Configure HA L4 Cluster in AWS

Use the cluster IP on L4 connectors or services to make a Trustgrid HA cluster present a stable IP across member failover

Tags:

2 minute read

In an HA cluster, the cluster IP gives you a stable address that survives member failover. L4 connectors and services can both leverage it, depending on which side of the traffic flow the cluster sits on. Use one or both — they are independent.

Connectors give clients a stable destination IP:port to connect to.
Services give backends a stable source IP for connections originated from the cluster.

Prerequisites

A two-member Trustgrid HA cluster deployed in AWS.
A cluster IP configured on the LAN interface. See AWS Cluster IP Failover for IAM permissions, source/destination check, and configuration steps.

Connectors — Stable Destination IP for Clients

Use this pattern when clients should reach the cluster on a fixed IP:port. When a cluster IP is configured on the LAN interface, a connector with Listen Interface set to the LAN interface binds only to the cluster IP — not to the member’s primary IP. On failover, the cluster IP migrates to the new active member and clients reconnect to the same address.

In the Trustgrid portal, navigate to your cluster and select Connectors from the Networking menu.
Click Add Connector and configure:
- Listen Interface — the LAN interface where the cluster IP is configured (typically eth1).
- Listen Port, Destination Node, Destination Service — set per the service being fronted.

Connector configuration dialog with Listen Interface set to eth1, listening on port 8080 and forwarding to a remote cluster — Connector configured with Listen Interface = eth1 — the connector binds only to the cluster IP

The configured connector appears in the cluster’s Connectors list:

Connectors list showing two TCP connectors — Cluster Connectors list

Services — Stable Source IP Toward Backends

Use this pattern when the cluster originates connections to backends and the backend must see a single stable source IP (allowlists, return routing, audit logging). With Source Interface set to the LAN interface and Use Cluster IP selected, outbound connections are sourced from the cluster IP regardless of which member is currently active.

In the Trustgrid portal, navigate to your cluster and select Services from the Networking menu.
Click Add Service and configure:
- Source Interface — set the interface dropdown to the LAN interface (typically eth1), then set the second dropdown to Use Cluster IP.
- Host, Port, Protocol — set per the backend being reached.

Service configuration dialog with Source Interface set to eth1 and Use Cluster IP selected, forwarding to a backend on TCP 8080 — Service configured with Source Interface = eth1 and Use Cluster IP

The configured service appears in the cluster’s Services list with the Source Interface column showing eth1 (Use Cluster IP):

Services list showing one service with Source Interface eth1 (Use Cluster IP) — Cluster Services list

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.