Server Load Balancing : Configuring health checks
 
Configuring health checks
The system uses health checks to poll the backend real servers to test whether an application is available. If a server fails a health check and retries also fail, it is deemed unavailable. The ADC does not send it connections until it is deemed available.
 
If you expect a backend server is going to be unavailable for a long period, such as when it is undergoing hardware repair, it is experiencing extended down time, or when you have removed it from the server farm, you can improve the performance of the FortiADC system by setting the status of the pool member to Disabled, rather than allowing the system to continue to attempt health checks.
Table 3 describes the predefined health checks. You can get started with these or create custom objects.
Table 3: Predefined health check configuration objects
Predefined
Description
LB_HLTHCK_HTTP
Sends a HEAD request to the server port 80. Expects the server to return an HTTP 200.
LB_HLTHCK_HTTPS
Sends a HEAD request to the server port 443. Expects the server to return an HTTP 200.
LB_HLTHCK_ICMP
Pings the server.
LB_HLTHCK_TCP_ECHO
Sends a TCP echo to server port 7. Expects the server to respond with the corresponding TCP echo.
Before you begin:
You must have a good understanding of TCP/IP and knowledge of the services running on your backend servers.
You must know the IP address, port, and configuration details for the applications running on backend servers. For some application protocol checks, you must specify user credentials.
You must have Read-Write permission for Load Balance settings.
After you have configured a health check, you can select it in the real server configuration.
To configure a health check:
1. Go to Server Load Balance > Real Server.
2. Click the Health Check tab.
3. Click Add to display the configuration editor.
4. Select one of the following options.
ICMP
TCP Echo
TCP
HTTP
HTTPS
DNS
RADIUS
SMTP
POP3
IMAP4
RADIUS Accounting
FTP
TCP Half Open
TCP SSL
SNMP
 
5. Complete the configuration as described in Table 4.
6. Save the configuration.
 
Table 4: Health check configuration
Settings
Guidelines
General
Name
Unique name. No spaces or special characters.
After you initially save the configuration, you cannot edit the name.
Interval
Seconds between each health check. Should be more than the timeout to prevent overlapping health checks.
Timeout
Seconds to wait for a reply before assuming that the health check has failed.
Up Retry
Attempts to retry the health check to confirm availability.
Down Retry
Attempts to retry the health check to confirm availability.
TCP / TCP Half Open / TCP SSL
Port
Listening port number of the backend server. Usually HTTP is 80, FTP is 21, DNS is 53, POP3 is 110, IMAP4 is 143, RADIUS is 1812, and SNMP is 161 or 162.
HTTP/HTTPS
Port
Listening port number of the backend server. Usually HTTP is 80.
Send String
A URL, such as /contact.php.
Receive String
A string expected in return when the request is successful.
Status Code
HTTP status code that the server replies with when the request is successful. Except 200 (OK), most statuses indicate errors.
Match Type
What determines a failed health check?
Match String
Match Status
Match All (match both string and status)
Method Type
HTTP method for the test traffic:
HTTP Get
HTTP Head
DNS
Domain Name
The FQDN, such as www.example.com, to use in the DNS A/AAAA record health check.
Address Type
IPv4
IPv6
Host Address
IP address that matches the FQDN, indicating a successful health check.
RADIUS / RADIUS Accounting
Port
Listening port number of the backend server. Usually RADIUS is 1812.
Username
User name of an account on the backend server.
Password
The corresponding password.
Password Type
User—If the backend server does not use CHAP, select this option.
CHAP—If the backend server uses CHAP and does not require a secret key, select this option.
Secret Key
The secret set on the backend server.
SMTP
Port
Listening port number of the backend server. Usually SMTP is 25.
Domain Name
The FQDN, such as www.example.com, to use in the SMTP health check.
POP3
Port
Listening port number of the backend server. Usually POP3 is 110.
Username
User name of an account on the backend server.
Password
The corresponding password.
IMAP4
Port
Listening port number of the backend server. Usually IMAP4 is 143.
Username
User name of an account on the backend server.
Password
The corresponding password.
Folder
Select an email mailbox to use in the health check. If the mailbox does not exist or is not accessible, the health check fails.
FTP
Port
Listening port number of the backend server. Usually FTP is 21.
User name
User name of an account on the backend server.
Password
The corresponding password.
File
Specify a file that exists on the backend server. Path is relative to the initial login path. If the file does not exist or is not accessible, the health check fails.
Passive
Select this option if the backend server uses passive FTP.
SNMP
Port
Listening port number of the backend server. Usually SNMP is 161 or 162.
CPU %
Maximum normal CPU usage. If overburdened, the health check fails.
Memory %
Maximum normal RAM usage. If overburdened, the health check fails.
Disk %
Maximum normal disk usage. If the disk is too full, the health check fails.
Agent type
UCD
Windows 2000
Community
The SNMP community string set on the backend server. If this does not match, and the appliance is not configured as an SNMP manager for the backend server, all health checks fail.
Version
SNMP v1 or v2c.