Which solution will meet these requirements?

By:
On:
In: SAP-C02
Tagged:
With: 0 Comments
A telecommunications company is running an application on AWS.The company has set up an AWS Direct Connect connection between the company’s on-premises data center and AWS.The company deployed the application on Amazon EC2 instances in multiple Availability Zones behind an internal Application Load Balancer (ALB).The company’s clients connect from the on-premises network by using HTTPS.The TLS terminates in the ALB.The company has multiple target groups and uses path-based routing to forward requests based on the URL path.The company is planning to deploy an on-premises firewall appliance with an allow list that is based on IP address.A solutions architect must develop a solution to allow traffic flow to AWS from the on-premises network so that the clients can continue to access the application.

Which solution will meet these requirements?

Configure the existing ALB to use static IP addresses. Assign IP addresses in multiple Availability Zones to the ALB. Add the ALB IP addresses to the firewall appliance.

Create a Network Load Balancer (NLB). Associate the NLB with one static IP addresses in multiple Availability Zones. Create an ALB-type target group for the NLB and add the existing ALAdd the NLB IP addresses to the firewall appliance. Update the clients to connect to the NLB.

Create a Network Load Balancer (NLB). Associate the LNB with one static IP addresses in multiple Availability Zones. Add the existing target groups to the NLB. Update the clients to connect to the NLB. Delete the ALB Add the NLB IP addresses to the firewall appliance.

Create a Gateway Load Balancer (GWLB). Assign static IP addresses to the GWLB in multiple Availability Zones. Create an ALB-type target group for the GWLB and add the existing ALB. Add the GWLB IP addresses to the firewall appliance. Update the clients to connect to the GWLB.

Explanations:

The ALB does not support static IP addresses, so it cannot be assigned to the firewall appliance using static IPs. ALBs also do not allow direct configuration of IPs in this manner for use in firewall rules.

A Network Load Balancer (NLB) can be configured with static IPs in multiple Availability Zones. The ALB can be used as a target for the NLB. This allows the clients to connect through the NLB, and the firewall appliance can use the NLB’s static IPs.

A Network Load Balancer (NLB) can have static IPs, but removing the ALB and directly assigning the existing target groups to the NLB would remove the path-based routing and application-level features provided by the ALB. This breaks the existing architecture.

A Gateway Load Balancer (GWLB) is designed to work with third-party virtual appliances (like firewalls), not for direct application load balancing. It is not suitable for terminating TLS traffic or handling HTTP/HTTPS requests like an ALB or NLB.

Leave a Reply

Your email address will not be published. Required fields are marked *

eleven + twenty =