NLB目标群体健康检查失控 [英] NLB Target Group health checks are out of control
问题描述
我有一个网络负载平衡器和一个关联的目标组,该目标组被配置为对EC2实例进行运行状况检查。问题是我看到大量的健康检查请求。
这是模板的相关部分,我更改间隔的尝试已注释掉:
NLB:
类型: AWS :: ElasticLoadBalancingV2 :: LoadBalancer
属性:
类型:network
名称:api-load-balancer
Scheme :内部
子网:
-Fn :: ImportValue:PrivateSubnetA
-Fn :: ImportValue:PrivateSubnetB
-Fn :: ImportValue:PrivateSubnetC
NLBListener :
类型:AWS :: ElasticLoadBalancingV2 :: Listener
属性:
默认操作:
-类型:转发
TargetGroupArn:!Ref NLBTargetGroup
LoadBalancerArn:! Ref NLB
端口:80
Protoco l:TCP
NLBTargetGroup:
类型:AWS :: ElasticLoadBalancingV2 :: TargetGroup
属性:
#HealthCheckInterval秒:30
HealthCheckPath:/ healthcheck
HealthCheckProtocol:HTTP
#HealthyThresholdCount:2
#UnhealthyThresholdCount:5
#Matcher:
#HttpCode:200-399
Name:api-nlb-http- target-group
端口:80
协议:TCP
VpcId:!ImportValue PublicVPC
我的EC2实例位于私有子网中,无法从外部访问。 NLB是内部的,因此如果不通过API网关,就无法访问它们。 API Gateway没有配置 / healthcheck 终端节点,因此可以排除来自AWS网络外部的任何活动,例如人们手动ping终端节点。
这是我的应用程序从CloudWatch提取的日志示例,而应用程序应该处于空闲状态:
07:45:33 { label:收到的请求URL, value: / healthcheck, type: trace}
07:45:33 { label:收到请求URL,值: / healthcheck,类型: trace}
07:45:33 { label:接收到的请求URL, value: / healthhealth, type: trace}
07:45:33 { label:接收到的请求URL, value: / healthcheck, type: trace}
07 :45:34 { label:接收的请求URL, value: / healthcheck, type:跟踪}
07:45:34 { label:接收的请求URL ,值: /运行状况检查,类型:跟踪}
07:45:34 {标签:接收到的请求URL,值: /运行状况检查,类型: trace}
07:45:35 { label:接收到的请求URL, value: / healthcheck, type: trace}
07:45 :35 { label:接收的请求URL, value: / healthcheck, type:跟踪}
07:45:35 { label:接收的请求URL, value : / healthcheck, type: trace}
我通常会得到3至每秒6个请求,因此我想知道这是否只是Network Load Balancer的工作方式,而AWS仍未对此进行记录(或未找到),否则我该如何解决此问题。
更新:相关的 aws论坛帖子确认这是网络负载平衡器的正常行为,并以其分布式性质为原因。无法配置自定义间隔。目前,文档仍旧过时,请另行指定。
这是NLB目标组中的错误,或具有错误文档的正常行为。我之所以得出这个结论,是因为:
- 我验证了健康检查来自NLB
- 控制台上的配置选项为灰色
- 推断AWS知道或施加了此限制
- 其他
- 该文档专门针对网络负载平衡器
- AWS文档通常会引导您进行疯狂的追赶
在这种情况下,我认为这可能是正常行为,已被错误记录,但是除非有AWS的人能做到,否则无法进行验证,而且几乎不可能在aws论坛上回答问题。
能够配置e设置,或至少更新了文档。
I have a Network Load Balancer and an associated Target Group that is configured to do health checks on the EC2 instances. The problem is that I am seeing a very high number of health check requests; multiple every second.
The default interval between checks is supposed to be 30 seconds, but they are coming about 100x more frequently than they should.
My stack is built in CloudFormation, and I've tried overriding HealthCheckIntervalSeconds, which has no effect. Interestingly, when I tried to manually change the interval in the console, I found those values greyed out:
Here is the relevant part of the template, with my attempt at changing the interval commented out:
NLB:
Type: "AWS::ElasticLoadBalancingV2::LoadBalancer"
Properties:
Type: network
Name: api-load-balancer
Scheme: internal
Subnets:
- Fn::ImportValue: PrivateSubnetA
- Fn::ImportValue: PrivateSubnetB
- Fn::ImportValue: PrivateSubnetC
NLBListener:
Type : AWS::ElasticLoadBalancingV2::Listener
Properties:
DefaultActions:
- Type: forward
TargetGroupArn: !Ref NLBTargetGroup
LoadBalancerArn: !Ref NLB
Port: 80
Protocol: TCP
NLBTargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
# HealthCheckIntervalSeconds: 30
HealthCheckPath: /healthcheck
HealthCheckProtocol: HTTP
# HealthyThresholdCount: 2
# UnhealthyThresholdCount: 5
# Matcher:
# HttpCode: 200-399
Name: api-nlb-http-target-group
Port: 80
Protocol: TCP
VpcId: !ImportValue PublicVPC
My EC2 instances are in private subnets with no access from the outside world. The NLB is internal, so there's no way of accessing them without going through API Gateway. API Gateway has no /healthcheck endpoint configured, so that rules out any activity coming from outside of the AWS network, like people manually pinging the endpoint.
This is a sample of my app's log taken from CloudWatch, while the app should be idle:
07:45:33 {"label":"Received request URL","value":"/healthcheck","type":"trace"}
07:45:33 {"label":"Received request URL","value":"/healthcheck","type":"trace"}
07:45:33 {"label":"Received request URL","value":"/healthcheck","type":"trace"}
07:45:33 {"label":"Received request URL","value":"/healthcheck","type":"trace"}
07:45:34 {"label":"Received request URL","value":"/healthcheck","type":"trace"}
07:45:34 {"label":"Received request URL","value":"/healthcheck","type":"trace"}
07:45:34 {"label":"Received request URL","value":"/healthcheck","type":"trace"}
07:45:35 {"label":"Received request URL","value":"/healthcheck","type":"trace"}
07:45:35 {"label":"Received request URL","value":"/healthcheck","type":"trace"}
07:45:35 {"label":"Received request URL","value":"/healthcheck","type":"trace"}
I'm getting usually 3 to 6 requests every second, so I'm wondering if this is just the way the Network Load Balancers work, and AWS still haven't documented that (or I haven't found it), or otherwise how I might fix this issue.
Update: this has been answered on the related aws forum post which confirms that it's normal behaviour for network load balancers and cites their distributed nature as the reason. There is no way to configure a custom interval. At this moment, the docs are still out of date and specify otherwise.
This is either a bug in NLB Target Groups, or normal behaviour with incorrect documentation. I've come to this conclusion because:
- I verified that the health checks are coming from the NLB
- The configuration options are greyed out on the console
- inferring that AWS know about or imposed this limitation
- The same results are being observed by others
- The documentation is specifically for Network Load Balancers
- AWS docs commonly lead you on a wild goose chase
In this case I think it might be normal behaviour that's been documented incorrectly, but there's no way of verifying that unless someone from AWS can, and it's almost impossible to get an answer for an issue like this on the aws forum.
It would be useful to be able to configure the setting, or at least have the docs updated.
这篇关于NLB目标群体健康检查失控的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
