Configure Health Check

Each NLB Service comes with an integrated, non-optional health check mechanism.

Each member of the target Instance Pool will be regularly contacted using the health check parameters you provide. When the health check probe is marked as failed, the NLB will no longer forward traffic to that node.

The health check parameters are:

  • Protocol
    the protocol the health check has to use to contact the pool member, either TCP, HTTP or HTTPS.
  • TLS-SNI
    this parameter can be set when the protocol is HTTPS. It allows configuration of the server name indication of the health check.
  • Port
    the port on which the health check must be performed. This can be a different port than the target port used to forward the traffic, or the same one depending on your own setup. As for the target port, your target Instance Pool Security Groups must allow incoming traffic on the health check port.
  • Path
    the URI relative to the machine IP address to be used for HTTP health checks. The path starts with / that will be added to the target Instance IP.
  • Interval
    the time in seconds between health check calls.
  • Timeout
    the time in seconds until the request is dropped and the health check call is considered failed.
  • Retries
    the number of subsequent failed health check calls needed to consider the member is down.

The health check probe will try to contact each member of the Instance Pool with the designated method and at the indicated interval:

  • HTTP health checks will seek a 2XX status code
  • TCP health checks will verify that it is possible to establish a connection on the specified port

The health check status of the NLB member will change from success to failure after the indicated amount of failed retries.

No traffic will be forwarded to an instance if its health check status is marked as failure. The health check probe will continue to try to reach the Instance, and as soon as the check succeeds, it will change the status back to success and resume traffic forwarding.

WARNING
Your Instance Pool Security Groups needs to have an open ingress rule on the designated health check port to work.