Packet Flow in the AWS Gateway Load Balancer—Outbound

glynn · ‎06-10-2021

With the introduction of the Gateway Load Balancer (GWLB) in mid-November 2020, AWS provided its customers with any port, load-balancing router. Prior to that, Azure and GCP were the only public clouds that had such a construct. Customers use these to provide a security layer that is scalable, resilient, and adaptable.

In the AWS implementation, endpoints are an integral part of the solution but are not a new concept in AWS. They connect elastic network interfaces (ENIs) to targets (e.g. GWLB) via "worm holes" in the fabric and and have been used with network load balancers (NLBs) for some time. These worm holes in the fabric bypass the usual routing constructs and can perforce result in some difficulty when troubleshooting. Here, we will trace the flow of a request originating from a client in one VPC (network 10.101.0.0/16) going out to the internet. The infrastructure was deployed using the following TerraForm template:

Please download and view the entire PDF for instructions: Packet Flow in the AWS Gateway Load Balancer - Outbound.

MeenuYadav · ‎08-30-2021

Hi,

I have configured above scenario for outbound traffic with gwlb, tgw and vm firewalls. However, all my firewalls are unhealthy under target group. I am following below link for configuration and verified twice that there is no misconfiguration. Been on hold (call) for more than 90 mins and would appreciate some suggestions here.

Meenu

Unlock your full community experience!

Packet Flow in the AWS Gateway Load Balancer—Outbound

Packet Flow in the AWS Gateway Load Balancer—Outbound