应用程序网关运行状况监视概述Application Gateway health monitoring overview

默认情况下,Azure 应用程序网关会监视其后端池中所有资源的运行状况,并自动从池中删除任何被视为不正常的资源。Azure Application Gateway by default monitors the health of all resources in its back-end pool and automatically removes any resource considered unhealthy from the pool. 应用程序网关持续监视不正常的实例,一旦这些实例恢复可用状态并能响应运行状况探测,应用程序网关就会将它们添加回到正常的后端池中。Application Gateway continues to monitor the unhealthy instances and adds them back to the healthy back-end pool once they become available and respond to health probes. 应用程序网关发送的运行状况探测所针对的端口与后端 HTTP 设置中定义的端口相同。Application gateway sends the health probes with the same port that is defined in the back-end HTTP settings. 此配置可确保探测所测试的端口即是客户用来连接到后端的端口。This configuration ensures that the probe is testing the same port that customers would be using to connect to the backend.

应用程序网关探测示例

除了使用默认的运行状况探测监视以外,还可以根据应用程序的要求自定义运行状况探测。In addition to using default health probe monitoring, you can also customize the health probe to suit your application's requirements. 本文介绍默认的和自定义的运行状况探测。In this article, both default and custom health probes are covered.

Note

本文进行了更新,以便使用新的 Azure PowerShell Az 模块。This article has been updated to use the new Azure PowerShell Az module. 你仍然可以使用 AzureRM 模块,至少在 2020 年 12 月之前,它将继续接收 bug 修补程序。You can still use the AzureRM module, which will continue to receive bug fixes until at least December 2020. 若要详细了解新的 Az 模块和 AzureRM 兼容性,请参阅新 Azure Powershell Az 模块简介To learn more about the new Az module and AzureRM compatibility, see Introducing the new Azure PowerShell Az module. 有关 Az 模块安装说明,请参阅安装 Azure PowerShellFor Az module installation instructions, see Install Azure PowerShell.

默认的运行状况探测Default health probe

如果未设置任何自定义探测配置,应用程序网关自动配置默认运行状况探测。An application gateway automatically configures a default health probe when you don't set up any custom probe configuration. 监视行为是向针对后端池配置的 IP 地址发出 HTTP 请求。The monitoring behavior works by making an HTTP request to the IP addresses configured for the back-end pool. 对于默认探测,如果后端 http 设置是针对 HTTPS 配置的,则探测也会使用 HTTPS 测试后端的运行状况。For default probes if the backend http settings are configured for HTTPS, the probe uses HTTPS as well to test health of the backends.

例如:将应用程序网关配置为使用 A、B 和 C 后端服务器来接收端口 80 上的 HTTP 网络流量。For example: You configure your application gateway to use back-end servers A, B, and C to receive HTTP network traffic on port 80. 默认运行状况监视每隔 30 秒对三台服务器进行测试,以获取正常的 HTTP 响应。The default health monitoring tests the three servers every 30 seconds for a healthy HTTP response. 正常的 HTTP 响应具有 200 到 399 的状态代码A healthy HTTP response has a status code between 200 and 399.

如果服务器 A 的默认探测检查失败,应用程序网关会从后端池删除该服务器,并且网络流量不再流向此服务器。If the default probe check fails for server A, the application gateway removes it from its back-end pool, and network traffic stops flowing to this server. 默认探测仍继续每隔 30 秒检查服务器 A。The default probe still continues to check for server A every 30 seconds. 当服务器 A 成功响应默认运行状况探测发出的请求时,将变为正常状态并重新添加回后端池,而流量也开始再次流向该服务器。When server A responds successfully to one request from a default health probe, it is added back as healthy to the back-end pool, and traffic starts flowing to the server again.

探测匹配Probe Matching

默认情况下,状态代码为 200 到 399 的 HTTP(S) 响应被视为正常。By default, an HTTP(S) response with status code between 200 and 399 is considered healthy. 自定义运行状况探测额外支持两个匹配条件。Custom health probes additionally support two matching criteria. 可根据需要使用条件匹配来修改构成正常响应的因素的默认解释。Matching criteria can be used to optionally modify the default interpretation of what constitutes a healthy response.

