Our cloud platform (GCP) provides a state validation mechanism to confirm whether the VM instance is responding to traffic correctly. This document describes how to generate and use state validation for the load analyzer.

This page is familiar with the concept of state confirmation, aiming at users who understand the rules of GCP firewall.

Status confirmation classification, protocol, port

GCP will confirm according to category and protocol composition status.

There are two categories of confirmation status: confirmation status and status before confirmation. Each tape supports different protocol sets and port designations used for status verification.

Most load analyzers do not confirm the previous state, but use state confirmation. However, for the distribution of network load, the previous state needs to be used. Refer to the state confirmation selection in the state confirmation concept page to determine the appropriate classification, protocol and port assignment method.

In order to confirm the status, the selected protocol does not need to be consistent with the protocol used in the load distributor, which is impossible according to the situation. Please refer to protocol and load analyzer for details.

The word "confirm status" does not show the previous status. This document clearly shows that the previous status is "confirm previous status".

Create status confirmation

Use GCP to generate or select states when the backend configuration of the load distributor is completed in the GCP Console.

GCP console can be different from the composition of load distributor for status confirmation. This is useful for state verification or for state verification of multiple load analyzers. You can use the GCP console, the gcloud command-line tool, or the rest API to determine your status. After checking the background information of this segment, generate status confirmation and modification.

gcloud gcloud

The network load analyzer must create or use an optional previous state when GCP console completes the backend configuration of the network load distributor. If you want to determine the previous state separately, you must use the gcloud command-line tool or the rest API. See previous status for details.

gcloud gcloud

Flag to confirm all States

The next flag has nothing to do with the protocol, and all States are the same.

The meaning of each project is as follows.

ssl tcp 5s 5s 2

Port configuration flag

To confirm the status, specify the port in addition to the protocol. The method of specifying ports varies depending on the type of load distributor and the type of backend used in the backend service. The following table lists the port configuration options for the payload splitter and back-end combination. The term "instant group" in the table refers to pessimistic instant group, management instant group or dizzy group in management field.

Only one type of port can be used for acknowledgment status.

--port 1 65535 --port-name --use-serving-port --port 1 65535 --use-serving-port --port 1 65535 --port-name --use-serving-port

1 port configuration combination is solved as follows.

• --If use serving port is specified, - port, - name cannot be specified in all.

--use-serving-port --port --port-name

• ——When both port and - name are specified, port takes precedence.

--port --port-name --port

• If none of the three are specified, the default is - port = 80.

--port=80 --use-serving-port --port --port-name --port --port-name --port --port=80

2 β: if you need - use serving port, you need to use the next β gcloud command.

--use-serving-port gcloud --use-serving-port gcloud

• gcloud beta compute health-checks create gcloud beta compute health-checks update
NONE PROXY_V1 NONE PROXY_V1 PROXY UNKNOWN\r\n /
• The answer string must consist of ASCII characters, numbers, and spaces.
• The maximum length of the answer string is 1024 words.
• Wild card consistency is not supported.
• Values are not supported for content-based checking. Like happy! I won't support it.
! !

--The request path and response flags correct the success criteria for the status confirmation probe.

--request-path --response --request-path --response

SSL and TCP status selection flags

In addition to general flags and port configuration, you can use this option in SSL and TCP states. In this example, the TCP state of hc-tcp-33268 is determined by using port 3268 based on the basic interval, time limit and state threshold.

hc-tcp-3268 hc-tcp-3268
• The protocol could be TCP (such an example) or SSL.
tcp ssl
• Proxy header must be one of one or proxy v1. If omitted, GCP uses none. The proxy V1 value adds the title proxy unknown \ R \ R.
NONE PROXY_V1 NONE PROXY_V1 PROXY UNKNOWN\r\n
• Request string: after a TCP or SSL session is set, it can be transferred to a string of 1024 ASCII at most.
• Response string: the predictive response can provide a string of up to 1024 ASCII.
tcp ssl NONE PROXY_V1 NONE PROXY_V1 PROXY UNKNOWN\r\n

--The request and - response flags correct the success criteria for the status confirmation probe. --If you use the response flag alone, or with the - request flag, the response returned must match the expected response string.

