search

Azure / azure-cli

Azure Command-Line Interface
MIT License
3.99k stars 2.97k forks source link

Support NoHealthyBackend Feature on CLI #29136

Open mahipdeora opened 4 months ago

mahipdeora commented 4 months ago

Preconditions

Related command

az network lb probe create and az network lb probe update

Resource Provider

Microsoft.Network/loadBalancers

Description of Feature or Work Requested

NoHealthyBackendsBehavior is a feature that is configurable on Azure Load Balancer’s health probes. The feature, when enabled, sends new traffic to all backend VMs when all the instances are being probed down. For example, if a LB has a single VM in its backend pool, and the LB’s health probe is marking the VM as unhealthy, then this feature would send new traffic to the VM in the off chance that it is still healthy and is able to respond to traffic. This feature should be seen as a last resort for traffic being sent to VMs.

The feature has two values:

  1. AllProbedUp – This option will send new traffic to all backend instances when health probes for all the VMs are at 0%. This should be seen as a last resort in case one of the VMs is still able to serve traffic.
  2. AllProbedDown- This is the default behavior, and the behavior Azure Load Balancer has today. When all backend VMs are probing as unhealthy, no new connections will be sent to the VMs.

Minimum API Version Required

2024-01-01

Swagger PR link / SDK link

N/A

Request Example

{ "location": "eastus", "sku": { "name": "Standard" }, "tags": {"IsRemoteFrontend": true}, "properties": { "frontendIPConfigurations": [ { "name": "pipmahip3", "properties": { "publicIPAddress": { "id":"/subscriptions/6bb4a28a-db84-4e8a-b1dc-fabf7bd9f0b2/resourceGroups/deployment4/providers/Microsoft.Network/publicIPAddresses/testNOHB-lbPublicIP" } } } ], "backendAddressPools": [ { "name": "LoadBalancerBackEndPool", "properties": { } } ], "loadBalancingRules": [ { "name": "rulelb", "properties": { "frontendIPConfiguration": { "id": "/subscriptions/6bb4a28a-db84-4e8a-b1dc-fabf7bd9f0b2/resourceGroups/deployment4/providers/Microsoft.Network/loadBalancers/testNOHB-lb/frontendIPConfigurations/LoadBalancerFrontEnd" }, "frontendPort": 80, "backendPort": 80, "enableFloatingIP": true, "idleTimeoutInMinutes": 15, "protocol": "Tcp", "enableTcpReset": false, "loadDistribution": "Default", "backendAddressPool": { "id": "/subscriptions/6bb4a28a-db84-4e8a-b1dc-fabf7bd9f0b2/resourceGroups/deployment4/providers/Microsoft.Network/loadBalancers/testNOHB-lb/backendAddressPools/LoadBalancerBackEndPool" }, "probe": { "id": "/subscriptions/6bb4a28a-db84-4e8a-b1dc-fabf7bd9f0b2/resourceGroups/deployment4/providers/Microsoft.Network/loadBalancers/testNOHB-lb/probes/loadBalancerHealthProbe" } } } ], "probes": [ { "name": "LoadBalancerHealthProbe", "properties": { "protocol": "TCP", "port": 80, "intervalInSeconds": 5, "numberOfProbes": 2, "probeThreshold": 1, "noHealthyBackendsBehavior": "AllProbedUp" } } ] } }

Target Date

2024-07-05

PM Contact

mahipdeora

Engineer Contact

mahipdeora

Additional context

No response

yonzhan commented 4 months ago

Thank you for opening this issue, we will look into it.

mahipdeora commented 4 months ago

This is a critical ask from Temu and SAP, if we could try to meet the proposed date above that would be much appreciated.

mahipdeora commented 3 months ago

Hi @necusjz do we have any ETA for this work item?

Jacekey23 commented 3 months ago

Please evaluate if this item is SFI related work. CLI currently fully focus and is occupied with security efforts above other else.

Reaching out via email (dcaro and mingxuli@microsoft.com) if you think it's security-related or needs to be re-evaluated we are still happy to help.

cc: @yonzhan @necusjz