All Products
Search

This Product

    Anti-DDoS:Configure health checks

    Document Center

    Anti-DDoS:Configure health checks

    Last Updated:Nov 28, 2024

    Anti-DDoS Proxy offers Layer 4 and Layer 7 health checks for protected non-website services, particularly useful for services that have more than one origin IP address. By conducting health checks, Anti-DDoS Proxy can assess the availability of origin servers and selectively route traffic to those that are operational, ensuring service continuity. This topic outlines the steps to configure a health check.

    Usage notes

    • Avoid enabling health checks if only a single origin IP address is set in the port forwarding rule.

    • You cannot configure health checks when Application-layer Protection is enabled in port forwarding settings.

    • You may configure health checks if Application-layer Protection is disabled in the port forwarding settings. However, if Application-layer Protection is later enabled, any existing health check configuration will remain but will no longer be effective.

    Prerequisites

    Ensure non-website services are added to Anti-DDoS Proxy with multiple origin IP addresses configured. For more instructions, see Configure port forwarding rules.

    Configure health checks for one port forwarding rule

    1. Log on to the Anti-DDoS Proxy console.

    2. In the top navigation bar, select the region of your instance.

      • Anti-DDoS Proxy (Chinese Mainland): If your instance is an Anti-DDoS Proxy (Chinese Mainland) instance, select Chinese Mainland.

      • Anti-DDoS Proxy (Outside Chinese Mainland): If your instance is an Anti-DDoS Proxy (Outside Chinese Mainland) instance, select Outside Chinese Mainland.

    3. In the left-side navigation pane, choose Provisioning > Port Config.

    4. Select the Anti-DDoS Proxy instance, find the forwarding rule you want to manage, and click Health Check under Configure.

    5. Activate the Health Check feature, fill in the necessary health check parameters, and click OK.

      Anti-DDoS Proxy supports both Layer 4 and Layer 7 health checks. The parameters for each are outlined in the table below.

      Note

      Advanced options for both Layer 4 and Layer 7 health checks are available and will appear when the Advanced Settings section is expanded. We recommend not modifying the advanced options unless necessary.

      Type

      Parameter

      Description

      Layer 4 Health Check

      Health Check Port

      The port used by the health check to probe the backend server, with valid values ranging from 1 to 65,535. The default value is the same as the origin port specified in the port forwarding rule.

      Note

      The Layer 4 health check is suitable for TCP and UDP forwarding rules.

      Layer 7 Health Check

      Domain Name and Health Check Path

      During a Layer 7 health check, Anti-DDoS Proxy sends HTTP HEAD requests to a predefined check path to assess the health status of the origin server.

      Note

      The Layer 7 health check is suitable for only TCP forwarding rules.

      • Domain Name: Enter this value only if the origin server requires a specific host field for HTTP HEAD requests. By default, the system uses the origin IP address. In all other scenarios, ensure that a domain name is provided.

      • Health Check Path: This is a mandatory field used to specify the URI of the health check page.

      For instance, if the domain name is example.aliyundoc.com and the check path is /healthcheck.html, Anti-DDoS Proxy will send an HTTP HEAD request to http://example.aliyundoc.com/healthcheck.html.

      Health Check Port

      The port used by the health check to probe the backend server, with valid values ranging from 1 to 65535. The default is the same as the origin port specified in the port forwarding rule.

      Advanced Settings

      Response Timeout Period

      The timeout period of a health check. Valid values: 1 to 30. Unit: seconds. If the backend server does not respond within the specified timeout period, the backend server is declared as unhealthy.

      Health Check Interval

      The interval between two consecutive health checks.

      Valid values: 1 to 30. Unit: seconds.

      Note

      Each scrubbing node in the Anti-DDoS Pro or Anti-DDoS Premium cluster performs health checks on backend servers at the specified interval independently and concurrently. The scrubbing nodes may perform health checks on the same backend server at different points in time. Therefore, the health check records on the backend server do not indicate the time interval specified for the health check.

      Unhealthy Threshold

      The number of consecutive failed health checks performed on a backend server by the same scrubbing node before the backend server is declared as unhealthy.

      Valid values: 1 to 10.

      Healthy Threshold

      The number of consecutive successful health checks performed on a backend server by the same scrubbing node before the backend server is declared as healthy.

      Valid values: 1 to 10

      Upon successful activation of the health check, the Health Check status for the port forwarding rule will be updated to Enabled.

    Configure session persistence and health checks for more than one port forwarding rule

    Batch configuration of health checks and session persistence is performed on the same console page, so both topics are discussed together.

    1. Log on to the Anti-DDoS Proxy console.

    2. In the top navigation bar, select the region of your instance.

      • Anti-DDoS Proxy (Chinese Mainland): If your instance is an Anti-DDoS Proxy (Chinese Mainland) instance, select Chinese Mainland.

      • Anti-DDoS Proxy (Outside Chinese Mainland): If your instance is an Anti-DDoS Proxy (Outside Chinese Mainland) instance, select Outside Chinese Mainland.

    3. In the left-side navigation pane, choose Provisioning > Port Config.

    4. Select the Anti-DDoS Proxy instance and choose Batch Operations > Add Session/healthCheck Configuration.

    5. In the Add Session and Health Check Settings dialog box, enter the required information as shown in the sample file and click OK.

      Note

      You can export health check settings to a TXT file, modify the settings in the TXT file, and then copy and paste the settings to the Add Session and Health Check Settings dialog box. For more information, see Export configurations of multiple websites.

      The formats of session persistence and health check settings must meet the following requirements:

      • Each line represents a forwarding rule.

      • From left to right, the fields in each port forwarding rule indicate the following parameters: forwarding port, forwarding protocol, session persistence timeout period, health check type, port, response timeout period, check interval, unhealthy threshold, healthy threshold, health check path, and domain name. The supported forwarding protocols are TCP, HTTP, and UDP. The session persistence timeout period is measured in seconds, and the valid value ranges from 30 to 3,600. Fields are separated by spaces.

      • Port forwarding ports must be the ports that are specified in port forwarding rules.

      • If a port forwarding rule uses UDP, we recommend that you configure a UDP health check. If a port forwarding rule uses TCP, we recommend that you configure a TCP health check (Layer 4 health check) or HTTP health check (Layer 7 health check).

      • If you configure an HTTP health check, the Health Check Path parameter is required, but the Domain Name parameter is optional.

    Reference

    For more information on health checks, see How CLB health checks work.