--request --response --response --request --request --response --response --request

Production status confirmation and modification

Modify the status confirmation, unable to convert the status confirmation to the previous status check or vice versa.

Ke sell

The GCP console lists the status acknowledgments and the last status acknowledgment. Check the status and edit the previous status. However, the previous state cannot be created on the status confirmation page of GCP console.

To determine the status, follow the next phase.

To modify the status, follow these steps.

• Move from Google cloud playfor console to status confirmation page. Move to status confirmation page
• To view details, click status confirmation.
• To modify the status, click Edit and do the following. Change the parameters as required. Click Save.
• Change parameters as needed.
• Click save.
• Change parameters as needed.
• Click save.

Gcloud

Use the next command to display the status.

gcloud gcloud

After the status is confirmed, use the appropriate gcloud command language, which is replaced by the name of health check name to indicate the status confirmation.

gcloud gcloud

To modify the state, use the appropriate gcloud command replaced by health check name. You can modify your state confirmation name and the general flag, port configuration flag and optional flag beyond the protocol. When the gcloud compute health checks up command confirms the status, the omitted flag is configured in advance. The following instructions are examples of modifying check intervals, time limits, and request paths.

gcloud gcloud compute health-checks update gcloud gcloud compute health-checks update

API

• Use the healthchecks.list API call to list status acknowledgments.

Use the healthchecks.list API call to list status acknowledgments.

• If you know the name of the status confirmation, you can use the healthchecks.get API call to get detailed configuration information.

If you know the name of the status confirmation, you can use the healthchecks.get API call to get detailed configuration information.

• When the state needs to be modified, use the following API call. Healthchecks. Updaehealthchecks.patch

When you need to modify the status confirmation, use the following API call.

• Cure
• Cure

Use the healthchecks.list API call to list status acknowledgments.

If you know the name of the status confirmation, you can use the healthchecks.get API call to get detailed configuration information.

When you need to modify the status confirmation, use the following API call.

• Cure
• Cure

Confirm previous status

Create previous state

In this partition, it describes how to generate the last state required by the network load analyzer.

Ke sell

The status confirmation page of GCP console shows all status confirmation and previous status confirmation, but GCP console cannot create the previous status confirmation. Use the GCP console's network load distributor page to create the previous state.

Gcloud

Use the next gcloud command to determine the previous state of the network load distributor.

gcloud gcloud

The meaning of each project is as follows.

5s 5s 2 80 /

API

You can use the following API calls in the network load analyzer to determine the previous state.

View and modify previous status

Ke sell

GCP console lists the status confirmation and the previous status confirmation in the status confirmation page. To modify an existing previous state, follow the next phase.

• Move from Google cloud playfor console to status confirmation page. Move to status confirmation page
• To view details, click status confirmation.
• To modify the status, click Edit and do the following. Change the parameters as required. Click Save.
• Change parameters as needed.
• Click save.
• Change parameters as needed.
• Click save.

Gcloud

Lists the previous state on the network load distributor.

gcloud gcloud

After confirming the previous state, use the appropriate gcloud command replaced by the name of legacy health check name to indicate the state confirmation.

gcloud gcloud

When you need to modify the previous state, use the correct gcloud command language instead of legacy health check name. When you use gcloud to modify the state, the default flag settings are preserved.

gcloud gcloud gcloud gcloud

Here... The other options are to generate the last status confirmation.

API

Lists the last state on the network load distributor.

If you know the name of the status confirmation, you can use the following API call to get the configuration details.

When you need to modify the previous state, use the next API call.

Firewall rules

If you want to allow traffic within the IP range of the status validator, you must make firewall rules for all VMS that can be assigned subordinates. In the following example, based on the target tag, make firewall rules that can be applied to VM instances. For details on specifying firewall rule objects, see the description of objects in firewall rule summary and network label composition.

tcp:80

Status confirmation rule

The next example is the firewall rule for the next load distributor.

