I have a Network Load Balancer exposed to the public internet with a listener of 80 and 443. The network load balancer has 2 subnets subnet-A and subnet-B. I have a target group for the port 443 traffic and for the port 80 traffic. The target groups has successfully registered the IP's of the Fargate service I have running and is connected. The issue I am facing is that when I make a request to my NLB via DNS it is only working about 50% of the time.
This is because when the request do the lookup of the A record for the NLB DNS is has 2 records, which make sense as the NLB has 2 public subnets.
The problem if I make my request and the DNS lookup returns the wrong IP, I get a timeout.
What I am missing so that the traffic get routed correctly?
EDIT
Yes both routes are pointing to the internet gateway, attached screenshot
No, I have cross zone load balancing turned off. It sounds like I need to turn on "cross zone load balancing" correct? Is that the only option to get this to work? I have a screen shot of the set up
I was looking at this link AWS Load Balancing and it shows that it distributes the traffic to either subnet but maybe I am misreading it.
From the discussion in the comments, I understand that you have just one Fargate target that is on and off, and every time it's being created in different availability zones.
EC2 will periodically check health of targets in the target group. If there are no healthy targets in a zone, NLB will remove the IP address bound to this zone from the public DNS record.
If there are no healthy targets in any availability zone, NLB will return all registered addresses in all zones, and hope for the best. This is what will happen during the outage, when your task is being re-run.
This requires cooperation from the client and its DNS provider(s), because the stale DNS record can get cached at multiple points on its way from AWS to the client's network library.
If your target moves from one zone to another, and you want to avoid (or, rather, minimize) interruptions in your service, you can make NLB work for your setup by enabling cross-zone load balancing (and paying for cross-AZ network transfer if your client hits the wrong zone).
However, if you truly don't want interruptions, you should create at least one instance in each availaibility zone, and make sure that at least one instance is always running and responding to health checks.