Clients cannot connect to my load balancer and sometimes receive an HTTP: 503 Service Unavailable or HTTP: 504 Gateway Timeout error message.

Problems connecting to a load balancer can be caused by the following:

  • The load balancer does not have a listener configured for the port that the client is attempting to connect to.
  • The load balancer security group configuration is incorrect.
  • An incorrectly configured network access control list (ACL) prevents access to a load balancer in an Amazon Virtual Private Cloud (Amazon VPC).
  • Firewall or routing configurations are blocking or misrouting client requests.
  • Load-related issues are preventing timely processing of client requests.

To resolve connectivity issues with a load balancer, follow these steps:

Verify that you have configured the appropriate listeners for the load balancer.
For more information, see Listeners for Your Load Balancer.

Ensure that the load balancer can communicate with your backend instances on both the listener port and the health check port.
The security group for your instances must allow traffic in both directions on both ports for each subnet attached to the load balancer. For more information, see Configure Security Groups for Your Load Balancer.

Ensure that the network ACLs for your VPC allow traffic in both directions on the listener port and the health check port for each subnet attached to the load balancer.
For more information, see the Network ACLs section of Setting Up Elastic Load Balancing.

Test connectivity to the load balancer from an Amazon EC2 instance in the same region, if possible.
Use the following commands to verify connectivity:

  1. nc –v elb.ip.address port
  2. telnet elb.ip.address port
    Note:
    The netcat (nc) utility is not natively installed on Windows systems. There are versions of netcat compiled for use with Windows available for download on the Internet. Ensure that you run a virus scan on any utilities that you download from the Internet before running. The Telnet client is not installed by default on most versions of Windows but can be installed through Control Panel, Programs and Features, Turn Windows features on or off.
  3. From an external computer, run the traceroute (Linux) or tracert (Windows) utilities to the load balancer listener's IP address to verify that traffic is being properly routed to the load balancer.

If connectivity to the load balancer from an EC2 instance in the same region fails, verify that the VPC has an Internet gateway and that the route table has a route to the Internet gateway. For more information, see Connection to your Internet-facing load balancer launched in a VPC has timed out.

If connectivity issues are sporadic, this may be an indication of capacity-related or load-related issues.
For more information about troubleshooting load related issues, see How do I troubleshoot Elastic Load Balancing capacity issues?

Elastic Load Balancing, ELB, connectivity, Amazon EC2, VPC, NACL, service unavailable, gateway timeout, capacity


Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center.