Configure Health check

Last updated: 2020-02-17 10:29:58

PDF

Operation scene

DDoS High Defense IP uses Health check to help users automatically identify real server's running status and automatically isolate abnormal servers. In order to reduce the impact of real server exception on the overall business availability.

  • Non-website business (Layer-4) Health check
    In the Health check mechanism of DDoS High Defense IP non-website business defense, the high defense cluster node initiates a Access request to the server port specified in the configuration. If the port Access is normal, it is considered that real server is running normally, otherwise it is regarded as abnormal operation of real server.
    Under TCP Protocol, explore whether the port can be connected. Under UDP Protocol, use ping for reachability check.
  • Website Business (Layer-7) Health check
    In the Health check mechanism of business protection of DDoS High Defense IP website, the high defense repost cluster sends a HTTP request to real server to check the back-end service. The high defense system determines whether the service is normal according to the HTTP return status code.
    Users can customize the state represented by the response code. Suppose that in a certain scenario, the returned values of HTTP are http_1xx, http_2xx, http_3xx, http_4xx and http_5xx, and users can select http_1xx and http_2xx as normal service status according to business needs, then the values returned from http_3xx to http_5xx represent abnormal status.

When configuring Layer-4 or Layer-7 repost rules, if only one real server IP is configured in a single rule, the Health check feature will not be enabled. This feature is suitable for multi-origin server IP.

Operation step

Health check configuration of non-website business

The following describes the detailed steps of configuring Health check rules for DDoS High Defense IP non-website business protection.

  1. Login DDoS Protection console In Left sidebar, select "DDoS High Defense IP"-> "access configuration" to go to the management page.
  2. Click * * non-website Business * *, select the destination DDoS High Defense IP instance and the corresponding rules, and click * * Edit * * under the Health check column.
  1. On the Health check editing page, click "Show Advanced options". After setting the configuration items, click "OK".
  • Health check is enabled by default.
  • When configuring Health check, it is recommended to use the default value.
  • Support the batch import of Health check configuration information into Export. After import, the system will match the rules one by one according to the imported "repost Protocol and repost ports", in which the "repost port" must be the repost port that has been configured with rules.

Health check configuration of website business

The following describes the detailed steps of configuring Health check rules for the business defense of DDoS High Defense IP websites.

  1. Login DDoS Protection console In Left sidebar, select "DDoS High Defense IP"-> "access configuration" to go to the management page.
  2. Click * * website Business * *, select the destination DDoS High Defense IP instance and the corresponding rules, and click * * Edit * * under the Health check column.
  1. On the Health check editing page, click the < img src = "https://main.qcloudimg.com/raw/ec09016f92120f3a9b58abe311a43c6d.png" style=" margin:0; "> button to turn on the Health check function, and click" Show Advanced options "to set the configuration items. After confirming the correctness, click" OK ".
- turn off health check by default. 
- when configuring a health check, it is recommended that you use the default value. 
- batch import and export of health check configuration information is supported. 

After import, the system will match the rules one by one according to the imported "forwarding protocol and business domain name", where the "business domain name" must be a business domain name that has been configured with rules.

Configuration item description

Layer-4 Health check

Configuration Item Description
Response timeout The maximum timeout time for each response of Health check. If real server does not respond correctly within the specified time, Health check will be judged to have failed.
Check interval The interval between Health check.
Unhealthy Threshold When Health check's status is successful and Health check's failure status is received for n consecutive times (n is Enter's value), it is identified as unhealthy and the console shows an exception.
Healthy Threshold When Health check's status is failed and Health check's successful status is received for n times in a row (n is Enter's value), it will be recognized as healthy and there is no display on the console.

Layer-7 Health check

Configuration Item Description
Check interval The time interval for Health check is 15 seconds by default.
Unhealthy Threshold When Health check's status is successful and Health check's failure status is received for n consecutive times (n is Enter's value), it is identified as unhealthy and the console shows an exception.
Healthy Threshold When Health check's status is failed and Health check's successful status is received for n times in a row (n is Enter's value), it will be recognized as healthy and there is no display on the console.
HTTP request method and check path URL The HEAD method is used by default, and the server returns only the response message header. Using the GET method, the server returns a complete response message. Corresponding to real server, you need to support HEAD and GET.
  • If the page used for Health check is not the default home page of the application server, the user needs to specify a specific check path.
  • If the parameter of the host field is limited to the HTTP HEAD request, the user needs to specify the check path, that is, the URI used for Health check's page file.
  • HTTP status code detection The HTTP status code to judge whether Health check is normal or not. By default or when no selection is made, the values are http_1xx, http_2xx, http_3xx, and http_4xx,. If the HTTP returns a status code other than the default status value, it is recognized as unhealthy and can be modified.