AWS Global Accelerator has a fixed idle timeout for TCP connections of 340 seconds. This means that Global Accelerator will continue to direct traffic for an established TCP connection to an endpoint until 340 seconds of inactivity (idle timeout) is reached, even if the endpoint becomes unhealthy or is removed from the accelerator. Only after this idle timeout expires will Global Accelerator select a new endpoint for new connections[2][3].
In comparison, other AWS services have different TCP idle timeout behaviors:
- Network Load Balancer (NLB): The default TCP idle timeout is 350 seconds, similar to Global Accelerator, but NLB now supports *configurable* TCP idle timeout values ranging from 60 seconds to 6000 seconds. This allows tuning the timeout to better match application needs and reduce latency for long-lived TCP flows[6][7].
- AWS Network Firewall: Also has a default TCP idle timeout of 350 seconds, with the new capability to configure the timeout between 60 and 6000 seconds to support uninterrupted stateful inspection of long-lived TCP connections[9].
- Gateway Load Balancers (GWLB), NAT Gateways, and VPC Endpoints: Use a default TCP idle timeout of 350 seconds for connection tracking, with some flexibility for configuration[10].
- UDP connections in Global Accelerator have a much shorter idle timeout of 30 seconds, whereas in NLB and GWLB, UDP idle timeouts are typically 120 seconds[2][7][10].
The key distinction is that Global Accelerator's TCP idle timeout is fixed at 340 seconds and not currently configurable, whereas services like NLB and Network Firewall offer configurable idle timeouts to better align with application requirements. Global Accelerator's design focuses on maintaining established TCP connections to endpoints until the idle timeout expires, providing stability and consistent routing even if endpoints become unhealthy, whereas NLB and others emphasize flexibility for different application traffic patterns.
In summary:
- Global Accelerator TCP idle timeout: Fixed at 340 seconds, not configurable.
- NLB TCP idle timeout: Default 350 seconds, configurable from 60 to 6000 seconds.
- Network Firewall TCP idle timeout: Default 350 seconds, configurable 60 to 6000 seconds.
- Other AWS services (GWLB, NAT Gateway, VPC Endpoint): Generally 350 seconds default, some configurable options.
This reflects Global Acceleratorâs role in optimizing global traffic routing with stable connection handling, while services like NLB provide more granular control over connection timeouts for load balancing scenarios[2][6][7][9][10].
Citations:
[1] https://docs.aws.amazon.com/global-accelerator/latest/dg/introduction-how-it-works.html
[2] https://docs.aws.amazon.com/pdfs/global-accelerator/latest/dg/global-accelerator-guide.pdf
[3] https://repost.aws/questions/QUuNiUCKYUSkKScntMG8MMeA/timeout-aws-global-accelerator
[4] https://docs.aws.amazon.com/global-accelerator/latest/dg/about-endpoints.avoid-connection-collisions.html
[5] https://hands-on.cloud/aws-services/global-accelerator/
[6] https://www.linkedin.com/posts/karthik-sakthivel-techie_introducing-nlb-tcp-configurable-idle-timeout-activity-7237106073189408769-WqR4
[7] https://aws.amazon.com/blogs/networking-and-content-delivery/introducing-nlb-tcp-configurable-idle-timeout/
[8] https://aws.amazon.com/global-accelerator/features/
[9] https://aws.amazon.com/about-aws/whats-new/2024/10/aws-network-firewall-configurable-tcp-idle-timeout/
[10] https://aws.amazon.com/blogs/networking-and-content-delivery/introducing-configurable-idle-timeout-for-connection-tracking/
[11] https://stackoverflow.com/questions/44692435/what-is-the-difference-between-idle-timeout-and-request-timeout-in-akka-http-con