Edit attributes for your Network Load Balancer
After you create a Network Load Balancer, you can edit its attributes.
Load balancer attributes
Deletion protection
To prevent your Network Load Balancer from being deleted accidentally, you can enable deletion protection. By default, deletion protection is disabled for your Network Load Balancer.
To enable deletion protection using the console
Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/
. -
In the navigation pane, choose Load Balancers.
-
Select the name of the Network Load Balancer to open its details page.
-
On the Attributes tab, choose Edit.
-
Under Configuration, turn on Deletion protection.
-
Choose Save changes.
If you enable deletion protection for your Network Load Balancer, you must disable it before you can delete the Network Load Balancer.
To disable deletion protection using the console
Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/
. -
In the navigation pane, choose Load Balancers.
-
Select the name of the Network Load Balancer to open its details page.
-
On the Attributes tab, choose Edit.
-
Under Configuration, turn off Deletion protection.
-
Choose Save changes.
To enable or disable deletion protection using the AWS CLI
Use the modify-load-balancer-attributes command with the
deletion_protection.enabled
attribute.
Availability Zone DNS affinity
When using the default client routing policy, requests sent to your Network Load Balancers DNS name will receive any healthy Network Load Balancer IP addresses. This leads to the distribution of client connections across the Network Load Balancer's Availability Zones. With the Availability Zone affinity routing policies, client DNS queries favor Network Load Balancer IP addresses in their own Availability Zone. This helps improve both latency and resiliency, as clients do not need to cross Availability Zone boundaries when connecting to targets.
Client routing policies available to Network Load Balancers using Route 53 resolver:
-
Availability Zone affinity – 100 percent zonal affinity
Client DNS queries will favor Network Load Balancer IP address in their own Availability Zone. Queries may resolve to other zones if there are no healthy Network Load Balancer IP addresses in their own zone.
-
Partial Availability Zone affinity – 85 percent zonal affinity
85 percent of client DNS queries will favor Network Load Balancer IP addresses in their own Availability Zone, while the remaining queries resolve to any healthy zone. Queries may resolve to other healthy zones if there are no healthy IPs in their zone. When there are no healthy IPs in any zone, queries resolve to any zone.
-
Any Availability Zone (default) – 0 percent zonal affinity
Client DNS queries are resolved among healthy Network Load Balancer IP addresses across all Network Load Balancer Availability Zones.
Note
Availability Zone affinity routing policies only apply to clients resolving the Network Load Balancers DNS name using Route 53 Resolver. For more information, see What is Amazon Route 53 Resolver? in the Amazon Route 53 Developer Guide
Availability Zone affinity helps route requests from the client to the Network Load Balancer, while cross-zone load balancing is used to help route requests from the Network Load Balancer to the targets. When using Availability Zone affinity, cross-zone load balancing should be turned off, this ensures the Network Load Balancer traffic from clients to targets remains within the same Availability Zone. With this configuration, client traffic is sent to the same Network Load Balancer Availability Zone, so it's recommended to configure your application to scale independently in each Availability Zone. This is an important consideration when the number of clients per Availability zone, or the traffic per Availability Zone are not the same. For more information, see Cross-zone load balancing for target groups.
When an Availability Zone is considered unhealthy, or when a zonal shift is started, the zonal IP address will be considered unhealthy and not returned to clients unless fail open is in effect. Availability Zone affinity is maintained when the DNS record fails open. This helps keep Availability Zones independent and prevent potential cross zone failures.
When using Availability Zone affinity, times of imbalance between Availability Zones are expected. It's recommended ensuring your targets are scaling at the zonal level, to support each Availability Zones workload. In cases where these imbalances are significant, it's recommended turning off Availability Zone affinity. This allows even distribution of client connections between all the Network Load Balancer's Availability Zones within 60 seconds, or the DNS TTL.
Before using Availability Zone affinity, consider the following:
-
Availability Zone affinity causes changes on all of the Network Load Balancers clients who are using Route 53 Resolver.
-
Clients aren't able to decide between zonal-local and multi-zone DNS resolutions. Availability Zone affinity decides for them.
-
Clients aren't provided with a reliable method to determine when they're being impacted by Availability Zone affinity, or how to know which IP address is in which Availability Zone.
-
-
Clients will remain assigned to their zone-local IP address until it is deemed fully unhealthy according to DNS health checks, and is removed from DNS.
-
Using Availability Zone affinity with cross-zone load balancing on can lead to unbalanced distribution of client connections between Availability Zones. It's recommended to configure your application stack to scale independently in each Availability Zone, ensuring it can support zonal clients traffic.
-
If cross-zone load balancing is on, the Network Load Balancer is subject to cross zone impact.
-
The load on each of the Network Load Balancers Availability Zones will be proportional to the zonal locations of clients requests. If you don't configure how many clients are running in which Availability Zone, you will have to independently scale each Availability Zone reactively.
Monitoring
It is recommended to track the distribution of connections between Availability Zones, using the zonal Network Load Balancer metrics. You can use metrics to view the number of new and active connections per zone.
We recommend tracking the following:
-
ActiveFlowCount
– The total number of concurrent flows (or connections) from clients to targets. -
NewFlowCount
– The total number of new flows (or connections) established from clients to targets in the time period. -
HealthyHostCount
– The number of targets that are considered healthy. -
UnHealthyHostCount
– The number of targets that are considered unhealthy.
For more information, see CloudWatch metrics for your Network Load Balancer
Turn on Availability Zone affinity
The steps in this procedure explain how to turn on Availability Zone affinity using the Amazon EC2 console.
To turn on Availability Zone affinity using the console
Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/
. -
In the navigation pane, choose Load Balancers.
-
Select the name of the Network Load Balancer to open its details page.
-
On the Attributes tab, choose Edit.
-
Under Availability Zone routing configuration, Client routing policy (DNS record), select Availability Zone affinity or Partial Availability Zone affinity.
-
Choose Save changes.
To turn on Availability Zone affinity using the AWS CLI
Use the modify-load-balancer-attributes command with the
dns_record.client_routing_policy
attribute.
Turn off Availability Zone affinity
The steps in this procedure explain how to turn off Availability Zone affinity using the Amazon EC2 console.
To turn off Availability Zone affinity using the console
Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/
. -
In the navigation pane, choose Load Balancers.
-
Select the name of the Network Load Balancer to open its details page.
-
On the Attributes tab, choose Edit.
-
Under Availability Zone routing configuration, Client routing policy (DNS record), select Any Availability Zone.
-
Choose Save changes.
To turn off Availability Zone affinity using the AWS CLI
Use the modify-load-balancer-attributes command with the
dns_record.client_routing_policy
attribute.