• Elastic Load Balancing

elb
  1. Help Center
  2. Elastic Load Balancing
  3. User Guide
  4. FAQs
  5. What Are UDP Health Checks?

What Are UDP Health Checks?

UDP is a connectionless protocol. It does not establish a three-way handshake before sending data. A UDP health check is implemented as follows:

  1. The health check node sends an ICMP request message to the backend server based on the health check configuration.
    • If the health check node receives an ICMP reply message from the backend server, it considers that the backend server is healthy and continues the health check.
    • If the health check node does not receive an ICMP reply message from the backend server, the health check fails.
  2. After receiving the ICMP reply message, the health check node sends UDP probe packets to the backend server.
    • If the health check node receives an ICMP Port Unreachable message returned by the backend server within the timeout duration, the server is considered unhealthy.
    • If the health check node does not receive an ICMP Port Unreachable message returned by the backend server within the timeout duration, the server is considered healthy.

When you use UDP for health checks, you are advised to retain the default settings on the configuration page.

If the port of the backend server is inconsistent with that displayed on the health check configuration page, perform the following operations:

  1. Check whether the timeout duration is too small.

    A possible cause is that the ICMP Echo Reply or ICMP Port Unreachable message returned by the backend server does not reach the health check node within the timeout duration. As a result, the health check result is inaccurate.

    It is recommended that you change the timeout duration to a larger value.

    The principle of UDP health checks is different from that of other health checks. Therefore, you are advised to set a longer health check timeout duration. Otherwise, the backend server may be considered healthy or unhealthy repeatedly.

  2. Check whether the backend server restricts the rates at which ICMP messages are generated.

For Linux, run the following commands to query the rate limit and rate mask:

sysctl -q net.ipv4.icmp_ratelimit

The default value is 1000.

sysctl -q net.ipv4.icmp_ratemask

The default value is 6168.

If the returned value of the first command is the default value or 0, run the following command to remove the rate limit of Port Unreachable messages:

sysctl -w net.ipv4.icmp_ratemask=6160

For more information, see the Linux Programmer's Manual. In Linux, run the following command to display the manual:

man 7 icmp

You can visit http://man7.org/linux/man-pages/man7/icmp.7.html.

NOTE:

Once the rate limit is lifted, ICMP Port Unreachable messages on the backend server will not be limited.