1 Answer

0 votes
by
Here, we will discuss how to configure different types of health checks for UDP (User Datagram Protocol) servers in a load-balanced upstream server group.

We have configured an upstream group of servers that handles UDP network traffic (DNS, RADIUS, Syslog) in the stream { } context, for example:

stream {  

    #...  

    upstream dns_upstream {  

        server 192.168.136.130:53;  

        server 192.168.136.131:53;  

        server 192.168.136.132:53;  

    }  

    #...  

}  

And we have configured a server that passes UDP datagrams to the upstream server group.

stream {  

    #...  

    server {  

        listen          53 udp;  

        proxy_pass      dns_upstream;  

        proxy_timeout   1s;  

        proxy_responses 1;  

        error_log       logs/dns.log;  

    }  

    #...  

}  

Passive UDP Health Checks

Nginx Plus or Nginx open source can mark the server as unavailable and stop sending UDP datagrams to it for some time is the server replies with an error or times out.

The number of consecutive failed connection attempts within a certain period is set with the max_fails parameter for an upstream server. (Default is 1).

The time is set with the fail_timeout parameter (default is 10 seconds). The parameter also sets the amount of time that Nginx considers the server unavailable after making it so.

So, if a connection attempt times will out or fails at least once in a 10 second period, Nginx marks the server as unavailable for 10 seconds. The following example shows how to set these parameters to two failures within 60 seconds.

upstream dns_upstream {  

    server 192.168.136.130:53 fail_timeout=60s;  

    server 192.168.136.131:53 fail_timeout=60s;  

}  

Active UDP Health Checks

Active Health Checks allow checking a wider range of failure types and are available only for Nginx Plus. E.g., instead of waiting for an actual TCP request from a DNS server as down, Nginx Plus will send special health check requests to each upstream server and check for a response that satisfies certain conditions.

If a connection to the server can't be established, the health check fails, and the server is considered unhealthy. Nginx Plus doesn't make proxy client connections to unhealthy servers. If more than one health check is specified, the failure of any check is enough to consider the corresponding upstream server unhealthy.

To enable active health checks:

1. In the group of upstream, define a shared memory zone with the zone directive-a special area where the Nginx Plus worker processes share state information about counters and connections. In the zone directive, specify the zone name and zone size. (Here, dns_zone is the zone name, and 64k is the zone size).

stream {  

    #...  

    upstream dns_upstream {  

        zone   dns_zone 64k;  

        server 192.168.136.130:53;  

        server 192.168.136.131:53;  

        server 192.168.136.132:53;  

    }  

    #...  

}  

2. In the block of the server that forwards traffic to the upstream group (through proxy_pass), specify the UDP parameter to the health_check directive.

stream {  

    #...  

    server {  

         listen       53 udp;  

         proxy_pass   dns_upstream;  

         health_check udp;  

    }  

    #...  

}  

Fine-Tuning UDP Health Checks

We can fine-tune the health check by specifying the following given parameters to the health_check directive:

interval: It defines how often Nginx Plus sends health check requests within seconds(default is 5 seconds).

passes: Several consecutive health checks that the server must respond to be considered healthy. The default value is 1.

fails: Some consecutive health checks that the server must fail to respond to be considered unhealthy. The default value is 1.

server {  

    listen       53 udp;  

    proxy_pass   dns_upstream;  

    health_check interval=20 passes=2 fails=2 udp;  

}  

In the above example, the time between UDP health checks is increased to 20 seconds. The server is considered unhealthy after two consecutive failed health checks, and the server needs to pass two consecutive checks to be considered healthy again.

Related questions

0 votes
asked Sep 5, 2019 in NGINX by Robin
0 votes
asked Sep 5, 2019 in NGINX by Robin
...