aws 网络负载均衡器有时会通过 aws transfer 系列返回“服务不可用”

Question

I want to make sure that the network load balancer works stably.

Detail follows;

I am trying to use the FTP protocol with the aws transfer family.

https://aws.amazon.com/jp/aws-transfer-family/

However, due to the specification of aws, the only way to use FTP is to host it in a private VPC and publish it to the Internet using a load balancer.

Therefore, I have decided to use a network load balancer to publish.

Reference: https://aws.amazon.com/premiumsupport/knowledge-center/sftp-enable-elastic-ip-custom-port/?nc1=h_ls

However, when I run the following command, it comes back with "421 Service not available"

ftp A_RECORD.elb.REGION_NAME.amazonaws.com

However, sometimes I can log in without problems , which annoys me even more!

What I tried to do to solve the problem:

To isolate the problem, I have done the following.

I set up an EC2 in a private VPC and ran the following commands from there.

ftp 172.16.0.107 // This is the private IP of the ftp server.

Then I can login every time without any problem. Therefore, I know that the network load balancer is the problem, but I cannot find the cause.

I have already confirmed that the necessary security groups and ports that should be open are fine.

Reference: https://artem.services/?p=2086&lang=en

I would appreciate it if you could tell me what you think might be the cause.

Thank you very much for your help.

Answer 1

I think you need need to configure your FTP passive mode ports, and open these ports in the NLB security group, because the data will be transferred through one of these ports, please see the following example it can help: here