Reputation: 185
ELB with Multiple ENI Instances
I am creating a load balancer in front of two Palo Alto's that are acting as Next Gen Firewalls for a web application behind them. These firewall devices have three ENI's:
- eth0: a management ENI placed in an internal management subnet
- eth1: a public ENI placed in an isolated, public subnet.
- eth2: a private ENI, placed in a DMZ subnet where the web application is also located.
When creating the ELB, I've selected the public subnet as the service location. After adding the instances to the ELB, and receiving an InService status, I navigate to the ELB address to find the management interface now exposed (eth0).
I can't seem to locate a way to manually specify the ENI for traffic on the ELB. Is this possible? If not, how am I to configure the ELB with eth1 only?
Upvotes: 3
Views: 2707
Answers (1)
Reputation: 201138
From the documentation here, it appears that the ELB will always route traffic to eth0:
When you register an instance with an elastic network interface (ENI) attached, the load balancer routes traffic to the primary IP address of the primary interface (eth0) of the instance.
So I think your only solution is to swap eth0 and eth1 on your Palo Altos such that eth0 is the interface in your public subnet that you want ELB traffic routed to.
Upvotes: 4
Related Questions
- AWS Cloudfront for internal elastic load balancer origin
- How to access the ec2 instaces in a load balancer created using CDK
- is ther way to expose aws public alb without putting 0.0.0.0 in ingress rule
- Why do I get a 502 when I attempt to access ELB DNS
- Elastic load balancer - EC2s InService, but can't connect
- Attaching ELB to ASG in Private Subnet
- AWS - ELB - Magento2 How do I perform health checks
- aws elb doesn't work - connection timed out error
- AWS - ELB Availability Zones + VPC best practices?