However, AWS does not support cross-region load balancing in AWS. I fixed it with cross-region VPC peering and then went with target type IP addresses in the load balancer target group. Lastly, I added steps for internal load balancing with the application load balancer as well.<\/p>\n\n\n\n
Setup Overview:<\/strong><\/p>\n\n\n\n 2 VPC: 1 in N.Virginia and 1 in Oregon<\/p>\n\n\n\n 2 public Subnet: one in each VPC<\/p>\n\n\n\n 3 private Subnet: 2 in N.Virginia and 1 in Oregon<\/p>\n\n\n\n 3 Ec2 instances: 1 in each private Subnet<\/p>\n\n\n\n 1 network load balancer : In N.Virginia region <\/p>\n\n\n\n The following steps were performed in the N.Virginia region :<\/strong><\/p>\n\n\n\n Step-1<\/strong>: Create a vpc (VPC-NV) in N.Virginia region with 10.0.0.0\/26<\/strong> CIDR<\/p>\n\n\n\n Step-2<\/strong>: Create 3 subnets with the following CIDR in N.Virginia region<\/p>\n\n\n\n NV-PUB-A(10.0.0.0\/28<\/strong>)<\/p>\n\n\n\n NV-PRIV-A(10.0.0.16\/28<\/strong>)<\/p>\n\n\n\n NV-PRIV-B (10.0.0.48\/28<\/strong>)<\/p>\n\n\n\n Step -3:<\/strong> Create an internet gateway(NV-IGW) and attach it with VPC-NV<\/p>\n\n\n\n Step-4:<\/strong> Create 2 route table named NV-PUB-RT and NV-PRIV-RT<\/p>\n\n\n\n Step-5: <\/strong>Associate NV-PUB-A public subnet with NV-PUB-RT route table and add NV-IGW Internet gateway with it which was created in step 3 <\/p>\n\n\n\n Step-6:<\/strong> Create an (NV-NAT) Nat gateway in the public subnet and add this Nat gateway in the NV-PRIV-RT route table.<\/p>\n\n\n\n Step-7: <\/strong>We can see two private subnet are associated with the NV-PRIV-RT route table and one public subnet associated with NV-PUB-RT<\/p>\n\n\n\n The following steps were performed in the Oregon region:<\/strong><\/p>\n\n\n\n Step-8:<\/strong> Like N.Virginia, Create a VPC in the Oregon region with 10.0.1.0\/26<\/strong> CIDR<\/p>\n\n\n\n Step-9:<\/strong> Create one public and one private subnet <\/p>\n\n\n\n OREG-PUB-A(10.0.1.0\/28<\/strong>)<\/p>\n\n\n\n OREG-PRIV-A(10.0.1.32\/28<\/strong>) <\/p>\n\n\n\n Step-10:<\/strong> Create 2 route tables (OREG-PUB-RT), (OREG-PRIV-RT ), one Internat gateway(OREG-IGW), One Nat gateway (OREG-NAT) and associate public and private subnet to the route tables <\/p>\n\n\n\n Step-11:<\/strong> Now go to N.virginia region and go for vpc and in vpc search for peering connection, Create a new peering connection<\/p>\n\n\n\n Name (NV-to-OREG)–> Select a local VPC to peer with (NV-VPC)–>Select another VPC to peer with (my account)–> Region (another region) choose region from drop down list (US West Oregon)–> VPC ID (Accepter) (vpc-0414bfe109d9c3459) copy your another region VPC-ID and paste here–> Create peering connection<\/p>\n\n\n\n <\/p>\n\n\n\n Step-1<\/strong>2: Go for peering connection in Oregon region, you see it is in pending acceptance state. Now go to actions and accept it, you see how it is in the provisioning state and after refreshing, it comes into the