Overview of Health Monitors
Avi Vantage must validate whether servers are working correctly and are able to accommodate additional workloads before load balancing a client to a particular server. Health monitors perform this function by either actively sending a synthetic transaction to a server or by passively monitoring client experience with the server. Avi Vantage sends active health monitors on a periodic basis that originate from Service Engines hosting the virtual service.
- The health monitors are attached to a pool for the virtual service.
- A pool that is not attached to a virtual service will not send health monitors and is considered an inactive config.
- A pool may have multiple actively concurrent health monitors (such as ping, TCP, and HTTP), as well as a passive monitor.
- All active health monitors must be successful for the server to be marked up.
- Reasons a Server Marked Down
- Health Monitor Troubleshooting
- Servers Flap Up / Down
- Manually Validate Server Health
Active Health Monitors
Active health monitors proactively send queries to servers, synthetically mimicking a client. Send and receive timeout intervals may be defined, which statically determines the server response as successful or failed.
Active health monitors originate from the Service Engines hosting the virtual service. Each SE must be able to send monitors to the servers, which ensures there are no routing or intermediate networking issues that might prevent access to a server from all active Service Engines. If one SE marks a server up and another SE marks a server down, each SE will include or exclude the server from load balancing according to their local monitor results.
Types of Active Health Monitors
- DNS Monitor: A DNS monitor queries name servers for an A record and matches the resolved response against an expected IP address. To know more, refer to DNS Health Monitor.
- External Monitor: Use the external monitor to write scripts that provide highly customized and granular health checks. The scripts may be Linux shell, Python, or Perl, which can be used to execute wget, netcat, curl, snmpget, or dig.
- HTTP Monitor: This Monitor type sends a request to a web server and validates either the HTTP response code or the HTML response data. To know more refer to HTTP Health Monitor
- HTTPS Monitor: This Monitor type can be used to validate the health of HTTPS encrypted web servers. Use this monitor when Avi Vantage is either passing SSL encrypted traffic directly from clients to servers, or Avi Vantage is providing SSL encryption between itself and the servers. This monitor is the same as the HTTP Monitor.
- Ping Monitor: Avi Vantage will send an ICMP ping to the server. This Monitor type is generally very fast and lightweight for both Avi Vantage and the server.
- TCP Monitor: For any TCP application, this Monitor will wait for the TCP connection establishment, send the request string, and then wait for the server to respond with the expected content. If no client request and server response are configured, the health check will pass once a TCP connection is successfully established. To know more, refer to TCP Health Monitor
- UDP Monitor: Sends the request data to the server, then matches the server’s response against the expected response data. To know more, refer to UDP Health Monitor
- SIP Monitor: For SIP applications, the server health is monitored using the SIP request code and response. Currently only SIP options are supported for the request code. The monitor greps for the configured response string in the response payload. If a valid response is not received from the server within the configured timeout, then the server status is marked down.
SIP Request Code: Enter the request to be sent to the SIP server for health monitoring.
SIP Response: Enter the string to be matched in the response payload. By default, it is configured for SIP/2.0.
Passive Health Monitor
While active health monitors provide a binary good/bad analysis of server health, passive health monitors provide a more subtle check by attempting to understand and react to the client-to-server interaction. An active health monitor sends a periodic check to the servers that mimics an end user transaction with a synthetic request, then statically validates the response against an expected string. Passive health monitors do not send a check to the servers. Instead, Avi Vantage monitors end user interaction with the servers. If a server is quickly responding with valid responses (such as HTTP 200), then all is well; however, if the server is sending back errors (such as TCP resets or HTTP 5xx errors), the server is assumed to have errors. Errors are defined by the analytics profile attached to the virtual service. The analytics profile also defines the threshold for response time before a server is considered responding slowly.
With active health monitors, Avi Vantage will mark a server down after the specified number of consecutive failures and will no longer send new connections or requests until that server is able to correctly pass the periodic active health monitors.
With passive health monitors, server failures will not cause Avi Vantage to mark that server as down. Rather, the passive health monitor will reduce the number of connections or requests sent to the server relative to the other servers in the pool by about 75%. Further failures may increase this percentage. After a server is satisfactorily handling the reduced load, it will once again be sent normal volumes of traffic.
Note: Best practice is to enable both a passive and an active health monitor to each pool.
RADIUS Health Monitor (RADIUS HM)
For Remote Authentication Dial-In User Service (RADIUS) applications, server health can be monitored using the RADIUS request and response. RADIUS requests can be now generated, given the password, username, and secret. The server status will be marked Up only if the RADIUS response is Access Accept or Access Challenge. Otherwise the server will be marked Down.
Username, password, and auth secret are the mandatory parameters.
Configuring RADIUS Health Monitor
Configure the username, password, and the secret as shown below.
[admin:ctrl]:configure healthmonitor radius-hm
[admin:ctrl]: healthmonitor> radius_monitor
password Radius monitor will query Radius server with this password.
shared_secret Radius monitor will query Radius server with this shared secret.
username Radius monitor will query Radius server with this username.
[admin:ctrl]: healthmonitor> radius_monitor