vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/elb/umn/elb_faq_0024.html
zhoumeng 3275979377 ELB_UMN_IPV6_1218 
Reviewed-by: Hajba, László Antal <laszlo-antal.hajba@t-systems.com>
Co-authored-by: zhoumeng <zhoumeng35@huawei.com>
Co-committed-by: zhoumeng <zhoumeng35@huawei.com>
2024-02-09 10:31:35 +00:00

42 lines
7.4 KiB
HTML
Raw Blame History

<a name="elb_faq_0024"></a><a name="elb_faq_0024"></a>
<h1 class="topictitle1">How Does ELB Perform UDP Health Checks? What Are the Precautions for UDP Health Checks?</h1>
<div id="body8662426"><div class="section" id="elb_faq_0024__section53210693319"><h4 class="sectiontitle">How UDP Health Checks Work</h4><p id="elb_faq_0024__p594001812332">UDP is a connectionless protocol. A UDP health check is implemented as follows:</p>
</div>
<ul id="elb_faq_0024__ul118961151152216"><li id="elb_faq_0024__li1896125120229">The health check node sends an ICMP request to the backend server based on the health check configuration.<ul id="elb_faq_0024__ul202464854211"><li id="elb_faq_0024__li624114811423">If the health check node receives an ICMP reply from the backend <span id="elb_faq_0024__text1730504215713">server</span>, it considers the backend server healthy and continues the health check.</li><li id="elb_faq_0024__li1644615164212">If the health check node does not receive an ICMP reply from the backend <span id="elb_faq_0024__text166053611810">server</span>, it considers the backend server unhealthy.</li></ul>
</li><li id="elb_faq_0024__li14896651122210">After receiving the ICMP reply, the health check node sends a UDP probe packet to the backend <span id="elb_faq_0024__text279319651018">server</span>.<ul id="elb_faq_0024__ul1611085454217"><li id="elb_faq_0024__li211065416424">If the health check node receives an ICMP Port Unreachable message from the backend <span id="elb_faq_0024__text73403324109">server</span> within the timeout duration, the backend server is considered unhealthy.</li><li id="elb_faq_0024__li9969105615423">If the health check node does not receive an ICMP Port Unreachable message from the backend <span id="elb_faq_0024__text02196153811">server</span> within the timeout duration, the backend server is considered healthy.</li></ul>
</li></ul>
<p id="elb_faq_0024__p20843183062817">When you use UDP for health checks, retain default parameter settings.</p>
<div class="section" id="elb_faq_0024__section1651117513338"><h4 class="sectiontitle">Troubleshooting</h4><p id="elb_faq_0024__p1290856173312">If the backend server is unhealthy, use either of the following methods to locate the fault:</p>
</div>
<ul id="elb_faq_0024__ul3578201317447"><li id="elb_faq_0024__li257910131449">Check whether the timeout duration is too short.<p id="elb_faq_0024__p1247644393018"><a name="elb_faq_0024__li257910131449"></a><a name="li257910131449"></a>One possible cause is that the ICMP Echo Reply or ICMP Port Unreachable message returned by the backend <span id="elb_faq_0024__text11635124113813">server</span> does not reach the health check node within the timeout duration. As a result, the health check result is inaccurate.</p>
<p id="elb_faq_0024__p747610439305">It is recommended that you change the timeout duration to a larger value.</p>
<p id="elb_faq_0024__p18541632193414">UDP health checks are different from other health checks. If the health check timeout duration is too short, the health check result of the backend <span id="elb_faq_0024__text13586581185">server</span> frequently toggles back and forth between <strong id="elb_faq_0024__b44605421747">Healthy</strong> and <strong id="elb_faq_0024__b1292844517410">Unhealthy</strong>.</p>
</li><li id="elb_faq_0024__li1957901310440">Check whether the backend <span id="elb_faq_0024__text257519920910">server</span> restricts the rate at which ICMP messages are generated.</li></ul>
<p id="elb_faq_0024__p1647644393017">For Linux servers, run the following commands to query the rate limit and rate mask:</p>