Active state. <\/p>\n\n\n\n Step-<\/strong>13: Go for the N.virginia region and refresh the peering connection now it should be in an active state <\/p>\n\n\n\n <\/p>\n\n\n\n Step-14: <\/strong>Now go for route table NV-PUB-RT and edit the route for peering connection, final route table look like this<\/p>\n\n\n\n <\/p>\n\n\n\n Step-15:<\/strong> Go for Oregon region and edit OREG-PRIV-RT route table and add peering connection to it<\/p>\n\n\n\n <\/p>\n\n\n\n Note:<\/strong> we can add Peering connection entry in NV-PUB-RT in N.Virginia and OREG-PRIV-RT in Oregon region<\/p>\n\n\n\n Step-16: <\/strong>We are doing Internal load balancing so this step is important<\/p>\n\n\n\n Go for vpc in both region and choose vpc and in actions select edit DNS hostnames(by default disable) and Enable it <\/strong><\/p>\n\n\n\n <\/p>\n\n\n\n Step-17:<\/strong> Go for EC2 services in N.virginia and launch 3 instances one in NV-PUB-A subnet (with public IP) and the other two in NV-PRIV-A and NV-PRIV-B subnet respectively without public IP (Keep them private instances) <\/p>\n\n\n\n <\/p>\n\n\n\n Step-18: <\/strong>Go for the Oregon region and launch 2 instances, one in the public subnet (OREG-PUB-A) and one in the private subnet (OREG-PRIV-A)<\/p>\n\n\n\n <\/p>\n\n\n\n Step-19:<\/strong> Security group (NV-SG) and (OREG-SG) attached with instances respectively<\/p>\n\n\n\n <\/p>\n\n\n\n Step-20:<\/strong> Access any server with ssh(bastion) and try to telnet private IP of another region instance, if it is giving below output our cross region vpc peering works properly.<\/p>\n\n\n\n <\/p>\n\n\n\n Before doing further steps Go for private instances (through bastion hosts) and install Nginx<\/strong> and customize the index.html default page on all three instances (two in N.virginia and one in Oregon private subnets) <\/strong><\/p>\n\n\n\n Steps for Internal load balancing:<\/strong><\/p>\n\n\n\n Step-21: <\/strong> Go for N.virginia region and in EC2 services choose load balancing, Go for target groups and create a new target group<\/p>\n\n\n\n Basic configuration (IP addresses)–> Target group name (NW-TG)–> VPC(NV-VPC)–> Next –> Register targets–> Choose a network (NV-VPC)–> Specify IPs and define ports (paste private ip of instances launched in private subnets in NV-VPC)–> Click on include as pending below –> create target group<\/p>\n\n\n\n Step-22:<\/strong> Go for register targets again, Choose another private IP address in the network section and paste Oregon region instance (OREG-PRIV-A) private IP and click on include as pending below and create target group<\/p>\n\n\n\n <\/p>\n\n\n\n Step-23: <\/strong>These targets are in an unused state until we not associate this target group with any load balancer <\/p>\n\n\n\n Step-24:<\/strong> Go for the load balancer and create a network load balancer <\/p>\n\n\n\n <\/p>\n\n\n\n Note: <\/strong>choose both private subnets in this step. If you are making an