下面是匹配条件:The following are matching criteria:

  • HTTP 响应状态代码匹配 - 接受用户指定的 http 响应代码或响应代码范围的探测匹配条件。HTTP response status code match - Probe matching criterion for accepting user specified http response code or response code ranges. 支持逗号分隔的单个响应状态代码,或一系列状态代码。Individual comma-separated response status codes or a range of status code is supported.
  • HTTP 响应正文匹配 - 查找 HTTP 响应正文并匹配用户指定字符串的探测匹配条件。HTTP response body match - Probe matching criterion that looks at HTTP response body and matches with a user specified string. 该匹配操作只会在响应正文中确定是否存在用户指定的字符串,而不执行完整正则表达式匹配。The match only looks for presence of user specified string in response body and is not a full regular expression match.

可以使用 New-AzApplicationGatewayProbeHealthResponseMatch cmdlet 指定匹配条件。Match criteria can be specified using the New-AzApplicationGatewayProbeHealthResponseMatch cmdlet.

例如:For example:

$match = New-AzApplicationGatewayProbeHealthResponseMatch -StatusCode 200-399
$match = New-AzApplicationGatewayProbeHealthResponseMatch -Body "Healthy"

指定匹配条件后,可在 PowerShell 中使用 -Match 参数将其附加到探测配置。Once the match criteria is specified, it can be attached to probe configuration using a -Match parameter in PowerShell.

默认的运行状况探测设置Default health probe settings

探测属性Probe property Value 说明Description
探测 URLProbe URL http://127.0.0.1:<port>/ URL 路径URL path
时间间隔Interval 3030 发送下一个运行状况探测前需要等待的时间(以秒为单位)。The amount of time in seconds to wait before the next health probe is sent.
超时Time-out 3030 将探测标记为不正常前,应用程序网关等待探测响应的时间(以秒为单位)。The amount of time in seconds the application gateway waits for a probe response before marking the probe as unhealthy. 如果探测返回为正常,则相应的后端立即被标记为正常。If a probe returns as healthy, the corresponding backend is immediately marked as healthy.
不正常阈值Unhealthy threshold 33 控制在定期运行状况探测出现故障的情况下要发送的探测数。Governs how many probes to send in case there is a failure of the regular health probe. 快速连续发送这些额外的运行状况探测,以快速确定后端的运行状况,并且无需等待探测时间间隔。These additional health probes are sent in quick succession to determine the health of the backend quickly and do not wait for the probe interval. 连续探测失败计数达到不正常阈值后,后端服务器标记为故障。The back-end server is marked down after the consecutive probe failure count reaches the unhealthy threshold.

Note

该端口与后端 HTTP 设置的端口相同。The port is the same port as the back-end HTTP settings.

默认探测只查看 http://127.0.0.1:<端口> 来判断运行状况。The default probe looks only at http://127.0.0.1:<port> to determine health status. 如果需要配置运行状况探测以使其转到自定义 URL 或修改任何其他设置,必须使用自定义探测。If you need to configure the health probe to go to a custom URL or modify any other settings, you must use custom probes.

探测间隔Probe intervals

应用程序网关的所有实例探测相互独立的后端。All instances of Application Gateway probe the backend independent of each other. 相同的探测配置适用于每个应用程序网关实例。The same probe configuration applies to each Application Gateway instance. 例如,如果探测配置为每 30 秒发送运行状况探测,并且应用程序网关包含两个实例,则这两个实例均每隔 30 秒发送运行状况探测。For example, if the probe configuration is to send health probes every 30 seconds and the application gateway has two instances, then both instances send the health probe every 30 seconds.