<pre class="screen" id="elb_faq_0024__screen4768112823913">sysctl -q net.ipv4.icmp_ratelimit</pre>
<p id="elb_faq_0024__p1811918431964">The default rate limit is <strong id="elb_faq_0024__b842352706193458">1000</strong>.</p>
<pre class="screen" id="elb_faq_0024__screen7265195210611">sysctl -q net.ipv4.icmp_ratemask</pre>
<p id="elb_faq_0024__p52451533713">The default rate mask is <strong id="elb_faq_0024__b1590969366">6168</strong>.</p>
<p id="elb_faq_0024__p74763433302">If the returned value of the first command is the default value or <strong id="elb_faq_0024__b842352706103935">0</strong>, run the following command to remove the rate limit of Port Unreachable messages:</p>
<pre class="screen" id="elb_faq_0024__screen187541426251">sysctl -w net.ipv4.icmp_ratemask=6160</pre>
<p id="elb_faq_0024__p178268102918">For more information, see the <em id="elb_faq_0024__i842352697103837">Linux Programmer's Manual</em>. On the Linux CLI, run the following command to display the manual:</p>
<pre class="screen" id="elb_faq_0024__screen58180101999">man 7 icmp</pre>
<p id="elb_faq_0024__p184947035312">Alternatively, visit <a href="http://man7.org/linux/man-pages/man7/icmp.7.html" target="_blank" rel="noopener noreferrer">http://man7.org/linux/man-pages/man7/icmp.7.html</a>.</p>
<div class="note" id="elb_faq_0024__note472385163512"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="elb_faq_0024__p07231750353">Once the rate limit is lifted, the number of ICMP Port Unreachable messages on the backend server will not be limited.</p>
</div></div>
<div class="section" id="elb_faq_0024__section1386314212366"><h4 class="sectiontitle">Precautions</h4><p id="elb_faq_0024__p07313917363">Note the following when you configure UDP health checks:</p>
</div>
<ul id="elb_faq_0024__en-us_topic_0044589572_ul39655260125151"><li id="elb_faq_0024__en-us_topic_0044589572_li21353022125151">UDP health checks use ping packets to check the health of the backend <span id="elb_faq_0024__text4243511499722">server</span>. To ensure smooth transmission of these packets, ensure that ICMP is enabled on the backend <span id="elb_faq_0024__text9486641229734">server</span> by performing the following:<p id="elb_faq_0024__en-us_topic_0044589572_p57959472125151">Log in to the <span id="elb_faq_0024__text2377681409836">server</span> and run the following command as user <strong id="elb_faq_0024__b8423527069814">root</strong>:</p>
<p id="elb_faq_0024__en-us_topic_0044589572_p51873203125151"><strong id="elb_faq_0024__en-us_topic_0044589572_b65813485141827">cat /proc/sys/net/ipv4/icmp_echo_ignore_all</strong></p>
<ul id="elb_faq_0024__ul5991332115413"><li id="elb_faq_0024__li5383645415427">If the returned value is <strong id="elb_faq_0024__b2702449915427">1</strong>, ICMP is disabled.</li><li id="elb_faq_0024__li234898115413">If the returned value is <strong id="elb_faq_0024__b46864838191253">0</strong>, ICMP is enabled.</li></ul>
</li><li id="elb_faq_0024__en-us_topic_0044589572_li33275046125151">The health check result may be different from the actual health of the backend server.<p id="elb_faq_0024__en-us_topic_0044589572_p31039959125151"><a name="elb_faq_0024__en-us_topic_0044589572_li33275046125151"></a><a name="en-us_topic_0044589572_li33275046125151"></a>If the backend server runs Linux, the rate of ICMP packets may be limited due to Linux's defense against ping flood attacks when there is a large number of concurrent requests. In this case, if a service exception occurs, the load balancer will not receive error message <strong id="elb_faq_0024__b84235270615853">port XX unreachable</strong> and will consider the health check to be successful. As a result, there is an inconsistency between the health check result and the actual server health.</p>
</li></ul>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="elb_faq_0204.html">Health Checks</a></div>
</div>
</div>
View Git Blame Copy Permalink