This chapter describes how to configure different types of health checks for UDP servers in a load-balanced upstream server group.

Prerequisites

  • You have configured an upstream group of servers that handles UDP network traffic (DNS, RADIUS, syslog) in the stream context, for example:

    stream {
    
    ...
    
    upstream dns_upstream {
    
    server 192.168.136.130:53;
    
    server 192.168.136.131:53;
    
    server 192.168.136.132:53;
    
    }
    
    ...
    
}

  • You have configured a server that passes UDP datagrams to the upstream server group:

    stream {
    
    ...
    
    server {
    
        listen          53 udp;
    
        proxy_pass      dns_upstream;
    
        proxy_timeout   1s;
    
        proxy_responses 1;
    
        error_log       logs/dns.log;
    
    }
    
    ...
    
}

See TCP and UDP Load Balancing for details.

Passive UDP Health Checks

NGINX can mark the server as unavailable and stop sending UDP datagrams to it for some time if the server replies with an error or times out.

The number of consecutive failed connection attempts within a certain time period is set with the max_fails parameter for an upstream server (default value is 1).

The time period is set with the fail_timeout parameter (default value is 10 seconds). The parameter also sets the amount of time that NGINX considers the server unavailable after marking it so.

So if a connection attempt times out or fails at least once in a 10‑second period, NGINX marks the server as unavailable for 10 seconds. The example shows how to set these parameters to 2 failures within 60 seconds:

upstream dns_upstream {

    server 192.168.136.130:53 fail_timeout=60s;

    server 192.168.136.131:53 fail_timeout=60s;

}

Active UDP Health Checks

Active Health Checks allow testing a wider range of failure types and are available only for NGINX Plus. For example, instead of waiting for an actual TCP request from a DNS client to fail before marking the DNS server as down (as in passive health checks), NGINX Plus will send special health check requests to each upstream server and check for a response that satisfies certain conditions. If a connection to the server cannot be established, the health check fails, and the server is considered unhealthy. NGINX Plus does not proxy client connections to unhealthy servers. If more than one health check is defined, the failure of any check is enough to consider the corresponding upstream server unhealthy.

To enable active health checks:

  1. In the upstream group, specify a shared memory zone with the zone directive – a special area where the NGINX Plus worker processes share state information about counters and connections. In the zone directive, specify the zone name (dns_zone in the example) and the zone size (64k in the example):

    stream {
    
    ...
    
    upstream dns_upstream {
    
        zone   dns_zone 64k;
    
        server 192.168.136.130:53;
    
        server 192.168.136.131:53;
    
        server 192.168.136.132:53;
    
    }
    
    ...
    
}

  2. In the server block that forwards traffic to the upstream group (via proxy_pass), specify the udp parameter to the health_check directive:

    stream {
    
    ...
    
    server {
    
         listen       53 udp;
    
         proxy_pass   dns_upstream;
    
         health_check udp;
    
    }
    
    ...
    
}

A basic UDP health check assumes that nginx sends the “nginx health check” string to an upstream server and expects the absence of ICMP “Destination Unreachable” message in response. You can configure your own health check tests in the match {} block. See The “match {}” Configuration Block for details.

Fine-Tuning UDP Health Checks

You can fine-tune the health check by specifying the following parameters to the health_check directive:

  • interval – How often (in seconds) NGINX Plus sends health check requests (default is 5 seconds)
  • passes – Number of consecutive health checks the server must respond to to be considered healthy (default is 1)
  • fails – Number of consecutive health checks the server must fail to respond to to be considered unhealthy (default is 1)
server {

    listen       53 udp;

    proxy_pass   dns_upstream;

    health_check interval=20 passes=2 fails=2 udp;

}

In the example, the time between UDP health checks is increased to 20 seconds, the server is considered unhealthy after 2 consecutive failed health checks, and the server needs to pass 2 consecutive checks to be considered healthy again.

The “match {}” Configuration Block

You can verify server responses to health checks by configuring a number of tests. These tests are defined within the match {} configuration block.

  • In the top-level stream {} context, specify the match {} block and set its name, for example, udp_test:

    stream {
    
    ...
    
    match  udp_test {
    
        ...
    
    }
    
}

  • Refer to the block from the health_check directive by including the match parameter to specify the name of the match {} block:

    stream {
    
    ...
    
    server {
    
        listen       53 udp;
    
        proxy_pass   dns_upstream;
    
        health_check match=udp_test udp;
    
    }
    
    ...
    
}

  • In the match {} block, specify conditions or tests under which a health check succeeds. This is done with send and expect parameters:

    • send – The text string or hexadecimal literals (“/x” followed by two hex digits) to send to the server
    • expect – Literal string or regular expression that the data returned by the server needs to match

    These parameters can be used in different combinations, but no more than one send and one expect parameter can be specified at a time.