此外,如果存在多个侦听器,则每个侦听器探测相互独立的后端。Also if there are multiple listeners, then each listener probes the backend independent of each other. 例如,如果有两个侦听器指向两个不同端口上的同一后端池(由两个后端 http 设置配置),则每个侦听器独立探测同一后端。For example, if there are two listeners pointing to the same backend pool on two different ports (configured by two backend http settings) then each listener probes the same backend independently. 在这种情况下,两个侦听器的每个应用程序网关实例都有两个探测。In this case, there are two probes from each application gateway instance for the two listeners. 如果此方案中的应用程序网关包含两个实例,则在每个配置的探测间隔中,可看到四个探测。If there are two instances of the application gateway in this scenario, the backend virtual machine would see four probes per the configured probe interval.

自定义的运行状况探测Custom health probe

使用自定义探测可以更精细地控制运行状况监视。Custom probes allow you to have a more granular control over the health monitoring. 使用自定义探测时,可以配置探测间隔、要测试的 URL 和路径,以及在将后端池实例标记为不正常之前可接受的失败响应次数。When using custom probes, you can configure the probe interval, the URL and path to test, and how many failed responses to accept before marking the back-end pool instance as unhealthy.

自定义的运行状况探测设置Custom health probe settings

下表提供自定义运行状况探测的属性的定义。The following table provides definitions for the properties of a custom health probe.

探测属性Probe property 说明Description
NameName 探测的名称。Name of the probe. 此名称用于在后端 HTTP 设置中引用探测。This name is used to refer to the probe in back-end HTTP settings.
协议Protocol 用于发送探测的协议。Protocol used to send the probe. 探测使用后端 HTTP 设置中定义的协议The probe uses the protocol defined in the back-end HTTP settings
主机Host 用于发送探测的主机名。Host name to send the probe. 仅在应用程序网关上配置了多站点的情况下适用,否则使用“127.0.0.1”。Applicable only when multi-site is configured on Application Gateway, otherwise use '127.0.0.1'. 此值与 VM 主机名不同。This value is different from VM host name.
路径Path 探测的相对路径。Relative path of the probe. 有效路径以“/”开头。The valid path starts from '/'.
时间间隔Interval 探测间隔(秒)。Probe interval in seconds. 此值是每两次连续探测之间的时间间隔。This value is the time interval between two consecutive probes.
超时Time-out 探测超时(秒)。Probe time-out in seconds. 如果在此超时期间内未收到有效响应,则将探测标记为失败。If a valid response is not received within this time-out period, the probe is marked as failed.
不正常阈值Unhealthy threshold 探测重试计数。Probe retry count. 连续探测失败计数达到不正常阈值后,后端服务器标记为故障。The back-end server is marked down after the consecutive probe failure count reaches the unhealthy threshold.

Important

如果在应用程序网关中设置了单站点,则默认情况下,除非已在自定义探测中进行配置,否则应将主机名指定为“127.0.0.1”。If Application Gateway is configured for a single site, by default the Host name should be specified as '127.0.0.1', unless otherwise configured in custom probe. 例如,自定义探测发送到 <协议>://<主机>:<端口><路径>。For reference a custom probe is sent to <protocol>://<host>:<port><path>. 所使用的端口与后端 HTTP 设置中定义的端口相同。The port used will be the same port as defined in the back-end HTTP settings.

NSG 注意事项NSG considerations

如果应用程序网关子网上存在网络安全组 (NSG),则必须在应用程序网关子网上打开端口范围 65503-65534,以便接收入站流量。If there is a network security group (NSG) on an application gateway subnet, port ranges 65503-65534 must be opened on the application gateway subnet for inbound traffic. 这些端口是确保后端运行状况 API 正常工作所必需的。These ports are required for the backend health API to work.

此外,不能阻止出站 Internet 连接,并且必须允许来自 AzureLoadBalancer 标记的入站流量。Additionally, outbound Internet connectivity can't be blocked, and inbound traffic coming from the AzureLoadBalancer tag must be allowed.

后续步骤Next steps

了解应用程序网关的运行状况监视后,可以在 Azure 门户中配置自定义运行状况探测,或使用 PowerShell 和 Azure Resource Manager 部署模型配置自定义运行状况探测After learning about Application Gateway health monitoring, you can configure a custom health probe in the Azure portal or a custom health probe using PowerShell and the Azure Resource Manager deployment model.