internet-facing load balancer then choose at least one public subnet<\/p>\n\n\n\n <\/p>\n\n\n\n Step-25:<\/strong> G o to target groups and check the health status of all instances <\/p>\n\n\n\n <\/p>\n\n\n\n Step-26<\/strong>: Copy load balancer DNS and check load balancer DNS resolving or not<\/p>\n\n\n\n nslookup <DNS of network load balancer><\/p>\n\n\n\n <\/p>\n\n\n\n Step-27: <\/strong>Now hit the below command from any instance and check for Internal load balancing is working or not(when we are hitting with the below command, we get customized HTML page of 3 servers), I am pasting one screenshot of customized page<\/p>\n\n\n\n curl <DNS of network load balancer><\/p>\n\n\n\n <\/p>\n\n\n\n Steps for Application load balancer:<\/strong> Now we test our internal load balancing with an Application load balancer<\/p>\n\n\n\n Step-28:<\/strong> Go to actions and delete NW-LB load balancer and Target group, And create a Target Group same as above and an application load balancer <\/p>\n\n\n\n Step-2<\/strong>9: All steps are the same but in the application load balancer we see security groups, we choose the same security group(NV-SG) which is for our Ec2 instances<\/p>\n\n\n\n Step-30: <\/strong>After the creation of load balancer curl <DNS > from any server in N.Virginia, We get customized HTML pages <\/p>\n\n\n\n <\/p>\n\n\n\n <\/p>\n\n\n\n Conclusion:<\/strong><\/p>\n\n\n\n A cross-region load balancer ensures service is available globally across multiple AWS regions. If one region fails, the traffic is routed to the next closest healthy regional servers. But cross-region load balancing is not supported in AWS.<\/p>\n\n\n\n I tried searching for a solution to this scenario and I decided to explore the possible solutions and find how to achieve this by using cross-region VPC peering and find that Network Load Balancers now support connections from clients to IP-based targets in peered VPCs across different AWS Regions.<\/p>\n\n\n\n I also tried it with the Application load balancer and see that it works with both load balancers.<\/p>\n\n\n\n The above solution will help to achieve internal load balancing using cross-region VPC peering.<\/p>\n\n\n\n Happy learning…….<\/em><\/p>\n\n\n\n Opstree<\/strong> <\/a>is an End to End DevOps solution provider<\/p>\n\n\n\n![\"\"](\"https:\/\/opstree.com\/blog\/\/wp-content\/uploads\/2022\/07\/image-7.png?w=1024\")
![\"\"](\"https:\/\/opstree.com\/blog\/\/wp-content\/uploads\/2022\/07\/image-8.png?w=1024\")
![\"\"](\"https:\/\/lh4.googleusercontent.com\/Jhbd_oM_WxhUy8ykBYmh9OYt9BA9dOn9RZdy4hP08OR03Es8n5obWFR00lp8F96dOiHSLTNK2zDEGG79m5QBRX1UMuZ5Qv-mFk9W7-BcPgzUgpgAmhOWlwNvZV8zB9Hm4dD0xw_UxNgJVLQ4R6I\")
![\"\"](\"https:\/\/lh3.googleusercontent.com\/uZE8Xe7Hyv8HQgNhNGkdVcxnJt6KZC4kWDb2XvBAuEYwlKNy2m6rk55wywzPA_THq3Kmuf7Eoio2LuaiA9XN8JZh_sQoImNNE5d14EpTepeY36BMSXcqMCTkL6LNsRm1HxQ79heRxtttnWnvYZI\")
