AWS Certified Advanced Networking – Specialty (ANS-C01) — Question 218

A company is building an internet-facing application that is hosted on an Amazon Elastic Kubernetes Service (Amazon EKS) cluster. The company is using the Amazon VPC Container Network Interface (CNI) plugin for Kubernetes for pod networking connectivity. The company needs to expose its application to the internet by using a Network Load Balancer (NLB).
The pods that host the application must have visibility of the source IP address that is contained in the original packet that the NLB receives.

How should the network engineer configure the NLB and Amazon EKS settings to achieve these goals?

Answer options

• A. Specify the ip target type for the NLB. Set the externalTrafficPolicy attribute to Local in the Kubernetes service specification.
• B. Specify the instance target type for the NLSet the externalTrafficPolicy attribute to Cluster in the Kubernetes service specification.
• C. Specify the instance target type for the NLB. Set the externalTrafficPolicy attribute to Local in the Kubernetes service specification.
• D. Specify the ip target type for the NLB. Set the externalTrafficPolicy attribute to Cluster in the Kubernetes service specification.

Correct answer: A

Explanation

The correct answer is A because setting the ip target type for the NLB and configuring the externalTrafficPolicy to Local allows the pods to see the original source IP address. Option B is incorrect as it uses the instance target type, which does not preserve the original IP. Option C also uses the instance target type, leading to the same issue. Option D, while correct in using ip target type, incorrectly sets the externalTrafficPolicy to Cluster, which would not allow the source IP visibility.