Application Gateway Health Probes
Health probes are crucial for ensuring the availability and reliability of your applications deployed behind Azure Application Gateway. They periodically check the health of backend instances and signal Application Gateway to send traffic only to healthy instances.
Understanding Health Probes
When you configure a backend pool, you must also configure a health probe. Application Gateway uses these probes to:
- Determine the health of backend instances.
- Remove unhealthy instances from the load balancing rotation.
- Add healthy instances back to the load balancing rotation.
Configuring Health Probes
You can configure health probes through the Azure portal, Azure CLI, PowerShell, or ARM templates. Key parameters for configuring a health probe include:
| Parameter | Description | Default Value |
|---|---|---|
| Protocol | The protocol used by the health probe (HTTP, HTTPS, or TCP). | HTTP |
| Host | The hostname to send the probe request to. If not specified, Application Gateway uses the host header of the request. | N/A |
| Path | The relative path to use for the probe. For example, `/health`. | `/` |
| Interval (seconds) | The time interval, in seconds, between consecutive health probe attempts. | 30 |
| Timeout (seconds) | The number of seconds after which the probe times out. A backend instance is considered unhealthy if it doesn't respond within this time. | 20 |
| Unhealthy Threshold | The number of consecutive probe failures required to mark a backend instance as unhealthy. | 3 |
| Status codes | A list of HTTP status codes that indicate a healthy response. By default, 2xx and 3xx are considered healthy. | 200-399 |
Example: HTTP Health Probe Configuration
This example demonstrates a basic HTTP health probe configuration targeting the root path (`/`) of your backend servers.
{
"name": "myHealthProbe",
"properties": {
"protocol": "HTTP",
"host": "your-backend-host.com",
"path": "/",
"interval": 30,
"timeout": 20,
"unhealthyThreshold": 3,
"minServers": 0,
"pickDnsRecordClientAccessCa": false,
"provisioningState": "Succeeded"
}
}
Probe Scenarios
1. Default Health Probes
If you don't explicitly configure a health probe, Application Gateway uses a default health probe. The default probe uses the protocol specified in the backend HTTP settings, probes the root path (`/`), and considers 200-399 status codes as healthy.
2. Custom Health Probes
For more granular control, you can define custom health probes. This allows you to specify specific paths, hostnames, and different status codes to determine health. This is useful for applications that have dedicated health check endpoints.
3. HTTPS Health Probes
When using HTTPS for your backend communication, you can configure HTTPS health probes. Ensure that the certificate configured on your backend servers is trusted by the Application Gateway's probe mechanism.
Important Consideration:
When using custom hostnames or FQDNs for your backend servers, make sure the health probe configuration accurately reflects these settings. Incorrect host values can lead to persistent unhealthy states for your backend instances.
Troubleshooting Health Probe Issues
If your backend instances are consistently marked as unhealthy, consider the following:
- Path Mismatch: Ensure the health probe path is correct and accessible from Application Gateway.
- Firewall Rules: Verify that no firewalls are blocking traffic from Application Gateway to your backend instances on the probe port.
- Backend Application Errors: Check the application logs on your backend servers for any errors that might be preventing them from returning a healthy status code.
- DNS Resolution: If you're using hostnames, confirm that Application Gateway can resolve the DNS names of your backend servers.
- SSL Certificate Issues: For HTTPS probes, ensure the SSL certificate is valid and trusted.
Pro Tip:
Utilize Application Gateway's diagnostic logs to gain deeper insights into probe failures. These logs can provide detailed error messages and connection attempts.
By understanding and properly configuring health probes, you can significantly improve the resilience and availability of your applications hosted on Azure Application Gateway.