ELB_IP),        SP(aaaa),        DP(ELB Listerner Port)

> ELB > 

SIP(A.A.A.A),        DIP(Target Groups IP),        SP(aaaa),        DP(Target Groups port)



4. When you setup the Target Groups by IP. You can enable or disable the source IP preservation.

This feature calls "Client IP preservation".

EC2 > Target Groups > Attributes > Edit


Enable: Source IP will preservation.

Traffic flow:

SIP(A.A.A.A),        DIP(FQDN_ELB_IP),        SP(aaaa),        DP(ELB Listerner Port)

> ELB > 

SIP(A.A.A.A),        DIP(Target Groups IP),        SP(aaaa),        DP(Target Groups port)


Disable: Source IP will be change to the private IP address of the ELB network interface.

Traffic flow:

SIP(A.A.A.A),                                DIP(FQDN_ELB_IP),            SP(aaaa),        DP(ELB Listerner Port)

> ELB > 

SIP(ELB network interface IP),    DIP(Target Groups IP),        SP(aaaa),        DP(Target Groups port)



Reference:

1. Target groups for your Network Load Balancers : About Source IP

https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#client-ip-preservation


2. Request routing and IP addresses : About Destination IP

https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html



最初發表 / 最後更新: 2021.09.01 / 2021.09.01

0 comments:

張貼留言

訂閱: 張貼留言 (Atom)