Reputation: 6292
AWS nat instance and elb bottle neck
Got a quick question which might be totally silly but it's early in the morning. So I have a standard AWS VPC with an ELB, NAT instance and 2x EC2 instances for the application code. By the looks of the image bellow the internet gateway passes traffic the ELB and NAT instance. My question is why isn't the NAT instance in front or behind the ELB ? it looks like that the single bottleneck in this VPC could be the NAT instance if all traffic is going through there.
Upvotes: 2
Views: 5525
Answers (2)
Reputation: 269101
The NAT (Network Address Translation) server is used to provide outbound Internet connectivity for Amazon EC2 instances in a private subnet.
Incoming traffic will enter via the Load Balancers and any responses to this traffic will also exit via the Load Balancers. The Elastic Load Balancing service automatically scales based upon the amount of traffic (there is also a charge for traffic transferred).
If an EC2 instance in a private subnet wishes to initiate a connection to the Internet (eg to download updates, or to communicate with Amazon S3), it cannot send traffic "out" of the load balancers. Instead, the subnet would be configured to route traffic to the NAT server, which acts as a proxy for requesting data from the Internet.
It is possible that the NAT server could become a bottleneck. If so, modify the instance to use a larger Instance Type -- this not only adds CPU and RAM, but also network bandwidth.
In some cases, people might also use a NAT server for incoming traffic -- either as a jump-box for administrative purposes (to login to an instance in a private subnet) or to forward specific ports to a private server (via port forwarding). However, best practice would be to separate these functions to a different instance for security and management purposes.
Additional information: Since writing this answer, AWS has introduced a Managed NAT Gateway that can automatically scale. It is created in a single AZ, so you might want to run it in two AZs for High Availability.
Upvotes: 17
Reputation: 7412
I'm not sure how its working, if the loadbalacer is terminating over the APP Tier , then the instance launched in these subnet will have route-table configured with IGW not the NAT instance, which raises a question how to make outbound traffic on the public network which is configured over a loadbalalncer
Upvotes: 0
Related Questions
- AWS VPC NAT Not Working
- AWS ECS: VPC Endpoints and NAT Gateways
- Reach Nat instance from NLB
- NAT instance and NACL configurations
- Peering AWS VPC private to NAT
- SSH in to EB instance launched in VPC with NAT Gateway
- Cant connect to internet facing ELB from instance in VPC
- AWS ELB and Nat Gateway not playing well together
- AWS routing all outbound traffic through a NAT
- ELB not routing traffic to healthy instance