Azure Application Gateway Health Probes
Health probes are crucial for Azure Application Gateway to determine the health of backend instances. By periodically sending requests to backend servers, Application Gateway can identify unhealthy instances and reroute traffic away from them, ensuring high availability and a robust user experience.
Understanding Health Probe Settings
When configuring an Application Gateway, you define health probe settings that dictate how the gateway monitors your backend pool. Key settings include:
- Protocol: The protocol used for sending probes (HTTP, HTTPS, or TCP).
- Host: The hostname or IP address to probe.
- Path: The URI path to probe on the backend server.
- Interval: The time interval, in seconds, between successive health probes.
- Timeout: The time, in seconds, for Application Gateway to wait for a response from the backend instance.
- Unhealthy Threshold: The number of consecutive failed probes that must occur before an instance is marked as unhealthy.
- Pick Hostname from Backend Settings: If enabled, the hostname for the probe will be picked from the backend HTTP settings.
- HTTP Settings from Backend: If enabled, the probe inherits settings like protocol, port, and hostname from the associated backend HTTP settings.
Health Probe Types
Application Gateway supports several types of health probes:
1. Default Health Probes
These are automatically configured when you create an Application Gateway. They use the protocol and port defined in your backend HTTP settings and probe the root path (/) by default. While convenient, custom probes offer more granular control.
2. Custom Health Probes
Custom health probes allow you to define specific probing behaviors tailored to your application's needs. This is highly recommended for production environments.
Configuring a Custom HTTP Health Probe
For an HTTP health probe, Application Gateway sends an HTTP GET request to the specified path and port on the backend server. The backend instance is considered healthy if it returns an HTTP status code between 200 and 299 (inclusive).
# Example: Azure CLI command to create a custom health probe
az network application-gateway probe create \
--gateway-name MyAGW \
--name MyAppHealthProbe \
--resource-group MyResourceGroup \
--protocol http \
--host "myapp.backend.com" \
--path "/healthz" \
--interval 30 \
--timeout 20 \
--unhealthy-threshold 3
Configuring a Custom HTTPS Health Probe
HTTPS probes function similarly to HTTP probes but use the HTTPS protocol. You might need to configure certificates for the probe to validate the SSL/TLS connection.
Configuring a Custom TCP Health Probe
TCP probes simply establish a TCP connection to the specified host and port. If the TCP connection is successfully established, the backend instance is considered healthy. This is useful for non-HTTP/S services.
# Example: Azure CLI command to create a custom TCP health probe
az network application-gateway probe create \
--gateway-name MyAGW \
--name MyTcpHealthProbe \
--resource-group MyResourceGroup \
--protocol tcp \
--host "10.0.0.4" \
--port 8080 \
--interval 30 \
--timeout 20 \
--unhealthy-threshold 3
Health Probe Behavior
When a health probe fails a configured number of times (Unhealthy Threshold), Application Gateway marks the corresponding backend instance as unhealthy. Traffic will then be routed only to the healthy instances in the backend pool.
Best Practices
- Use custom health probes for better control and monitoring.
- Configure appropriate intervals, timeouts, and unhealthy thresholds based on your application's expected response times.
- Choose a health probe path that accurately reflects the application's operational status.
- For HTTPS probes, ensure proper certificate configuration.
- Regularly review health probe metrics in Azure Monitor to identify potential issues.