Showing posts with label OCI Load Balancer. Show all posts
Showing posts with label OCI Load Balancer. Show all posts

Wednesday, February 4, 2026

OCI Load Balancer Health Check Failing Despite Correct Security Rules? Here’s How to Fix It

 If you’re managing Oracle Cloud Infrastructure (OCI), you might have encountered a frustrating issue: your OCI Load Balancer backend health check fails even though your security lists, route tables, and firewall settings are correct.

In this blog, we’ll break down why this happens and provide a step-by-step solution.

Understanding the OCI Load Balancer Health Check

OCI Load Balancers periodically check the health of backend servers by sending requests to a specific port and protocol (TCP or HTTP). If the response is not as expected, the backend is marked unhealthy, and traffic is not routed to it.

Common symptoms of failing health checks:

  • Status: Connection failed

  • Status: Status code mismatch

  • Backend remains Critical in the OCI console

Even if all your network rules are correct, the LB may still mark the backend as unhealthy due to application-level issues.

Case Study: Health Check Failing Despite Correct Security Settings

Here’s an example scenario:

  • Backend VM private IP: **.**.**.**

  • OCI Load Balancer health check node IP: **.**.**.**

  • Security lists and NSGs are correctly configured to allow traffic from the LB subnet

  • Firewall on the VM is disabled

Yet, the LB health check reports:

Critical – Connection failed

Step 1: Check if the backend application is listening

Run:

ss -lntp | grep :80

  • If nothing is listening on the configured port, the health check will fail

  • In our case, starting Apache (httpd) fixed the “Connection failed” issue:

sudo systemctl start httpd
sudo systemctl enable httpd

Step 2: Check the HTTP response code

After starting the web server, the health check may still fail with:

Status code mismatch

Run a test from the backend VM:

curl -i http://10.24.139.43/

  • In our example, the response was:

HTTP/1.1 403 Forbidden

  • OCI expects HTTP 200 OK by default. A 403 indicates Apache cannot serve the requested page, even if the server is running.

Step 3: Fix Apache configuration and permissions

  1. Ensure Apache allows access to the DocumentRoot:

<Directory "/var/www/html">
    Options Indexes FollowSymLinks
    AllowOverride None
    Require all granted
</Directory>

  1. Create a simple index file to return HTTP 200:

sudo bash -c 'echo "<html><body><h1>OK</h1></body></html>" > /var/www/html/index.html'
sudo chmod 644 /var/www/html/index.html
sudo chown apache:apache /var/www/html/index.html
sudo systemctl restart httpd

  1. Test again:

curl -i http://10.24.139.43/

Output should be:

HTTP/1.1 200 OK
<html><body><h1>OK</h1></body></html>

Step 4: Verify LB health check

  • OCI Load Balancer will now mark the backend Healthy within 30–60 seconds

  • Traffic through the LB will work correctly for end users

Key Takeaways

  1. Security rules alone do not guarantee a healthy backend. Always check the application layer.

  2. 403 Forbidden or 404 Not Found responses will cause health check failures.

  3. Ensure the backend serves HTTP 200 OK on the health check path.

  4. Always test using curl or nc to simulate LB requests.

Conclusion

If your OCI Load Balancer health check is failing despite correct network settings, don’t panic. Most likely, the issue is at the application level — either the server is not listening, or the HTTP response is not 200 OK.

By ensuring your backend web server is running, the correct permissions are set, and a valid index page is served, your LB will pass the health checks, and traffic will flow smoothly.

at No comments:
Labels:

Monday, July 18, 2022

OCI load balancer redirection using Routing Policies

In Layman terms, load balancers helps in distributing the requests to the backend servers based upon certain algorithms. OCI Load Balancers helps in achieving high availability and scalability. Based upon our requirement we can induce multiple policies and application level health checks in OCI Load Balancer. In this post, i am going to demonstrate how we can leverage routing policies to redirect requests to backend servers using certain conditions. If you want to know how to create a Load balancer, you can refer to my earlier post https://samappsdba.blogspot.com/2020/05/configuring-oci-load-balancer-for-ebs.html

 I have a webserver1 with Public IP:-X.X.X.65. This is registered under DNS as dumka.tk 
I have an another webserver2 with Public IP:-X.X.X.61. This is registered under DNS as dumka.ml




Now i will create the Load balancer





I will add the backend later









Load balancer will now be created.

Add the backends now






Create listener for two backends






Now create the hostnames






Edit the listener and add the respective hostnames








Now Define the Routing Policies










At last, add the Public IP of the Load balancer to the DNS Zones.


Perform the testing








There are many other advanced configurations which we can use with our OCI Load Balancer for which we can go through the Advanced OCI LB Concepts. You can also refer my earlier post OCI LB Redirection on how i had used Path Route set for Load balance Redirection. This post is all about how using one Network load balancer, we can serve multiple websites using hostname and Routing policies. Hope this post helps someone. Keep learning cloud.
at No comments:
Labels: ,

Saturday, May 22, 2021

OCI Load Balancer redirection

 We all are aware that load balancers helps in distributing the requests to the backend servers based upon certain algorithms. OCI Load Balancers helps in achieving high availability and scalability. Based upon our requirement we can induce multiple policies and application level health checks in OCI Load Balancer. For information about OCI Load Balancer, you can go through Load Balancer. In this specific blog, i have tried to give the demonstration on how using Load Balancer advanced configurations such as Path Routes, Hostnames and Rule sets, we can redirect the request to specific backend server. In my earlier posts https://samappsdba.blogspot.com/2020/05/configuring-oci-load-balancer-for-ebs.html,i have explained how we can create a basic Load balancer in OCI.


I already have one public load balancer and one backend sets which comprises of two web servers webserver1 and webserver2. The web servers have the files webserver1.html and webserver2.html under the  /var/www/html path. 




As of now, if i type the public IP address of LB in the browser, it redirects me to the backend web server1 and webserver 2 as the algorithm choosen is Round Robin



And hit the ip address of the LB and it redirects me to second web server




 Upto this point Load balancer has the basic settings. Now i have two domains webserver1.tk and webserver2.tk 

The purpose would be to redirect the load to webserver1(webserver1.html) for the requests coming to webserver1.tk and redirect the load to webserver2(webserver2.html) for the requests coming to webserver2.tk. The handling of DNS queries are being served by OCI DNS Zones is out of scope for this post. I will cover the same in future posts.

First, under load balancer, i will create the specific hostnames.

Next, create 2 Path Route Set




next, create the rule sets








Now edit the listener which was created initially as part of OCI Load balancer setup and add an another listener. These two listeners will cater to two hostnames.



And then add the second listener








Now, if i hit the webserver.tk, the request is getting redirected to webserver/webserver1.html


test the same for webserver2.tk




There are many other advanced configurations which we can use with our OCI Load Balancer for which we can go through the Advanced OCI LB Config. The post was all about how using one flexible load balancer, we can serve multiple urls using hostnames, Path Routes and Rule sets. Hope this post helps someone. Keep learning cloud.














at 1 comment:
Labels: , ,
Subscribe to: Posts (Atom)