-
NLB Client IP preservation vs Proxy protocol V2
updated 1 year, 1 month ago
2 Members
·
3
Posts
-
Hi,
For NLB it seems that both Client IP preservation & Proxy protocol V2 can be used to retrieve the client IP address. What is the difference and which would be suitable what kind of circumstance?
Thanks!
-
Hi, just bumping this thread in case this is missed out.
-
Hi,
Thank you for your email. Yes, You can use both the Client IP preservation and Proxy Protocol V2 on your NLBs. The usage depends on the type of Target Group you’ll be configuring for your load balancer, which can be an:
-
Instance type target group
-
IP type target group
-
IP type target group (TCP, TLS)
Another consideration is the health check connection. If you enabled the proxy protocol, the proxy protocol header is also included in health check connections from the network load balancer by default but with health check connections, the client convection information is not sent in the proxy protocol header.
The client IP preservation is enabled by default. There are cases where kt can’t be disabled such as for instance and IP type target groups with UDP and TCP_UDP protocols. However, you can enable or disable client IP preservation for TCP and TLS target groups using the: preserve_client_ip.enabled target group attribute.
I highly recommend reading this official AWS documentation for full reference:
Client IP Preservation https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#client-ip-preservation
Proxy Protocol
-
Log in to reply.