How a zonal shift works

When you start a zonal shift for a load balancer resource, traffic for the resource is moved away from the Availability Zone that you've specified. To start the shift, Amazon Application Recovery Controller (ARC) requests the load balancer health check for the Availability Zone to be set to unhealthy, so that it fails its health check. An unhealthy health check, in turn, results in Amazon Route 53 automatically withdrawing the corresponding IP addresses for the resource from DNS, so that traffic is redirected from the Availability Zone. New connections are now routed to other Availability Zones in the AWS Region instead.

It's important to note that zonal shift does not use health checks in the typical way, where a health check monitors the underlying health of load balancers or applications. Instead, ARC uses health checks as a mechanism to move traffic away from an Availability Zone. The mechanism requests a health check to be explicitly set to unhealthy, and then to healthy again, to change how traffic flows.

Traffic begins to shift - When you start a zonal shift in ARC, because of the steps involved with traffic flow, you might not see traffic move out of the Availability Zone immediately. It also can take a short time for existing, in-progress connections in the Availability Zone to complete, depending on client behavior and connection reuse. Depending on your DNS settings and other factors, existing connections can complete in just a few minutes, or might take longer. For more information, see Ensuring that traffic shifts finish quickly.

Traffic shift ends - When a zonal shift expires or you cancel it, ARC takes steps to stop shifting traffic. It reverses the process for starting a traffic shift, and requests the Route 53 health checks to be set to healthy again. Healthy health checks result in the original zonal IP addresses being restored. Now, the recovered Availability Zone is included in the load balancer's routing again and traffic begins to resume flowing to the AZ.

You must set all zonal shifts to expire when you start the shifts. You can initially set a zonal shift to expire in a maximum of three days (72 hours). However, you can update a zonal shift to set a new expiration at any time. You can also cancel a zonal shift before it expires, if you're ready to restore traffic to the Availability Zone.

When traffic does not shift away

In specific scenarios, a zonal shift does not shift traffic from the Availability Zone. For example, say you start a zonal shift for a load balancer when the load balancer target groups in the AZs don't have any instances, or if all of the instances are unhealthy. In this scenario, the load balancer is in a fail open state and starting a zonal shift does not shift away traffic.

Before you start a zonal shift for a resource, make sure that all the conditions for a successful zonal shift are met. For more information about zonal shift support, see Resources and scenarios supported for zonal shift and zonal autoshift.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Zonal shift

AWS Regions