• 35.191.0.0/16
35.191.0.0/16
• 130.211.0.0/22
130.211.0.0/22 35.191.0.0/16 130.211.0.0/22

To create a network load distribution rule, see network load distribution rules for the next sector.

Ke sell

• Move to the firewall rules page of our cloud playfor console. To the firewall rules page
• Click Create firewall rule.
• Enter the following information in the create firewall rule page: Please enter a rule name. This example uses FW allow health checks. Network: select VPC network. Priority: enter the number of priority. The lower the number, the higher the priority. Firewall rules must have a higher priority than other rules. Tracking direction: select ing. Action when consistent: allow. Target: select the specified target label text box. This example uses allow health checks. Source filter: select IP range. Source IP range: 35.191.0.0/16130.211.0.0.0/22 allowed protocols and ports: TCP. TCP is the base protocol for all status confirmation protocols. Click create.
• Name: enter a rule name. Use FW allow checks in this example
fw-allow-health-checks
• Network: select VPC network.
• Priority: enter the priority number. The lower the number, the higher the priority. Firewall rules must have a higher priority than other rules to reject gradients.
• Flow direction: select index.
• Operation when consistent: allowed.
• Target: select the specified object label and enter the label in the target label text box. Use allow health checks in this example
allow-health-checks
• Source filter: select IP range.
• Source IP range: 35.1910.0/16130.211.0.0/22
35.191.0.0/16,130.211.0.0/22
• Allowed protocols and ports: TCP. TCP is the basic protocol of all state confirmation protocols.
tcp
• Click make.
• Add network tags to the distributed instances to make the new grace firewall rules effective. In this example, use allow health checks with Network tags
allow-health-checks
• Name: enter a rule name. Use FW allow checks in this example
fw-allow-health-checks
• Network: select VPC network.
• Priority: enter the priority number. The lower the number, the higher the priority. Firewall rules must have a higher priority than other rules to reject gradients.
• Flow direction: select index.
• Operation when consistent: allowed.
• Target: select the specified object label and enter the label in the target label text box. Use allow health checks in this example
allow-health-checks
• Source filter: select IP range.
• Source IP range: 35.1910.0/16130.211.0.0/22
35.191.0.0/16,130.211.0.0/22
• Allowed protocols and ports: TCP. TCP is the basic protocol of all state confirmation protocols.
tcp
• Click make.
fw-allow-health-checks allow-health-checks 35.191.0.0/16,130.211.0.0/22 tcp allow-health-checks

Gcloud

Firewall rule for FW allow checks, which allows instant connections to the network through the allow health checks tab, uses the following gcloud command. Change network name to network name.

allow-health-checks fw-allow-health-checks gcloud allow-health-checks fw-allow-health-checks gcloud

Add network tags to the distributed instances to make the new grace firewall rules effective. In this example, use allow health checks with Network tags

allow-health-checks allow-health-checks

Please refer to gcloud firewall rule file and API document for details.

gcloud gcloud

Network load dispersion rule

The next example is the ingress firewall rule that needs to confirm the previous state of network load dispersion. In order to confirm the last state of network load dispersion, the source IP range is as follows.

• 35.191.0.0/16
35.191.0.0/16
• 209.85.152.0/22
209.85.152.0/22 209.85.204.0/22 35.191.0.0/16 209.85.152.0/22

209.85.204.0/22

209.85.204.0/22 209.85.204.0/22

Console

fw-allow-network-lb-health-checks allow-network-lb-health-checks 35.191.0.0/16, 209.85.152.0/22, 209.85.204.0/22 tcp allow-network-lb-health-checks

Gcloud

The firewall rule of FW allow network LB health checks, which allows instant connections to the network through the allow network LB health checks tag, uses the next gcloud command language. Change network name to network name.

