|
2 | 2 | title: Troubleshoot Azure Load Balancer resource health, frontend, and backend availability issues |
3 | 3 | description: Use the available metrics to diagnose your degraded or unavailable Azure Standard Load Balancer. |
4 | 4 | services: load-balancer |
5 | | -documentationcenter: na |
6 | 5 | author: mbender-ms |
7 | 6 | ms.service: load-balancer |
8 | 7 | ms.topic: article |
9 | | -ms.tgt_pltfrm: na |
10 | 8 | ms.workload: infrastructure-services |
11 | 9 | ms.date: 08/14/2020 |
12 | 10 | ms.author: mbender |
@@ -51,15 +49,15 @@ The next place we need to look is our health probe status metric to determine wh |
51 | 49 | Let's say we check our health probe status and find out that all instances are showing as unhealthy. This finding explains why our data path is unavailable as traffic has nowhere to go. We should then go through the following checklist to rule out common configuration errors: |
52 | 50 | * Check the CPU utilization for your resources to determine if they are under high load. |
53 | 51 | * You can check this by viewing the resource's Percentage CPU metric via the Metrics page. Learn how to [Troubleshoot high-CPU issues for Azure virtual machines](/troubleshoot/azure/virtual-machines/troubleshoot-high-cpu-issues-azure-windows-vm). |
54 | | -* If using an HTTP or HTTPS probe check if the application is healthy and responsive |
55 | | - * Validate application is functional by directly accessing the applications through the private IP address or instance-level public IP address associated with your backend instance |
56 | | -* Review the Network Security Groups applied to our backend resources. Ensure that there are no rules of a higher priority than AllowAzureLoadBalancerInBound that will block the health probe |
57 | | - * You can do this by visiting the Networking blade of your backend VMs or Virtual Machine Scale Sets |
58 | | - * If you find this NSG issue is the case, move the existing Allow rule or create a new high priority rule to allow AzureLoadBalancer traffic |
59 | | -* Check your OS. Ensure your VMs are listening on the probe port and review their OS firewall rules to ensure they aren't blocking the probe traffic originating from IP address `168.63.129.16` |
60 | | - * You can check listening ports by running `netstat -a` from a Windows command prompt or `netstat -l` from a Linux terminal |
61 | | -* Don't place a firewall NVA VM in the backend pool of the load balancer, use [user-defined routes](../virtual-network/virtual-networks-udr-overview.md#user-defined) to route traffic to backend instances through the firewall |
62 | | -* Ensure you're using the right protocol, if using HTTP to probe a port listening for a non-HTTP application the probe will fail |
| 52 | +* If using an HTTP or HTTPS probe check if the application is healthy and responsive. |
| 53 | + * Validate application is functional by directly accessing the applications through the private IP address or instance-level public IP address associated with your backend instance. |
| 54 | +* Review the Network Security Groups applied to our backend resources. Ensure that there are no rules of a higher priority than AllowAzureLoadBalancerInBound that will block the health probe. |
| 55 | + * You can do this by visiting the Networking blade of your backend VMs or Virtual Machine Scale Sets. |
| 56 | + * If you find this NSG issue is the case, move the existing Allow rule or create a new high priority rule to allow AzureLoadBalancer traffic. |
| 57 | +* Check your OS. Ensure your VMs are listening on the probe port and review their OS firewall rules to ensure they aren't blocking the probe traffic originating from IP address `168.63.129.16`. |
| 58 | + * You can check listening ports by running `netstat -a` from a Windows command prompt or `netstat -l` from a Linux terminal. |
| 59 | +* Don't place a firewall NVA VM in the backend pool of the load balancer, use [user-defined routes](../virtual-network/virtual-networks-udr-overview.md#user-defined) to route traffic to backend instances through the firewall, |
| 60 | +* Ensure you're using the right protocol. For example, a probe using HTTP to probe a port listening for a non-HTTP application fails. |
63 | 61 |
|
64 | 62 | If you've gone through this checklist and are still finding health probe failures, there may be rare platform issues impacting the probe service for your instances. In this case, Azure has your back and an automated alert is sent to our team to rapidly resolve all platform issues. |
65 | 63 |
|
|
0 commit comments