It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Application Firewall

Monitoring the Servers

  • Last updated on

Load balancing distributes requests to servers, sending subsequent requests from the same client to the same backend server. To prevent requests from being sent to an unresponsive server, the health of all backend servers must be monitored. The Barracuda Web Application Firewall monitors server health in three ways: by using In-Band, Out-of-Band, and Application Layer health checks. In-Band and Application Layer health checks can only change a server status to out-of-service from an online state, but Out-of-Band health checks, which perform periodic tests of all servers, allow a server state to change from out-of-service to online when the health checks succeed.

In-Band and Application Layer health checks are performed only if the parameter Enable OOB Health Checks is set to Yes for Out-of-Band health checks. This prevents servers from being marked out-of-service indefinitely. Disabling Out-of-Band health checks disables monitoring server health.

For detailed configuration instructions, see the online help by clicking Edit for the server on the BASIC > Services page.

In-Band Health Checks

In-Band health checks monitor a server’s connections and response to user traffic. The In-Band health check policy specifies Layer 4 and Layer 7 error thresholds. The server connections and responses are monitored for errors. When error counts exceed configured thresholds, the server is marked as out-of-service.

Servers marked out-of-service no longer receive requests. Traffic is routed to other load-balanced servers if configured. When no healthy server is available to serve a request, an error response is sent to the client.

In-Band monitoring is enabled by default, and default parameters are provided. The settings can be modified if desired. In-Band monitoring is disabled if Out-of-Band health checks are disabled.

Out-of-Band Health Checks

The Barracuda Web Application Firewall also monitors server health by sending requests at configured intervals that are independent of incoming traffic. Out-of-Band health checks are performed in addition to user-traffic connections. The Out-of-Band health check parameters specify Layer 4 and Layer 7 server monitoring.

If a server health check fails, the server is marked as out-of-service. Out-of-service servers continue to be sent data based on the Out-of-Band health check configuration. Therefore, when a health check succeeds, the server's status reverts to in-service. An out-of-service server can only be restored to service by using Out-of-Band health checks because In-Band checks require user traffic to be sent to the server, and user traffic is not sent to an out-of-service server.

  • A server marked out-of service will revert to in-service as soon as Out-of-Band health checks succeed. These checks are performed at configured intervals (by default 10 seconds).

    For example, consider "Enable OOB Health Checks" is set to Yes and the "Interval" is set to 10 seconds. The Barracuda Web Application Firewall sends a probe every 10 seconds to check the health of the server. If the server does not respond for 3 consecutive probes, it will be marked as down. Meanwhile, probes will be continued and the server is marked as up if subsequent probes are successful.

  • If a server is marked as out-of-service by In-Band monitoring, and OOB monitoring is also disabled for that service, then the server cannot be brought back to service without manual intervention. For this reason, In-Band monitoring will be disabled when Out-of-Band monitoring is disabled.

Application Layer Health Check

An Application Layer health check sends an HTTP request to verify the server is responding correctly. An expected HTTP response is required to maintain the server as healthy. Otherwise, the server is marked as out-of-service. The Application Layer health check settings specify the HTTP request type (URL, method, headers), and healthy response (status code, match content string).

The Application Layer health check is governed by the Out-Of-Band (OOB) module. To enforce the Application Layer health check policy, set Enable OOB Health Checks to Yes.

Last updated on