Target group health - Elastic Load Balancing
Unhealthy state actionsRequirements and considerationsExampleModify target group health settingsConnection termination for unhealthy targetsUsing Route 53 DNS failover for your load balancer

Target group health

By default, a target group is considered healthy as long as it has at least one healthy target. If you have a large fleet, having only one healthy target serving traffic is not sufficient. Instead, you can specify a minimum count or percentage of targets that must be healthy, and what actions the load balancer takes when the healthy targets fall below the specified threshold. This improves availability.

Unhealthy state actions

You can configure healthy thresholds for the following actions:

  • DNS failover – When the healthy targets in a zone fall below the threshold, we mark the IP addresses of the load balancer node for the zone as unhealthy in DNS. Therefore, when clients resolve the load balancer DNS name, the traffic is routed only to healthy zones.

  • Routing failover – When the healthy targets in a zone fall below the threshold, the load balancer sends traffic to all targets that are available to the load balancer node, including unhealthy targets. This increases the chances that a client connection succeeds, especially when targets temporarily fail to pass health checks, and reduces the risk of overloading the healthy targets.

Requirements and considerations

  • If you specify both types of thresholds for an action (count and percentage), the load balancer takes the action when either threshold is breached.

  • If you specify thresholds for both actions, the threshold for DNS failover must be greater than or equal to the threshold for routing failover, so that DNS failover occurs either with or before routing failover.

  • If you specify the threshold as a percentage, we calculate the value dynamically, based on the total number of targets that are registered with the target groups.

  • The total number of targets is based on whether cross-zone load balancing is off or on. If cross-zone load balancing is off, each node sends traffic only to the targets in its own zone, which means that the thresholds apply to the number of targets in each enabled zone separately. If cross-zone load balancing is on, each node sends traffic to all targets in all enabled zones, which means that the specified thresholds apply to the total number targets in all enabled zones. For more information, see Cross-zone load balancing.

  • With DNS failover, we remove the IP addresses for the unhealthy zones from the DNS hostname for the load balancer. However, the local client DNS cache might contain these IP addresses until the time-to-live (TTL) in the DNS record expires (60 seconds).

  • When DNS failover occurs, this impacts all target groups associated with the load balancer. Ensure that you have enough capacity in your remaining zones to handle this additional traffic, especially if cross-zone load balancing is off.

  • With DNS failover, if all load balancer zones are considered unhealthy, the load balancer sends traffic to all zones, including the unhealthy zones.

  • There are factors other than whether there are enough healthy targets that might lead to DNS failover, such as the health of the zone.

Example

The following example demonstrates how target group health settings are applied.

Scenario

  • A load balancer that supports two Availability Zones, A and B

  • Each Availability Zone contains 10 registered targets

  • The target group has the following target group health settings:

    • DNS failover - 50%

    • Routing failover - 50%

  • Six targets fail in Availability Zone B

If cross-zone load balancing is off

  • The load balancer node in each Availability Zone can send traffic only to the 10 targets in its Availability Zone.

  • There are 10 healthy targets in Availability Zone A, which meets the required percentage of healthy targets. The load balancer continues to distribute traffic between the 10 healthy targets.

  • There are only 4 healthy targets in Availability Zone B, which is 40% of the targets for the load balancer node in Availability Zone B. Because this is less than the required percentage of healthy targets, the load balancer takes the following actions:

    • DNS failover - Availability Zone B is marked as unhealthy in DNS. Because clients can't resolve the load balancer name to the load balancer node in Availability Zone B, and Availability Zone A is healthy, clients send new connections to Availability Zone A.

    • Routing failover - When new connections are sent explicitly to Availability Zone B, the load balancer distributes traffic to all targets in Availability Zone B, including the unhealthy targets. This prevents outages among the remaining healthy targets.

If cross-zone load balancing is on

  • Each load balancer node can send traffic to all 20 registered targets across both Availability Zones.

  • There are 10 healthy targets in Availability Zone A and 4 healthy targets in Availability Zone B, for a total of 14 healthy targets. This is 70% of the targets for the load balancer nodes in both Availability Zones, which meets the required percentage of healthy targets.

  • The load balancer distributes traffic between the 14 healthy targets in both Availability Zones.

Modify target group health settings

You can modify the target group health settings for your target group as follows.

To modify target group health settings using the console

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. In the navigation pane, under Load Balancing, choose Target Groups.

  3. Choose the name of the target group to open its details page.

  4. On the Attributes tab, choose Edit.

  5. Check whether cross-zone load balancing is turned on or turned off. Update this setting as needed to ensure that you have enough capacity to handle the additional traffic if a zone fails.

  6. Expand Target group health requirements.

  7. For Configuration type, we recommend that you choose Unified configuration, which sets the same threshold for both actions.

  8. For Healthy state requirements, do one of the following:

    • Choose Minimum healthy target count, and then enter a number from 1 to the maximum number of targets for your target group.

    • Choose Minimum healthy target percentage, and then enter a number from 1 to 100.

  9. Choose Save changes.

To modify target group health settings using the AWS CLI

Use the modify-target-group-attributes command. The following example sets the healthy threshold for both unhealthy state actions to 50%.

aws elbv2 modify-target-group-attributes \
--target-group-arn arn:aws:elasticloadbalancing:region:123456789012:targetgroup/my-targets/73e2d6bc24d8a067 \
--attributes Key=target_group_health.dns_failover.minimum_healthy_targets.percentage,Value=50 \
  Key=target_group_health.unhealthy_state_routing.minimum_healthy_targets.percentage,Value=50

Connection termination for unhealthy targets

Connection termination is enabled by default. When the target of a Network Load Balancer fails the configured health checks and is deemed unhealthy, the load balancer terminates established connections and stops routing new connections to the target. With connection termination disabled the target is still considered unhealthy and won't receive new connections, but established connections are kept active, allowing them to gracefully close.

Connection termination for unhealthy targets can be set individually for each target group.

To modify the connection termination setting using the console

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. In the navigation pane, under Load Balancing, choose Target Groups.

  3. Choose the name of the target group to open its details page.

  4. On the Attributes tab, choose Edit.

  5. Under Target unhealthy state management, choose whether Terminate connections when targets become unhealthy is enabled or disabled.

  6. Choose Save changes.

To modify the connection termination setting using the AWS CLI

Use the modify-target-group-attributes command with the target_health_state.unhealthy.connection_termination.enabled attribute.

Unhealthy draining interval

Important

Connection termination must be disabled before enabling unhealthy draining interval.

Targets in the unhealthy.draining state are considered unhealthy, do not receive new connections, but retain established connections for the configured interval. The unhealthy connection interval determines the amount of time the target remains in the unhealthy.draining state before it's state becomes unhealthy. If the target passes health checks during the unhealthy connection interval, it's state becomes healthy again. If a deregistration is triggered, the targets state becomes draining and the deregistration delay timeout begins.

The unhealthy draining interval can be set individually for each target group.

To modify the unhealthy draining interval using the console

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. In the navigation pane, under Load Balancing, choose Target Groups.

  3. Choose the name of the target group to open its details page.

  4. On the Attributes tab, choose Edit.

  5. Under Target unhealthy state management, make sure Terminate connections when targets become unhealthy is turned off.

  6. Enter a value for Unhealthy draining interval.

  7. Choose Save changes.

To modify the unhealthy draining interval using the AWS CLI

Use the modify-target-group-attributes command with the target_health_state.unhealthy.draining_interval_seconds attribute.

Using Route 53 DNS failover for your load balancer

If you use Route 53 to route DNS queries to your load balancer, you can also configure DNS failover for your load balancer using Route 53. In a failover configuration, Route 53 checks the health of the target group targets for the load balancer to determine whether they are available. If there are no healthy targets registered with the load balancer, or if the load balancer itself is unhealthy, Route 53 routes traffic to another available resource, such as a healthy load balancer or a static website in Amazon S3.

For example, suppose that you have a web application for www.example.com, and you want redundant instances running behind two load balancers residing in different Regions. You want the traffic to be primarily routed to the load balancer in one Region, and you want to use the load balancer in the other Region as a backup during failures. If you configure DNS failover, you can specify your primary and secondary (backup) load balancers. Route 53 directs traffic to the primary load balancer if it is available, or to the secondary load balancer otherwise.

Using evaluate target health

  • When evaluate target health is set to Yes on an alias record for a Network Load Balancer, Route 53 evaluates the health of the resource specified by the alias target value. For a Network Load Balancer, Route 53 uses the target group health checks associated with the load balancer.

  • When all the target groups in a Network Load Balancer are healthy, Route 53 marks the alias record as healthy. If a target group contains at least one healthy target, the target group health check passes. Route 53 then returns records according to your routing policy. If the failover routing policy is used, Route 53 returns the primary record.

  • If any of the target groups in a Network Load Balancer are unhealthy, the alias record fails the Route 53 health check (fail-open). If using evaluate target health, this would fail the failover routing policy.

  • If all of the target groups in a Network Load Balancer are empty (no targets), then Route 53 considers the record unhealthy (fail-open). If using evaluate target health, this would fail the failover routing policy.

For more information, see Configuring DNS failover in the Amazon Route 53 Developer Guide.