Containers-roadmap: [Fargate] [Feature]: Support for UDP + NLB with Fargate services

Created on 24 Aug 2019 · 34Comments · Source: aws/containers-roadmap

Which service(s) is this request for?
Fargate

Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard?

We're trying to move lots of services off of EC2s and onto AWS Fargate, we've found that the operational TCO is much lower, and would love to keep moving in that direction.

One stumbling block we have here is that we have services that rely on UDP transmission (e.g., statsd type systems, syslog, etc), and we can't seem to replicate the model that we would with EC2s / Beanstalk here.

We're really excited that AWS now supports UDP with NLB, and we want to use this in front of Fargate, rather than an NLB in front of EC2s or round robin DNS to a fixed set of EC2s.

It seems like the conflict here is Fargate (and perhaps ECS on EC2, have not checked in detail) services require that Target groups use the "ip" TargetType with both application and network load balancers, whereas the UDP NLBs require "instance" types.

(With basically no context, and a great deal of hubris) It seems like it should be possible to decouple the TCP / UDP layer of the networking configuration from the IP / instance distinction.

Are you currently working around this issue?
We're planning on using NLB with Docker in AWS Beanstalk instead.

Additional context
If this is really a request that should be for the group that works on NLB, feel free to send wherever appropriate and close this issue (I'm not aware of an equivalent forum for that group).

ECS Fargate Proposed

Source

danrubenstein

👍96 ❤36

Most helpful comment

hvardhanx on 13 Sep 2019

👍14

All 34 comments

Just for more color here, we ended up not going the docker in beanstalk route, but are instead making an ECS + EC2 cluster with a daemon ECS service that has the host NetworkMode, and then setting the NLB to target the ports on the EC2 that are tied to the containers.

The point being that we can get both docker + autoscaling goodness, but I feel it's a little more involved than it should be.

danrubenstein on 30 Aug 2019

+1 for adding support to load balance UDP traffic to "ip" TargetTypes. This is also preventing us from using Fargate at the moment.

false-vacuum on 30 Aug 2019

👍10

hvardhanx on 13 Sep 2019

👍14

I also just ran into this issue while trying to implement DNS on Fargate. Would love UDP on Fargate.

rhyeal on 23 Sep 2019

👍5

Same issue here. Any news about this ?

AdrienKuhn on 11 Oct 2019

I am running an ECS cluster that deals with UDP traffic...
I have EC2 instances to run the (UDP) tasks but I would certainly love UDP support in Fargate as well. 🙏

aichholzer on 8 Nov 2019

Same same. We can't go full-serverless unless farg8 and udp nlb work together.

luispabon on 14 Nov 2019

In order to comply with PCIDSS, we need to receive syslog via Direct Connect. The syslog server receives the logs via UDP because our router only supports UDP. We also want that syslog server to run read-only containers on Fargate to comply PCIDSS so that we need to support UDP with NLB!!!

ryosan-470 on 19 Nov 2019

Same here. Any Update?

z0ph on 19 Dec 2019

Same here for a dns service. Any update ?

jcdecaux-oss on 3 Jan 2020

yes, it is crazy that NLB doesn't support UDP for IP targets, can we please have an update on this?

lochiiconnectivity on 4 Jan 2020

Ideally in time for HTTP/3 😉

whereisaaron on 4 Jan 2020

This also prevents us from migrating services to fargate. UDP support would be greatly appreciated.

cSNiHab on 7 Jan 2020

👍9

This is a major problem and is blocking us from moving UDP gaming workloads to AWS

Crypterian on 3 Feb 2020

any idea by when we can expect NLB + UDP in fargate??

connectarena on 5 Feb 2020

🙏 please 🙏

johnjelinek on 5 Feb 2020

👍4

IoT telemetry collection: another use case broken for lack of UDP support in fargate.

luispabon on 6 Feb 2020

👍6

Could not use XRAY on fargate with NLB within this issue.

sgabenov on 4 Mar 2020

SAME !

tavislikedavis on 27 Mar 2020

SAME !

guy032 on 22 Apr 2020

Realize today that I needed a NLB with UDP functionality into a Fargate Deployment. As OP this is not possibel currently even this says otherwise: https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#target-group-routing-configuration

joaquin386 on 2 May 2020

👀3

Just ran into this issue. This is blocking us from using fargate as well.

nemani on 25 May 2020

Azure seems to support this in their container service

https://azure.microsoft.com/en-us/resources/templates/201-aci-udp/

innerop on 2 Jun 2020

😄2

I also wanted to use Fargate ECS cluster with NLB. We need both TCP and UDP traffic. Unfortunately, I can't use Fargate because of this issue. Will use EC2. It is very pitty.

RomanGrekov on 9 Jun 2020

Also running into this issue

gdxn96 on 25 Jun 2020

Wanted to use a common xray daemon deployed on fargate for multiple containerized application. Can't do untill this resolved. Need to add xray daemon as a side-car for each application. This is pending from a long time..

goyatajay on 23 Jul 2020

👍1

Good news everyone! We just launched support for UDP + NLB on AWS Fargate today! You can read more, with an example of how to run an NLB fronted syslog UDP service on Fargate: https://aws.amazon.com/blogs/containers/aws-fargate-now-supports-udp-load-balancing-with-network-load-balancer/

nathanpeck on 31 Jul 2020

🎉6 👍5 🚀1

Just shipped: https://aws.amazon.com/about-aws/whats-new/2020/07/aws-fargate-for-amazon-ecs-now-supports-udp-load-balancing-with-network-load-balancer/

Fargate support for the UDP protocol through a Network Load Balancer is available in Platform Version 1.4 for the Amazon ECS container orchestration service. The support is available in US East (N. Virginia), US West (Oregon), Europe (Ireland), and Asia Pacific (Tokyo) Regions. Will close the issue when we ship for remaining regions which is expected over the next month.

akshayram-wolverine on 31 Jul 2020

🎉1

Great! Works with IPv6?

gmcguire on 31 Jul 2020

@gmcguire Afaik, NLB doesn't support IPV6 (see https://forums.aws.amazon.com/thread.jspa?messageID=938702).

Some caveats from reading that article:

only available at US East (N. Virginia), US West (Oregon), Europe (Ireland), and Asia Pacific (Tokyo) regions.
Health checks are done using TCP (so you need an additional container service/app if your doesn't listen to tcp)
If you have an application like DNS servers that listens on both TCP and UDP ports, you need to create two ECS services and register them with a multi-protocol target group

nunofernandes on 31 Jul 2020

👍3

I'm still seeing Production listener protocol hardcoded to TCP in the console. Has this only been updated on the API side (and not the UI) or is it only for internal NLBs? I'd like to use this to expose a UDP service publicly.

hb3b on 21 Sep 2020

any ETA when fargate with nlb and upd is coming to Frankfurt?

mkuendig on 8 Oct 2020

@mkuendig this is now available in PV1.4 in all AWS regions where ECS/Fargate is present. Also updated in the announcement here: https://aws.amazon.com/about-aws/whats-new/2020/07/aws-fargate-for-amazon-ecs-now-supports-udp-load-balancing-with-network-load-balancer/. Closing this issue.

akshayram-wolverine on 12 Oct 2020

Great! Got ECS Fargate service with NLB configured without problems with management console, but unable to do the same with AWS CDK stack. Cdk seems to register container port of first container of the sevice to NLB and won't let define it as UDP? Is it so, that CDK is not yet supprting UDP containers with NLB and if so is that in roadmap?