Example Test for NTP

To fine-tune health checks for NTP, you should specify both send and expect parameters with the following text strings:

match ntp {

   send \xe3\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00;

   expect ~* \x24;

}

Example Test for DNS

To fine-tune health checks for DNS, you should also specify both send and expect parameters with the following text strings:

match dns {

   send \x00\x2a\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x03\x73\x74\x6c\x04\x75\x6d\x73\x6c\x03\x65\x64\x75\x00\x00\x01\x00\x01;

   expect ~* "health.is.good";

}
 

UDP Health Checks的更多相关文章

  1. HTTP Health Checks

    This article describes how to configure and use HTTP health checks in NGINX Plus and open source NGI ...

  2. Kong(V1.0.2) Health Checks and Circuit Breakers Reference

    介绍 您可以让Kong代理的API使用ring-balancer,通过添加包含一个或多个目标实体的 upstream 实体进行配置,每个 target指向不同的IP地址(或主机名)和端口.ring-b ...

  3. TCP Health Checks

    This chapter describes how to configure health checks for TCP. Introduction NGINX and NGINX Plus can ...

  4. Zookeeper Health Checks

    Short Description: The article talks about the basic health checks to be performed when working on i ...

  5. Service Discovery And Health Checks In ASP.NET Core With Consul

    在这篇文章中,我们将快速了解一下服务发现是什么,使用Consul在ASP.NET Core MVC框架中,并结合DnsClient.NET实现基于Dns的客户端服务发现 这篇文章的所有源代码都可以在G ...

  6. Using HAProxy as an API Gateway, Part 3 [Health Checks]

    转自:https://www.haproxy.com/blog/using-haproxy-as-an-api-gateway-part-3-health-checks/ Achieving high ...

  7. NGINX Load Balancing – TCP and UDP Load Balancer

    This chapter describes how to use NGINX Plus and open source NGINX to proxy and load balance TCP and ...

  8. 11g新特性:Health Monitor Checks

    一.什么是Health Monitor ChecksHealth Monitor Checks能够发现文件损坏,物理.逻辑块损坏,undo.redo损坏,数据字典损坏等等.Health Monitor ...

  9. About Health Monitor Checks

    About Health Monitor Checks Health Monitor checks (also known as checkers, health checks, or checks) ...

随机推荐

  1. C#正则表达式。

    什么是正则表达式: 正则表达式是用来进行文本处理的技术,是语言无关的. 是由普通字符和特殊字符组成的文字模式,用来描述字符串的特征. 元字符: 1.  .    :  除 \n 以外的任意的单个字符. ...

  2. c#使用js上传图片

    前几天朋友说用js上传图片过去遇到点问题,于是自己也想写一个demo这里就把自己挖的坑填了. 话不多说上代码 前台就一个file控件加按钮 <!DOCTYPE html> <html ...

  3. [Linux] nginx管理员指南基本功能

    1.运行时控制Nginx进程 NGINX有一个主进程和一个或多个工作进程. 如果启用了缓存,则缓存加载器和缓存管理器进程也会在启动时运行. 主进程的主要目的是读取和评估配置文件,以及维护工作进程. 工 ...

  4. OOP设计模式在路上(一)——简单工厂模式

    前言 目前以LabVIEW为主要开发工具,熟悉常规开发框架(队列+状态机),个人用得比较多也感觉比较好用和强大的(JKI,AMC),也用它们开发过一些测试平台,但感觉到了一个瓶颈期,想寻求突破,提升L ...

  5. thinkphp5引入公共部分header、footer等

    由于用惯了tp3.2,改用tp5有些还是感觉别扭的 直接上问题:项目中需要用到引入公共导航.头部.底部.右边部分等等 首先要弄清楚thinkphp5的配置项是哪个文件,众所周知:config.php, ...

  6. vue+vuecli+webpack中使用mockjs模拟后端数据

    前言 使用mockjs可以事先模拟数据,前提是和后端约定好了数据接口,怎样的数据.使用mock就可以生成你要的数据了,从而实现开发时前后端分离. 其主要功能是: 基于数据模板生成模拟数据. 基于HTM ...

  7. 自定义控件详解(六):Paint 画笔MaskFilter过滤

    首先看一个API:setMaskFilter(MaskFilter maskfilter): 设置MaskFilter,可以用不同的MaskFilter实现滤镜的效果,如滤化,立体等. 以下有两个Ma ...

  8. Android为TV端助力 am命令以及hotkey文件的编写

    1.拨打电话:am start -a android.intent.action.CALL -d tel:10086 这里-a表示动作,-d表述传入的数据,还有-t表示传入的类型. 2. 打开一个网页 ...

  9. WebView内存泄露的解决方案

    一.简介: 做Android开发的相信都对webview不会陌生,而且也对系统自带的webview本身存在的问题也是怨念很久了,一方面是本身对js的支持不是很好另外一方面就是经常被人诟病的内存泄露了, ...

  10. Fiddler做代理服务器时添加X-Forwarder-For转发真实客户端ip

    修改CustomRules.js 菜单: Rules->Customize Rules (ctrl+R) 在 static function OnBeforeRequest(oSession: ...