![\"\"](\"https:\/\/lh5.googleusercontent.com\/3zQOVuXnTud2Sw2r28FYKRfxWxUUJSNc0RU_elfPwHag1PS85fF8SulMcxROhrtPDH3Jx_MxrF12U6iRtiUiJHSDnEOd_8Dp_WAa3cjDEn5kg8Oi8OOVn2-ulcZg1Mb87ANJUV1RhOvZDsbTGw8\")
![\"\"](\"https:\/\/lh4.googleusercontent.com\/RWWZQHW6ZxeEem17VMDW2fFtBa-ejP8JjsLSTXZUIdxpAtA__RpTh9qLl2ihIhs0GkGJum2HDTZUlnwv0Nqp7QCSmuR4JAOdV-EzV7yf4r2ELsLEy_IIFyr-QeysQpm1gvHfznaGEeNgB442X0M\")
![\"\"](\"https:\/\/lh6.googleusercontent.com\/293H5CFif8YZhP_1aQ9Chd5_V3rj7v8bGaa8WB9A3o4IxZRU-AN4fpXGZnFR-BnyZF02MuZ02dZbscHy3rzZdWNzp4gWZyAZV7Ohbs40wCgOIG0dksb0GumtWLamtOH66FINPf3z01TwqTKI6YM\")
![\"\"](\"https:\/\/lh6.googleusercontent.com\/O9-FMsMNh6ftc1S4trFbKxFOvOVZe2HLZru_lEMfccRXVBgPahui2J7eXND7iElIVzhqha5Itu2tSLc70JL38h3KBK2GTVXRT0DKLTzCpBxYDBPvlyzBo6KWh4rARlKArg3jSYGdfIAUPlRSnyA\")
![\"\"](\"https:\/\/opstree.com\/blog\/\/wp-content\/uploads\/2022\/07\/image-9.png?w=1024\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/lh6.googleusercontent.com\/sAzGTt9_qrK4n3DXd4QJ9lChqoAs5bHXlVUiOsZfFwVveJp73pGSObB6gaFw7gGhlsMpQXVbecJgQbbCstGm_p_WjmabBqSO9ko4-1cxz9NIJnjsMzQdp4YkAZJdjuE13793cOfrKOWcEEFc_mM\")
![\"\"](\"https:\/\/opstree.com\/blog\/\/wp-content\/uploads\/2022\/07\/image-10.png?w=774\")
![\"\"](\"https:\/\/lh6.googleusercontent.com\/Ztt0NNkydmG2l65NklQya61H4dn6F5yFyrQjg7VXoYKUydirjQDuXcdFQw0kOJrkKtBbqhwaoamtU_A31fRGTIkkn3MCvGadseS9xF9b8ljYx4YP8jW-Zp2tJ-2CLerixkKZSU4Lm5jQEte2-XU\")
![\"\"](\"https:\/\/lh6.googleusercontent.com\/C7PSaJVLu8dGcwvP6SlSntGZXKMq8mqqZh2CQ5iM6p6ZwkiCCcVrKlDlIv2jYTaY7N39q9xRCq4kC3IYAkeEGa1D1drtrDEz63B6gCM2F-AbySEC6skICwWsGmVOjT-PeF7JonGeBod6vgTPB80\")
![\"\"](\"https:\/\/lh4.googleusercontent.com\/uUgpaLSNdND7JUGIXWXydz_LSwIBJNb4Nh8qdJiEMn32OBfDFwtej5Vl2Ve-JWKxg0nLtwy9S1065MPyKzsbZUbAPHYmEgFB2YKUG0suy-rxmUuzFhOMikQEuURWlr-qn9jFUWMPx2LIv64_2DI\")
![\"\"](\"https:\/\/lh3.googleusercontent.com\/Mr0QpwE1GJhEDLBIBWnM1dzfiO-nzAJpcnysn2tFYeC83gdbsbX8FJGm6DpJ07y7kg0ouGlzp1csimFElnQYRscBQ2oNoroi9G1zUXKALk0GZIZ2ZXv3PcI88-sjs8pW5QEj234fnvkl9eDOF-g\")
![\"\"](\"https:\/\/opstree.com\/blog\/\/wp-content\/uploads\/2022\/07\/image-11.png?w=828\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/lh5.googleusercontent.com\/wO4IpSPrI5W3rTsFB1ztUlqEdyCMLJPuqq5k9P-5wJy_w4Dt9lwefWP1wvi1CUrxUy7m-HrSMTWgnsPsOeJ2jUDJuefnYzd6K9OneRIG9LUoWEbqyUH1xGlEaSdv5VE42SsiG6BoUHdvC2YLieM\")
![\"\"](\"https:\/\/lh6.googleusercontent.com\/Bc6hxxbLC9pPGgK92uyoI3IF0Kg8OzfRHiyAEZlaA1YQLW2om-82EwnnzCb1ZHCbZ1O6gLpT6id2uOLdXAItCcWshdvrvKwhh2xmuD03IXg3fP7cALx2yx8Nwkslj0WCfug8udzqMRu4mivpMxY\")
![\"\"](\"https:\/\/lh6.googleusercontent.com\/tpRKrmJEeWRM4wukkwwM6BL_pAbwvIp9GEa-ksPQdsvkZJAkrq_BF_Mv8ySX3Ob8I1v0HA2IW0vf2JnWrSeYgxSF6a6OedX1oJl4DU85wMwuqFXQ8rANasYNwgH8gmMRSYeQpzC4BcUX7FDpGHw\")
Blog Pundit:<\/strong> Naveen Verma<\/strong><\/a> and Sandeep Rawat<\/strong><\/a><\/p>\n\n\n\n
![\"\"](\"https:\/\/lh3.googleusercontent.com\/pBRRSmtqhGOm7M99-hl9u2hIPLkMUNeelntnRuLy85H2QusMZNqmKZdvFOjaVhKBNSGp8cp6A4ikthhnDi_LrqtDeAEdHLfNLCslK3ju-IjctRD6bRKE5HZMXqD3S8fNKjxmSLrQIm3cX087zMw\")