Configuring an Oracle® Solaris 11.2 System as a Router or a Load Balancer

Exit Print View

 
Updated: September 2014
 
 

Monitoring Health Checks in ILB

    ILB provides the following optional types of server health checks:

  • Built-in ping probes

  • Built-in TCP probes

  • Built-in UDP probes

  • User-supplied custom tests that can run as health checks

By default, ILB does not perform any health checks. You can specify health checks for each server group when creating a load-balancing rule. You can configure only one health check per load-balancing rule. As long as a virtual service is enabled, the health checks on the server group that is associated with the enabled virtual service start automatically and are repeated periodically. The health checks stop as soon as the virtual service is disabled. The previous health check states are not preserved when the virtual service is re-enabled.

When you specify a TCP, UDP, or custom test probe for running a health check, ILB sends a ping probe, by default, to determine whether the server is reachable before it sends the specified TCP, UDP, or custom test probe to the server. If the ping probe fails, the corresponding server is disabled with the health check status unreachable. If the ping probe succeeds but the TCP, UDP, or custom test probe fails, the server is disabled with the health check status dead.

You can disable the default ping probe except for the UDP probe. The ping probe is always the default probe for UDP health checks.

Creating a Health Check

You can create a health check and assign the health check to a server group when creating a load-balancing rule. In the following example, two health check objects, hc1 and hc-myscript, are created. The first health check uses the built-in TCP probe. The second health check uses a custom test, /var/tmp/my-script.

# ilbadm create-healthcheck -h hc-timeout=3,\
hc-count=2,hc-interval=8,hc-test=tcp hc1
# ilbadm create-healthcheck -h hc-timeout=3,\
hc-count=2,hc-interval=8,hc-test=/var/tmp/my-script hc-myscript

The arguments are as follows:

hc-timeout

Specifies the timeout when the health check is considered to have failed if it does not complete.

hc-count

Specifies the number of attempts to run the hc-test health check.

hc-interval

Specifies the interval between consecutive health checks. To avoid sending probes to all servers at the same time, the actual interval is randomized between 0.5 * hc-interval and 1.5 * hc-interval.

hc-test

Specifies the type of health check. You can specify the built-in health checks, such as tcp, udp, and ping or an external health check, which has to be specified with the full path name.

Note -  The port specification for hc-test is specified with the hc-port keyword in the create-rule subcommand. For more information, see the ilbadm (1M) man page.

A user-supplied custom test can be a binary or a script.

  • The test can reside anywhere on the system. You must specify the absolute path when using the create-healthcheck subcommand.

    When you specify the test (for example, /var/tmp/my-script) as part of the health check specification in the create-rule subcommand, the ilbd daemon forks a process and executes the test as follows:

    /var/tmp/my-script $1 $2 $3 $4 $5

    The arguments are as follows:

    $1

    VIP (literal IPv4 or IPv6 address)

    $2

    Server IP (literal IPv4 or IPv6 address)

    $3

    Protocol (UDP, TCP as a string)

    $4

    Numeric port range (the user-specified value for hc-port)

    $5

    Maximum time (in seconds) that the test must wait before returning a failure. If the test runs beyond the specified time, it might be stopped, and the test is considered failed. This value is user-defined and specified in hc-timeout.

    • The user-supplied test, does not have to use all the arguments, but it must return one of the following:

    • Round-trip time (RTT) in microseconds

    • 0 if the test does not calculate RTT

    • -1 for failure

By default, the health check test runs with the following privileges: PRIV_PROC_FORK, RIV_PROC_EXEC, and RIV_NET_ICMPACCESS.

If a broader privilege set is required, you must implement setuid in the test. For more details on the privileges, refer to the privileges (5) man page.

Listing Health Checks

To obtain detailed information about configured health checks, issue the following command:

# ilbadm show-healthcheck
HCNAME      TIMEOUT COUNT   INTERVAL DEF_PING TEST
hc1         3       2       8        Y        tcp
hc2         3       2       8        N        /var/usr-script

Displaying Health Check Results

You use the ilbadm list-hc-result command to obtain health check results. If a rule or a health check is not specified, the subcommand lists all the health checks.

The following example displays the health check results associated with a rule called rule1. 

# ilbadm show-hc-result rule1
RULENAME   HCNAME     SERVERID   STATUS   FAIL LAST      NEXT      RTT
rule1      hc1        _sg1:0     dead     10   11:01:19  11:01:27  941
rule1      hc1        _sg1:1     alive    0    11:01:20  11:01:34  1111
Note -  The show-hc-result command displays the health check result only when the rules have associated health checks.

The LAST column of the output shows the time a health check was done on a server. The NEXT column shows the time at which the next health check will be done.

Deleting a Health Check

You delete a health check by using the ilbadm delete-healthcheck command. The following example deletes a health check called hc1.

# ilbadm delete-healthcheck hc1
Copyright © 2011, 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous
Next