allow-network-lb-health-checks fw-allow-network-lb-health-checks gcloud allow-network-lb-health-checks fw-allow-network-lb-health-checks gcloud

Add network tags to the distributed instances to make the new grace firewall rules effective. In this example, allow network LB health checks is used as the network tag.

allow-network-lb-health-checks allow-network-lb-health-checks

Please refer to gcloud firewall rule file and API document for details.

gcloud gcloud

Load distributor connection

Protocol and load separator

It is better for the protocol to use a state (or confirm the previous state) that matches the protocol used in the backend service or target pool of the subordinate distributed machine. However, the status confirmation protocol and the load separator protocol are not necessarily the same. For example:

TCP UDP

Confirm backend service status

This section describes how to connect the state acknowledgment of the following types of load distributors to back-end services.

This page assumes that the next task has been completed.

Ke sell

• Move to our cloud platform console's subordinate distributed page.
• Click load analyzer for details.
• Click crystal and then click backend configuration.
• Select status confirmation in the status confirmation menu.
• Click Update.

Gcloud

The back-end services that list the internal TCP / UDP load distributors execute the following commands. Identifies the name and revision of the back-end service.

The back-end services that list the distributors under the TCP proxy server will execute the following commands.

Listing the back-end services under SSL proxy will execute the following commands.

pathMatchers

Identify the status. View status as needed.

Connect the status confirmation to the back-end service. In the following directives, replace the backend service name with the backend service name and the health check name with the status confirmation name. This command replaces all state acknowledgments related to back-end services. In most cases, back-end services connect to only one state acknowledgment.

Use the following command to change the backend service state of the internal load distributor. The back-end service of the internal load distributor should be based on the revision, and region should be specified with this name.

API

• Use the backendservices.list API call to list back-end services.

Use the backendservices.list API call to list back-end services.

• Take a look at the status

Take a look at the status

• If you want to contact the back-end service with the state acknowledgment, use one in the next API call.

If you want to contact the back-end service with the state acknowledgment, use one of the following API calls.

• Basic tax
• Basic tax

Use the backendservices.list API call to list back-end services.

Take a look at the status

If you want to contact the back-end service with the state acknowledgment, use one of the following API calls.

• Basic tax
• Basic tax

Confirm the last state of network load dispersion

In this partition, in order to distribute the network load, a method of state confirmation is connected to the target pool. This page assumes that the next task has been completed.

• The network load analyzer is created.
• The last state has been confirmed.
• The firewall rules of network load distribution are formed.

If you want to connect the previous status confirmation to the new network load distribution machine, see network load distribution settings. When creating a new network load analyzer, you must connect the previous state to the target pool.

Ke sell

If you want to connect to an existing network load distributor, follow these steps.

• Move to our cloud platform console's subordinate distributed page.
• Click network load analyzer for details.
• Click crystal and then click backend configuration.
• Select existing status confirmation in the status confirmation menu. Only the last status that meets the criteria is displayed.
• Click Update.

Gcloud

If you want to connect to an existing network load distributor, follow these steps.

Identify the target pool. The network load analyzer has at least one target pool and may have a secondary backup pool.

API

Use the targetpools.list API call to list the top rewards.

Shield IP address range to solve the problem of status confirmation

In some cases, it's best to consciously confirm the status. Part of the problem solving activity that may cause some VMS to fail state acknowledgments, or part of the terminating program to fail state acknowledgments.

Temporarily shield the status to confirm the IP range's doom, force the status to confirm or confirm the previous status. In this example, iptables firewall software run by Linux VM is used to show the method of state confirmation failure.

iptables iptables

If you want the VM's state confirmation and existing state check to fail, execute the iptables instruction to change the health check port to the appropriate TCP port number in the following example. If you want to intentionally cause the probe to fail at the end of VM, please add the following iptables instruction in the exit script after corresponding delay according to the interval of status confirmation and abnormal threshold value.

iptables iptables iptables iptables

To clear the iptables rule, replace health check port with the TCP port for status confirmation to execute the next command.

iptables iptables