ILB provides the following optional types of server health checks:
Built-in ping probes
Built-in TCP probes
Built-in UDP probes
User-supplied custom tests that can run as health checks
By default, ILB does not perform any health checks. You can specify health checks for each server group when creating a load-balancing rule. You can configure only one health check per load-balancing rule. As long as a virtual service is enabled, the health checks on the server group that is associated with the enabled virtual service start automatically and are repeated periodically. The health checks stop as soon as the virtual service is disabled. The previous health check states are not preserved when the virtual service is re-enabled.
When you specify a TCP, UDP, or custom test probe for running a health check, ILB sends a ping probe, by default, to determine whether the server is reachable before it sends the specified TCP, UDP, or custom test probe to the server. If the ping probe fails, the corresponding server is disabled with the health check status unreachable. If the ping probe succeeds but the TCP, UDP, or custom test probe fails, the server is disabled with the health check status dead.
You can disable the default ping probe except for the UDP probe. The ping probe is always the default probe for UDP health checks.
You can create a health check and assign the health check to a server group when creating a load-balancing rule. In the following example, two health check objects, hc1 and hc-myscript, are created. The first health check uses the built-in TCP probe. The second health check uses a custom test, /var/tmp/my-script.
# ilbadm create-healthcheck -h hc-timeout=3,\ hc-count=2,hc-interval=8,hc-test=tcp hc1 # ilbadm create-healthcheck -h hc-timeout=3,\ hc-count=2,hc-interval=8,hc-test=/var/tmp/my-script hc-myscript
The arguments are as follows:
Specifies the timeout when the health check is considered to have failed if it does not complete.
Specifies the number of attempts to run the hc-test health check.
Specifies the interval between consecutive health checks. To avoid sending probes to all servers at the same time, the actual interval is randomized between 0.5 * hc-interval and 1.5 * hc-interval.
Specifies the type of health check. You can specify the built-in health checks, such as tcp, udp, and ping or an external health check, which has to be specified with the full path name.
A user-supplied custom test can be a binary or a script.
The test can reside anywhere on the system. You must specify the absolute path when using the create-healthcheck subcommand.
When you specify the test (for example, /var/tmp/my-script) as part of the health check specification in the create-rule subcommand, the ilbd daemon forks a process and executes the test as follows:
/var/tmp/my-script $1 $2 $3 $4 $5
The arguments are as follows:
VIP (literal IPv4 or IPv6 address)
Server IP (literal IPv4 or IPv6 address)
Protocol (UDP, TCP as a string)
Numeric port range (the user-specified value for hc-port)
Maximum time (in seconds) that the test must wait before returning a failure. If the test runs beyond the specified time, it might be stopped, and the test is considered failed. This value is user-defined and specified in hc-timeout.
The user-supplied test, does not have to use all the arguments, but it must return one of the following:
Round-trip time (RTT) in microseconds
0 if the test does not calculate RTT
-1 for failure
By default, the health check test runs with the following privileges: PRIV_PROC_FORK, RIV_PROC_EXEC, and RIV_NET_ICMPACCESS.
If a broader privilege set is required, you must implement setuid in the test. For more details on the privileges, refer to the privileges (5) man page.
To obtain detailed information about configured health checks, issue the following command:
# ilbadm show-healthcheck HCNAME TIMEOUT COUNT INTERVAL DEF_PING TEST hc1 3 2 8 Y tcp hc2 3 2 8 N /var/usr-script
You use the ilbadm list-hc-result command to obtain health check results. If a rule or a health check is not specified, the subcommand lists all the health checks.
The following example displays the health check results associated with a rule called rule1.
# ilbadm show-hc-result rule1 RULENAME HCNAME SERVERID STATUS FAIL LAST NEXT RTT rule1 hc1 _sg1:0 dead 10 11:01:19 11:01:27 941 rule1 hc1 _sg1:1 alive 0 11:01:20 11:01:34 1111
The LAST column of the output shows the time a health check was done on a server. The NEXT column shows the time at which the next health check will be done.
You delete a health check by using the ilbadm delete-healthcheck command. The following example deletes a health check called hc1.
# ilbadm delete-healthcheck hc1