I'm trying to figure out if I can set up two different load balancers (LBs) within the same EKS cluster to communicate with one another. I've opened up all traffic for a proof of concept, but it seems like the LBs aren't able to send HTTP requests between them. I can access each LB individually without any issues, but when I try to reach one LB from the other, it just doesn't work.
Interestingly, I found out that using IP addresses works fine, but it fails when I use fully qualified domain names (FQDNs). I would love to hear your thoughts on this!
4 Answers
When you say the LBs can't send requests to each other, what specifically do you mean? If you have services in your EKS cluster, they can communicate internally using URLs like http://{servicename}:{appport}/ instead of using the LBs directly.
Additionally, I have several services with the same name across different namespaces, so that’s why I was experimenting with the FQDN.
It sounds like you need to clarify what type of load balancers you're using. Generally, ALBs don’t send traffic to each other; they act more like reverse proxies to their designated target groups. If your load balancers are from different clusters, they typically can't communicate directly either. You might consider routing through the service names instead of trying to get them to talk to each other directly.
I see. If they are different clusters, can they send traffic or not? My use case is to expose one LB for external traffic while routing to different LBs for internal applications.
Are we talking about Application Load Balancers (ALBs), Network Load Balancers (NLBs), or something else? I need more details about your setup. If I were to guess, it seems like you're using NLBs for your services, and trying to send traffic from one service's NLB to another service's NLB internally—but NLBs might be dropping those packets, as they expect communication from the 'right side.' Check out the Martian packet concept for more!
That's exactly what I'm encountering, trying to send the requests across!
You can mix and match: ALB to NLB works (using IP targets), same for NLB to ALB, or even NLB to NLB—but ALB to ALB won’t work without an intermediary.
That’s typically how it works! I was just testing with LB_FQDN:80 instead of the service name, and it didn't go through. I’ll try debugging this a bit more.