This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Single vpc with Igw, alb, gwlb and Apache servers. Not working

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Single vpc with Igw, alb, gwlb and Apache servers. Not working

Johndbabio1
L2 Linker

‎08-04-2024 12:08 AM

I followed the directions to a T. Ingress route on Igw, pointing towards the subnets defined in alb. Gwlbe subnet with default route to igw, default route on alb subnet to gwlbe, app subnet with default route to gwlbe. end points defined, gwlb with healthy monitors. I cannot get the traffic to come back. The only way it works is if I remove ingress routes and make the default route on alb subnet to the igw instead gwlbe. This of course defeats the purpose. What am I doing wrong?

0 Likes Likes
4 REPLIES 4

williamshook
L0 Member

‎08-05-2024 12:08 AM

@Johndbabio1 wrote:

I followed the directions to a T. Ingress route on Igw, pointing towards the subnets defined in alb. Gwlbe subnet with default route to igw, default route on alb subnet to gwlbe, app subnet with default route to gwlbe. end points defined, gwlb with healthy monitors. I cannot get the traffic to come back. The only way it works is if I remove ingress routes and make the default route on alb subnet to the igw instead gwlbe. This of course defeats the purpose. What am I doing wrong?

There may be an issue with your route configurations or security groups. Ensure that your Application Load Balancer (ALB) and Gateway Load Balancer (GWLB) security groups allow inbound and outbound traffic as needed. Additionally, verify that the routing table for the ALB subnet is correctly configured to send traffic to the GWLB and that the health checks are properly set up. Double-check that your ingress rules on the GWLB are allowing the return traffic as well.

0 Likes Likes

Johndbabio1
L2 Linker
In response to williamshook

‎08-05-2024 04:46 AM

Untitled Diagram.jpg

 

0 Likes Likes

Johndbabio1
L2 Linker
In response to williamshook

‎08-05-2024 04:51 AM

My ingress route is pointing to 10.116.46.128/27 and 10.116.47.32/27 with next hop gwlbe and gwlbe2.

My alb subnet is a default route to gwlbe and gwlbe2

My gelbe and gwlbe2 networks are default to igw 0.0.0.0/0

My app subnets are default to gwlbe and gwlbe2 and 10.0.0.0/8 to tgw

My monitors for gwlb are healthy firewalls

My alb has healthy monitors to web servers

What am i missing? As soon as i change the alb subnet to default to an igw the web server works. Does this mean there is something wrong with the gwlb and gwlbe's? 

0 Likes Likes

Johndbabio1
L2 Linker
In response to williamshook

‎08-05-2024 04:52 AM

nacl and sec groups open.

0 Likes Likes
  • 521 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks