Unhealthy state actions Requirements and considerations Monitoring Example Modify target group health settings Using Route 53 DNS failover for your load balancer

Target group health

By default, a target group is considered healthy as long as it has at least one healthy target. If you have a large fleet, having only one healthy target serving traffic is not sufficient. Instead, you can specify a minimum count or percentage of targets that must be healthy, and what actions the load balancer takes when the healthy targets fall below the specified threshold. This improves availability.

Unhealthy state actions

You can configure healthy thresholds for the following actions:

DNS failover – When the healthy targets in a zone fall below the threshold, we mark the IP addresses of the load balancer node for the zone as unhealthy in DNS. Therefore, when clients resolve the load balancer DNS name, the traffic is routed only to healthy zones.
Routing failover – When the healthy targets in a zone fall below the threshold, the load balancer sends traffic to all targets that are available to the load balancer node, including unhealthy targets. This increases the chances that a client connection succeeds, especially when targets temporarily fail to pass health checks, and reduces the risk of overloading the healthy targets.

Requirements and considerations

You can't use this feature with target groups where the target is a Lambda function. If the Application Load Balancer is the target of a Network Load Balancer or Global Accelerator, do not configure a threshold for DNS failover.
If you specify both types of thresholds for an action (count and percentage), the load balancer takes the action when either threshold is breached.
If you specify thresholds for both actions, the threshold for DNS failover must be greater than or equal to the threshold for routing failover, so that DNS failover occurs either with or before routing failover.
If you specify the threshold as a percentage, we calculate the value dynamically, based on the total number of targets that are registered with the target groups.
The total number of targets is based on whether cross-zone load balancing is off or on. If cross-zone load balancing is off, each node sends traffic only to the targets in its own zone, which means that the thresholds apply to the number of targets in each enabled zone separately. If cross-zone load balancing is on, each node sends traffic to all targets in all enabled zones, which means that the specified thresholds apply to the total number targets in all enabled zones.
With DNS failover, we remove the IP addresses for the unhealthy zones from the DNS hostname for the load balancer. However, the local client DNS cache might contain these IP addresses until the time-to-live (TTL) in the DNS record expires (60 seconds).
When DNS failover occurs, this impacts all target groups associated with the load balancer. Ensure that you have enough capacity in your remaining zones to handle this additional traffic, especially if cross-zone load balancing is off.
With DNS failover, if all load balancer zones are considered unhealthy, the load balancer sends traffic to all zones, including the unhealthy zones.
There are factors other than whether there are enough healthy targets that might lead to DNS failover, such as the health of the zone.

Monitoring

To monitor the health of your target groups, see CloudWatch metrics for target group health.

Example

The following example demonstrates how target group health settings are applied.

Scenario

A load balancer that supports two Availability Zones, A and B
Each Availability Zone contains 10 registered targets
The target group has the following target group health settings:
- DNS failover - 50%
- Routing failover - 50%
Six targets fail in Availability Zone B

If cross-zone load balancing is off

The load balancer node in each Availability Zone can send traffic only to the 10 targets in its Availability Zone.
There are 10 healthy targets in Availability Zone A, which meets the required percentage of healthy targets. The load balancer continues to distribute traffic between the 10 healthy targets.
There are only 4 healthy targets in Availability Zone B, which is 40% of the targets for the load balancer node in Availability Zone B. Because this is less than the required percentage of healthy targets, the load balancer takes the following actions:
- DNS failover - Availability Zone B is marked as unhealthy in DNS. Because clients can't resolve the load balancer name to the load balancer node in Availability Zone B, and Availability Zone A is healthy, clients send new connections to Availability Zone A.
- Routing failover - When new connections are sent explicitly to Availability Zone B, the load balancer distributes traffic to all targets in Availability Zone B, including the unhealthy targets. This prevents outages among the remaining healthy targets.

If cross-zone load balancing is on

Each load balancer node can send traffic to all 20 registered targets across both Availability Zones.
There are 10 healthy targets in Availability Zone A and 4 healthy targets in Availability Zone B, for a total of 14 healthy targets. This is 70% of the targets for the load balancer nodes in both Availability Zones, which meets the required percentage of healthy targets.
The load balancer distributes traffic between the 14 healthy targets in both Availability Zones.

Modify target group health settings

You can modify the target group health settings for your target group as follows.

To modify target group health settings using the console

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
In the navigation pane, under Load Balancing, choose Target Groups.
Choose the name of the target group to open its details page.
On the Attributes tab, choose Edit.
Check whether cross-zone load balancing is turned on or turned off. Update this setting as needed to ensure that you have enough capacity to handle the additional traffic if a zone fails.
Expand Target group health requirements.
For Configuration type, we recommend that you choose Unified configuration, which sets the same threshold for both actions.
For Healthy state requirements, do one of the following:
- Choose Minimum healthy target count, and then enter a number from 1 to the maximum number of targets for your target group.
- Choose Minimum healthy target percentage, and then enter a number from 1 to 100.
Choose Save changes.

To modify target group health settings using the AWS CLI

Use the modify-target-group-attributes command. The following example sets the healthy threshold for both unhealthy state actions to 50%.


aws elbv2 modify-target-group-attributes \
--target-group-arn arn:aws:elasticloadbalancing:region:123456789012:targetgroup/my-targets/73e2d6bc24d8a067 \
--attributes Key=target_group_health.dns_failover.minimum_healthy_targets.percentage,Value=50 \
  Key=target_group_health.unhealthy_state_routing.minimum_healthy_targets.percentage,Value=50

Using Route 53 DNS failover for your load balancer

If you use Route 53 to route DNS queries to your load balancer, you can also configure DNS failover for your load balancer using Route 53. In a failover configuration, Route 53 checks the health of the target group targets for the load balancer to determine whether they are available. If there are no healthy targets registered with the load balancer, or if the load balancer itself is unhealthy, Route 53 routes traffic to another available resource, such as a healthy load balancer or a static website in Amazon S3.

For example, suppose that you have a web application for www.example.com, and you want redundant instances running behind two load balancers residing in different Regions. You want the traffic to be primarily routed to the load balancer in one Region, and you want to use the load balancer in the other Region as a backup during failures. If you configure DNS failover, you can specify your primary and secondary (backup) load balancers. Route 53 directs traffic to the primary load balancer if it is available, or to the secondary load balancer otherwise.

Using evaluate target health

When evaluate target health is set to Yes on an alias record for an Application Load Balancer, Route 53 evaluates the health of the resource specified by the alias target value. For an Application Load Balancer, Route 53 uses the target group health checks associated with the load balancer.
When all the target groups in an Application Load Balancer are healthy, Route 53 marks the alias record as healthy. If a target group contains at least one healthy target, the target group health check passes. Route 53 then returns records according to your routing policy. If the failover routing policy is used, Route 53 returns the primary record.
If any of the target groups in an Application Load Balancer are unhealthy, the alias record fails the Route 53 health check (fail-open). If using evaluate target health, this would fail the failover routing policy.
If all of the target groups in an Application Load Balancer are empty (no targets), then Route 53 considers the record unhealthy (fail-open). If using evaluate target health, this would fail the failover routing policy.

For more information, see Configuring DNS failover in the Amazon Route 53 Developer Guide.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Cross-zone load balancing