Troubleshooting Classic Load Balancer Issues | AWS Certified Advanced Networking - Specialty

Common Checks for Unresponsive EC2 Instances | AWS Exam Answer

Prev Question Next Question

Question

You have configured a classic load balancer in the public subnet with EC2 instances behind them.

You are sending an HTTP request using the DNS name as the destination.

But you are not getting the response from the underlying instances.

Which of the following checks should you carry out? Choose 2 answers from the options given below.

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer - A and D.

These checks are also given in the AWS Documentation.

Troubleshoot a Classic Load Balancer: Client Connectivity.

If your Internet-facing load balancer in a VPC is not responding to requests, check for the following.

Your Internet-facing load balancer is attached to a private subnet.

Verify that you specified public subnets for your load balancer.

A public subnet has a route to the Internet Gateway for your virtual private cloud (VPC).

A security group or network ACL does not allow traffic.

The security group for the load balancer and any network ACLs for the load balancer subnets must allow inbound traffic from the clients and outbound traffic to the clients on the listener ports.

For more information, see Security Groups for Load Balancers in a VPC.Option B is incorrect since the load balancer needs to be created in the public subnet.

Option C is incorrect since the traffic needs to be allowed from anywhere.

For more information on troubleshooting the load balancer, one can visit the below URLs.

https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/ts-elb-connection-failed.html https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-troubleshooting.html

To troubleshoot the issue of not getting a response from EC2 instances behind a classic load balancer, there are two checks that should be carried out:

  1. Ensure the load balancer is created in the public subnet

    • Classic Load Balancers can be created in either public or private subnets. If the load balancer is created in a private subnet, then it won't be accessible from the Internet, and requests won't be routed to the EC2 instances. Hence, it's essential to ensure that the load balancer is created in a public subnet so that it can receive traffic from the Internet.
  2. Ensure the Security group for the load balancer accepts traffic on port 80 from 0.0.0.0/0 or a specific IP range.

    • Security groups are virtual firewalls that control inbound and outbound traffic for EC2 instances, RDS instances, and load balancers. In this case, it's essential to ensure that the Security group associated with the load balancer allows inbound traffic on port 80 from either 0.0.0.0/0 (all IP addresses) or a specific IP range, such as 10.0.0.0/16. If the Security group is not properly configured, then traffic won't be able to reach the EC2 instances behind the load balancer, and hence the response won't be received.

Therefore, the correct answers are A and D.