Service Instance Health Check
In Contrail Release 3.0 and greater, a service instance health check can be used to determine the liveliness of a service provided by a virtual machine (VM).
Health Check Overview
The service instance health check is used to determine the liveliness of a service provided by a VM, checking whether the service is operationally up or down. The vRouter agent uses ping and an HTTP URL to the link-local address to check the liveliness of the interface.
If the health check determines that a service is no longer operational, it removes the routes for the VM, thereby disabling packet forwarding to the VM.
The service instance health check is used with service template Version 2.
Health Check Object Configuration
Table 1 shows the configurable properties of the health check object.
Table 1: Health Check Configurable Parameters
Field | Description |
|---|---|
- enabled | Indicates that health check is enabled. The default is False. |
- health-check-type | Indicates the health check type: link-local or end-to-end. The default is link-local. |
- monitor-type | The protocol type to be used: PING or HTTP. |
- delay | The delay, in seconds, to repeat the health check. |
- timeout | The number of seconds to wait for a response. |
- max-retries | The number of retries to attempt before declaring an instance health down. |
- http-method | When the monitor protocol is HTTP, the type of HTTP method used, such as GET, PUT, POST, and so on. |
- url-path | When the monitor protocol is HTTP, the URL to be used. For all other cases, such as ICMP, the destination IP address. |
- expected-codes | When the monitor protocol is HTTP, the expected return code for HTTP operations. |
Health Check Modes
The following modes are supported for the service instance health check:
- link-local—A local check for the service VM on the vRouter where the VM is running. In this case, the source IP of the packet is the service chain IP.
- end-to-end—A remote address
or URL is provided for a service health check through a chain of services.
The destination of the health check probe is allowed to be outside
the service instance. However, the health check probe must be reachable
through the interface of the service instance where the health check
is attached. The end-to-end health check probe is transmitted all
the way to the actual destination outside the service instance. The
response to the health check probe is received and processed by the
service health check to evaluate the status.
Restrictions include:
- This check is applicable for a chain where the services are not scaled out.
- When this mode is configured, a new health check IP is allocated and used as the source IP of the packet.
- The health check IP is allocated per virtual-machine-interface of the service VM where the health check is attached.
- The agent relies on the service-health-check-ip flag to use as the source IP.
Note: End-to-end health check is not supported on a transparent service chain. However, a link-local health check is possible on a transparent service instance if the corresponding service instance interface is configured with its IP address.
Creating a Health Check with the Contrail User Interface
To create a health check with the Contrail Web UI:
- Navigate to Configure > Services > Health Check Service, and click to open the Create screen. See Figure 1.
Figure 1: Create Health Check Screen
- Complete the fields to define the permissions for the
health check, see Table 2.
Table 2: Create Health Check Fields
Field
Description
Name
Enter a name for the health check service you are creating.
Protocol
Select from the list the protocol to use for the health check, PING, HTTP, and so on.
Monitor Target
Select from the list the address of the target to be monitored by the health check.
Delay (secs)
The delay, in seconds, to repeat the health check.
Timeout (secs)
The number of seconds to wait for a response.
Retries
The number of retries to attempt before declaring an instance health down.
Health Check Type
Select from the list the type of health check—link-local or end-to-end.
Using the Health Check
A REST API can be used to create a health check object and define its associated properties, then a link is added to the VM interface.
The health check object can be linked to multiple VM interfaces. Additionally, a VM interface can be associated with multiple health check objects. The following is an example:
HealthCheckObject 1 ---------------- VirtualMachineInterface 1 ---------------- HealthCheckObject 2
|
|
VirtualMachineInterface 2
Health Check Process
The Contrail vRouter agent is responsible for providing the health check service. The agent spawns a Python script to monitor the status of a service hosted on a VM on the same compute node, and the script updates the status to the vRouter agent.
The vRouter agent acts on the status provided by the script to withdraw or restore the exported interface routes. It is also responsible for providing a link-local metadata IP for allowing the script to communicate with the destination IP from the underlay network, using appropriate NAT translations. In a running system, this information is displayed in the vRouter agent introspect at:
http://<compute-node-ip>:8085/Snh_HealthCheckSandeshReq?uuid=
| Note: Running health check creates flow entries to perform translation from underlay to overlay. Consequently, in a heavily loaded environment with a full flow table, it is possible to observe false failures. |
