UDP is a connectionless protocol. It does not establish a three-way handshake before sending data. A UDP health check is implemented as follows:
When you use UDP for health checks, you are advised to retain the default settings on the configuration page.
If the port of the backend server is inconsistent with that displayed on the health check configuration page, perform the following operations:
A possible cause is that the ICMP Echo Reply or ICMP Port Unreachable message returned by the backend server does not reach the health check node within the timeout duration. As a result, the health check result is inaccurate.
It is recommended that you change the timeout duration to a larger value.
The principle of UDP health checks is different from that of other health checks. Therefore, you are advised to set a longer health check timeout duration. Otherwise, the backend server may be considered healthy or unhealthy repeatedly.
For Linux, run the following commands to query the rate limit and rate mask:
sysctl -q net.ipv4.icmp_ratelimit
The default value is 1000.
sysctl -q net.ipv4.icmp_ratemask
The default value is 6168.
If the returned value of the first command is the default value or 0, run the following command to remove the rate limit of Port Unreachable messages:
sysctl -w net.ipv4.icmp_ratemask=6160
For more information, see the Linux Programmer's Manual. In Linux, run the following command to display the manual:
man 7 icmp
You can visit http://man7.org/linux/man-pages/man7/icmp.7.html.
Once the rate limit is lifted, ICMP Port Unreachable messages on the backend server will not be limited.