Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Health Check

SUMMARY In Cloud-Native Contrail Networking (CN2) Release 22.3, a new health check custom resource object is introduced that associates the virtual machine interface (VMI) to the pod creation and update workflow. The health check resource is a namespace-scoped resource.

Health Check Overview

The Contrail vRouter agent provides the health check functionality. You can associate a ping or HTTP health check to an interface. If the health check fails, based on the timers and intervals configured in the health check object, the interface is set as administratively down and associated routes are withdrawn. Health check traffic continues to be transmitted in an administratively down state to allow for an interface to recover.

Create a Health Check Object

Use this procedure to create a health check object.

  1. In the deployment manifests from the Contrail Networking download page, use the hc.yaml file (shown below) for the YAML definition for health check objects. The same folder also includes the hc_pod.yaml which has the YAML definition to associate the health check object with VMI by means of pod definitions.

    Sample hc.yaml file:

  2. Complete the parameters to define the health check. Table 1 lists and explains the parameters.
    Table 1: Health Check Configurable Parameters
    Field Description
    Delay The delay, in seconds, to repeat the health check.
    DelayUsecs Time in micro seconds at which health check is repeated.
    Enabled Indicates that health check is enabled. The default is False.
    ExpectedCodes When the monitor protocol is HTTP, the expected return code for HTTP operations. Must be in the range of 200-299.
    HealthCheckType Indicates the health check type: link-local, end-to-end, segment, vn-ip-list, and end2end. The default is link-local.

    In both link-local and end-to-end modes, health check is executed for the pod on the vRouter where the VMI is running.

    HttpMethod When the monitor protocol is HTTP, the type of HTTP method used is GET.
    MaxRetries The number of retries to attempt before declaring an instance health down.
    MonitorType The protocol type to be used: PING, BFD, or TCP.
    Timeout The number of seconds to wait for a response.
    TimeoutUsecs Time in micro seconds to wait for response.
    UrlPath Must be a valid URL. For example, http://172.16.0.1/<path>, The IP address can be a placeholder which will be replaced with the pod link-local IP address or metadata IP address.

    Following is an abstract Golang schema for the health check resource.

    The YML representation for the Golang schema is:

  3. Link the health check object to the VMI by means of the pod annotation reference value core.juniper.net/health-check. The default behavior is to associate the health check with the primary interface.
  4. (Optional) To link the health check with multiple interfaces (attached to different NAD or VN), you can refer the health check object within the cni-args section. Following is an example of configured cni-args in annotations.

    Existing VMI objects will have a new field to reference the HealthCheck object.

    For the PING or HTTP monitoring-based health check minimum interval is 1second. If you need a sub-second level health check for critical applications, you can opt for the BFD-based monitoring type.

Health Check Process

The Contrail vRouter agent is responsible for providing the health check service. The agent spawns a health check probe process to monitor the status of a service hosted on the same compute node. Then the process updates the status to the vRouter agent.

The vRouter agent acts on the status provided by the script to withdraw or restore the exported interface routes. The agent is responsible for providing a link-local metadata IP address for allowing the script to communicate with the destination IP address from the underlay network, using appropriate NAT translations. In a running system, this information is displayed in the vRouter agent introspect at: