Currently, vsock-proxy gets the first domain name IP after lookup_host resolution and starts connecting to the same IP address. For connecting to services exposed through AWS ALB , AWS Loadbalancer IPs keeps changing, causing an exception of "Could not create connection". To resolve this , can we lookup the IPs of the domain on each client connection accept and then connect.

let sockaddr = SocketAddr::new(self.remote_addr, self.remote_port);
let sock_type = self.sock_type;
self.pool.execute(move || {
let mut server = match sock_type {
SockType::Stream => TcpStream::connect(sockaddr)
.map_err(|_| format!("Could not connect to {:?}", sockaddr)),
_ => Err("Socket type not implemented".to_string()),
}
.expect("Could not create connection");
info!("Connected client from {:?} to {:?}", client_addr, sockaddr);

Hello @nv-sankalpk,

The vsock-proxy was not originally designed with ALB as a use case in mind. However, your finding is valid and we can handle dynamically changing address for allow-listed hosts. For now, I prefer to keep the current lookup behavior as the default.

To accommodate your requirements, we could consider introducing a new command line argument, or a data field in the vsock-proxy.yaml file. This would allow enabling the additional behavior as needed.

We have this issue as well.. we need vsock-proxy to be able to use ALBs and any other infra with potentially changing IP addresses.

Hello @mlschindler & @nv-sankalpk,

The latest release of the nitro-cli (v1.3.0) resolves the issue you reported.

@meerd Trying to install the latest version :
amazon-linux-extras install aws-nitro-enclaves-cli=latest
..
Package aws-nitro-enclaves-cli-1.2.3-0.amzn2.x86_64 already installed and latest version
Is this fixed not yet released ?