After you enable health checks of Server Load Balancer (SLB), when one backend ECS instance is declared as unhealthy, requests are forwarded to other normal ECS instances. When the faulty ECS instance becomes normal, SLB forwards requests to the ECS instance again.

For layer-7 SLB service, when an ECS instance is declared as unhealthy, you can troubleshoot problems from the following aspects:

  • Make sure you can directly access your service through the ECS instance.
  • Make sure the backend port you configured in the listener is opened on the backend server.
  • Check whether the backend ECS instance has installed a firewall or other security protection software. This type of software may block the local IP address of the SLB service, and thus disable the communication between the SLB service and the backend server.
  • Check whether the SLB health check parameters are correctly set. We recommend that you use default health check settings.
  • We recommend that you use a static page for health checks. If the static page you use is not the default health check page of the backend ECS instance, you must set this page as the health check page in health check configurations. We recommend that you use a simple HTML page for health checks and use the page only for checking health check responses. We do not recommend that you use dynamic scripting languages such as php.
  • Check whether the backend ECS instance has high loads, which can slow the response speed of the ECS instance.

Besides, because the layer-7 SLB service communicates with the backend ECS instance through intranet, the ECS instance must listen the intranet or all-network ports. You can check the ECS instance with the following methods:

  1. Check whether the listening function is normal.

    Assume that the frontend port of SLB and backend port of the ECS instance are both 80. The ECS intranet IP address is 10.11.192.1. Run the following command on the server. If you can see the monitoring information of 10.1.1.192.1: 80, or the monitoring information of 0.0.0.0: 80, the listening function of the ports is normal.

    • Windows server: netstat -ano | findstr :80
    • Linux server: netstat -anp | grep :80
  2. Check whether the intranet firewall of the server allows port 80. You can disable the firewall temporarily to do a test. Enter the following command to disable the firewall.
    • Windows: firewall.cpl
    • Linux: /etc/init.d/iptables stop
  3. Check whether the backend port is normal.
    • For layer-4 SLB service, you can perform a telnet test. If you receive responses, the backend port is normal. Example: Use telnet 10.11.192.1 80 to test.
    • For layer-7 SLB service, you can determine whether the port is normal by checking the HTTP status code received. The HTTP status code must be a status code that indicates a normal condition, such as 200. The test methods are as follows:
      • Windows: Access the intranet IP address of the ECS instance. In this example, access http://10.11.192.1.
      • Linux: Run the curl -I command and check whether the status is HTTP/1.1 200 OK. In this example, run curl -I 10.11.192.1.