How a zonal shift works - Amazon Route 53 Application Recovery Controller
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

How a zonal shift works

When you start a zonal shift for a load balancer resource, traffic for the resource is moved away from the Availability Zone that you've specified. To start the shift, Amazon Route 53 Application Recovery Controller requests the load balancer health check for the Availability Zone to be set to unhealthy, so that it fails its health check. An unhealthy health check, in turn, results in Amazon Route 53 automatically withdrawing the corresponding IP addresses for the resource from DNS, so that traffic is redirected from the Availability Zone. New connections are now routed to other Availability Zones in the Amazon Web Services Region instead.

It's important to note that zonal shift does not use health checks in the typical way, where a health check monitors the underlying health of load balancers or applications. Instead, Route 53 ARC uses health checks as a mechanism to move traffic away from an Availability Zone. The mechanism requests a health check to be explicitly set to unhealthy, and then to healthy again, to change how traffic flows.

Traffic begins to shift - When you start a zonal shift in Route 53 ARC, because of the steps involved with traffic flow, you might not see traffic move out of the Availability Zone immediately. It also can take a short time for existing, in-progress connections in the Availability Zone to complete, depending on client behavior and connection reuse. Depending on your DNS settings and other factors, existing connections can complete in just a few minutes, or might take longer. For more information, see Ensuring that traffic shifts finish quickly.

Traffic shift ends - When a zonal shift expires or you cancel it, Route 53 ARC takes steps to stop shifting traffic. It reverse the process for starting a traffic shift, and requests the Route 53 health checks to be set to healthy again. Healthy health checks result in the original zonal IP addresses being restored. Now, the recovered Availability Zone is included in the load balancer's routing again and traffic begins to resume flowing to the AZ.

You must set all zonal shifts to expire when you start the shifts. You can initially set a zonal shift to expire in a maximum of three days (72 hours). However, you can update a zonal shift to set a new expiration at any time. You can also cancel a zonal shift before it expires, if you're ready to restore traffic to the Availability Zone.

When traffic does not shift away

In a few specific scenarios, a zonal shift does not shift traffic from the AZ. For example, if the load balancer target groups in the AZs don't have any instances, or if all of the instances are unhealthy, then the load balancer is in a fail open state. If you start a zonal shift for a load balancer in this scenario, the zonal shift does not change which AZs the load balancer uses because the load balancer is already in a fail open state. This is expected behavior. Zonal shift cannot force one AZ to be unhealthy and shift traffic to the other AZs in a Region if all AZs are failing open (unhealthy). A second scenario is if you start a zonal shift for an Application Load Balancer that is an endpoint for an accelerator in Amazon Global Accelerator. Zonal shift isn't supported for Application Load Balancers that are endpoints of accelerators in Global Accelerator.

For more information about zonal shift support, see Resources supported for zonal shift and zonal autoshift.