AWS Certified Advanced Networking - Specialty
Get started today
Ultimate access to all questions.
A company operates an application on Amazon EC2 instances within a VPC. A network engineer replaces self-managed NAT instances with a NAT gateway. After redirecting traffic from the self-managed NAT instances to the NAT gateway, users report connectivity issues. Upon investigation, the network engineer finds that connections to the application are timing out after about 6 minutes of inactivity. What steps should the network engineer take to address this problem?
A company operates an application on Amazon EC2 instances within a VPC. A network engineer replaces self-managed NAT instances with a NAT gateway. After redirecting traffic from the self-managed NAT instances to the NAT gateway, users report connectivity issues. Upon investigation, the network engineer finds that connections to the application are timing out after about 6 minutes of inactivity. What steps should the network engineer take to address this problem?
Explanation:
The issue described involves connections closing after approximately 6 minutes of inactivity, which is a common symptom of NAT gateway connection timeouts. NAT gateways have a default connection timeout of 350 seconds (approximately 5.8 minutes) for idle TCP connections. To resolve this issue, the network engineer should configure TCP keepalive on the application EC2 instances to prevent the connections from being considered idle and thus closed by the NAT gateway. Additionally, monitoring the IdleTimeoutCount Amazon CloudWatch metric for the NAT gateway can help identify if the issue is indeed related to idle connection timeouts. Therefore, the correct action is to check for increases in the IdleTimeoutCount metric and configure TCP keepalive on the application EC2 instances.