Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Service Instance Health Check

    In Contrail Release 3.0 and greater, a service instance health check can be used to determine the liveliness of a service provided by a virtual machine (VM).

    Health Check Overview

    The service instance health check is used to determine the liveliness of a service provided by a VM, checking whether the service is operationally up or down. The vRouter agent uses ping and an HTTP URL to the link-local address to check the liveliness of the interface.

    If the health check determines that a service is no longer operational, it removes the routes for the VM, thereby disabling packet forwarding to the VM.

    The service instance health check is used with service template Version 2.

    Health Check Object Configuration

    Table 1 shows the configurable properties of the health check object.

    Table 1: Health Check Configurable Parameters

    Field

    Description

    - enabled

    Indicates that health check is enabled. The default is False.

    - health-check-type

    Indicates the health check type: link-local or end-to-end. The default is link-local.

    - monitor-type

    The protocol type to be used: PING or HTTP.

    - delay

    The delay, in seconds, to repeat the health check.

    - timeout

    The number of seconds to wait for a response.

    - max-retries

    The number of retries to attempt before declaring an instance health down.

    - http-method

    When the monitor protocol is HTTP, the type of HTTP method used, such as GET, PUT, POST, and so on.

    - url-path

    When the monitor protocol is HTTP, the URL to be used. For all other cases, such as ICMP, the destination IP address.

    - expected-codes

    When the monitor protocol is HTTP, the expected return code for HTTP operations.

    Health Check Modes

    The following modes are supported for the service instance health check:

    • link-local—A local check for the service VM on the vRouter where the VM is running. In this case, the source IP of the packet is the service chain IP.
    • end-to-end—A remote address or URL is provided for a service health check through a chain of services. The destination of the health check probe is allowed to be outside the service instance. However, the health check probe must be reachable through the interface of the service instance where the health check is attached. The end-to-end health check probe is transmitted all the way to the actual destination outside the service instance. The response to the health check probe is received and processed by the service health check to evaluate the status.

      Restrictions include:

      • This check is applicable for a chain where the services are not scaled out.
      • When this mode is configured, a new health check IP is allocated and used as the source IP of the packet.
      • The health check IP is allocated per virtual-machine-interface of the service VM where the health check is attached.
      • The agent relies on the service-health-check-ip flag to use as the source IP.

      Note: End-to-end health check is not supported on a transparent service chain. However, a link-local health check is possible on a transparent service instance if the corresponding service instance interface is configured with its IP address.

    Creating a Health Check with the Contrail User Interface

    To create a health check with the Contrail Web UI:

    1. Navigate to Configure > Services > Health Check Service, and click to open the Create screen. See Figure 1.

      Figure 1: Create Health Check Screen

      Create Health Check Screen
    2. Complete the fields to define the permissions for the health check, see Table 2.

      Table 2: Create Health Check Fields

      Field

      Description

      Name

      Enter a name for the health check service you are creating.

      Protocol

      Select from the list the protocol to use for the health check, PING, HTTP, and so on.

      Monitor Target

      Select from the list the address of the target to be monitored by the health check.

      Delay (secs)

      The delay, in seconds, to repeat the health check.

      Timeout (secs)

      The number of seconds to wait for a response.

      Retries

      The number of retries to attempt before declaring an instance health down.

      Health Check Type

      Select from the list the type of health check—link-local or end-to-end.

    Using the Health Check

    A REST API can be used to create a health check object and define its associated properties, then a link is added to the VM interface.

    The health check object can be linked to multiple VM interfaces. Additionally, a VM interface can be associated with multiple health check objects. The following is an example:

    HealthCheckObject 1 ---------------- VirtualMachineInterface 1 ---------------- HealthCheckObject 2   
          |  
          |  
    VirtualMachineInterface 2 
    

    Health Check Process

    The Contrail vRouter agent is responsible for providing the health check service. The agent spawns a Python script to monitor the status of a service hosted on a VM on the same compute node, and the script updates the status to the vRouter agent.

    The vRouter agent acts on the status provided by the script to withdraw or restore the exported interface routes. It is also responsible for providing a link-local metadata IP for allowing the script to communicate with the destination IP from the underlay network, using appropriate NAT translations. In a running system, this information is displayed in the vRouter agent introspect at:

    http://<compute-node-ip>:8085/Snh_HealthCheckSandeshReq?uuid=

    Note: Running health check creates flow entries to perform translation from underlay to overlay. Consequently, in a heavily loaded environment with a full flow table, it is possible to observe false failures.

    Modified: 2016-11-14