Load Balancer Gotchas

March 18, 2026 · #load-balancing, #reliability · 1 min read

A collection of load balancer surprises I’ve encountered. I’ll add new entries over time.

NLB idle timeout silently drops connections #

TIL: NLB doesn’t close the connection gracefully after idle timeout

> .. no traffic for 350 seconds, then the connection is removed from the NLB flow table. If a client attempts to send traffic after the connection is no longer tracked, then NLB responds with a TCP RST
— Igor Kupczyński (@igor_kupczynski) March 18, 2026

When the NLB idle timeout expires, it doesn’t send FIN or RST. It just removes the connection from its flow table. Both client and server will think the connection is alive. The next packet from either side gets a RST from the NLB.

Set client and server keepalive intervals below the NLB’s idle timeout (350s by default, now configurable).
Or tune the NLB idle timeout to match your application’s needs.