Health Check Types
- Last Updated: April 17, 2026
- 2 minute read
- LoadMaster
- LoadMaster GA
- Documentation
A number of different health check types are available. With the service health checks, the Real Servers are checked for the availability of the selected service. With TCP/UDP the check is simply a connect attempt.
Refer to the table below for a description of each. The default port for each health check type is listed in parenthesis, but users can specify any valid port to perform the health check on.
|
Type |
Description |
|---|---|
|
ICMP |
The LoadMaster sends ICMP echo requests (pings) to the Real Servers. A Real Server fails this check when it does not respond with an ICMP echo response in the configured response time for the configured number of retries. |
|
TCP Connection Only |
The LoadMaster attempts to open TCP-connection to the Real Server on the configured service port: it sends a TCP SYN packet to the server on the service port. The server passes the check if it responds with a TCP SYN ACK in the response time interval. In this case, the LoadMaster closes the connection by FIN, ACK. If the server fails to respond within the configured response time for the configured number of times, the server is assumed to be down. When using TCP Connection Only as the Real Server Check Method, the health check port will default to the port of the Virtual Service. |
|
FTP |
The LoadMaster opens a TCP connection to the Real Server on the Service port (port 21). If the server responds with a greeting message with status code 220, the LoadMaster sends a QUIT command to the server, closes the connection and marks it as active. If the server fails to respond within the configured response time for the configured number of times, or if it responds with a different status code, it is assumed down. |
|
TELNET |
The LoadMaster opens a TCP connection to the Real Server on the Service port (port 23). If the server responds with a command string beginning with the char ‘0xff’, the LoadMaster closes the connection and marks the server as active. If the server fails to respond within the configured response time for the configured number of times, or if it responds with a different command string, it is assumed down. For further information on the Check Parameters, refer to the Check Parameters section. |
|
SMTP |
The LoadMaster opens a TCP connection to the Real Server on the Service port (port 25). If the server responds with a greeting message with status code 220, the LoadMaster sends a QUIT command to the server, closes the connection and marks it as active. If the server fails to respond within the configured response time for the configured number of times, or if it responds with a different status code, it is assumed down. |
|
HTTP |
The LoadMaster opens a TCP connection to the Real Server on the Service port (port 80). The LoadMaster sends a HTTP/1.0 HEAD request the server, requesting the page “/”. If the server sends a HTTP response with a status code of 200-299, 301, 302 or 401 the LoadMaster closes the connection and marks the server as active. If the server fails to respond within the configured response time for the configured number of times, or if it responds with a different status code, it is assumed down. It is also possible to specify additional health check status codes which is considered up. This means that if the Real Server responds with one of these codes, the LoadMaster will see the Real Server service as up and can send traffic to it. This can be done using the Status Code field. For further information, please refer to the HTTP or HTTPS Protocol Health Checking section. HTTP 1.0 and 1.1 support is available. URL health checking is also available. HTTP 1.1 allows you to check host header enabled web servers. |
|
HTTPS |
The LoadMaster opens an SSL connection to the Real Server on the Service port (port 443). The LoadMaster sends a HTTP/1.0 HEAD request the server, requesting the page “/”. If the server sends a HTTP response with a status code of 200-299, 301, 302 or 401 the LoadMaster closes the connection and marks the server as active. If the server fails to respond within the configured response time for the configured number of times or if it responds with a different status code, it is assumed down. HTTP 1.0 and 1.1 support is available. HTTP 1.1 allows you to check host header enabled web servers. |
|
POP3 |
The LoadMaster opens a TCP connection to the Real Server on the Service port (port 110). If the server responds with a greeting message that starts with +OK, the LoadMaster sends a QUIT command to the server, closes the connection and marks it as active. If the server fails to respond within the configured response time for the configured number of times, or if it responds with a different status code, it is assumed down. |
|
NNTP |
The LoadMaster opens a TCP connection to the Real Server on the Service port (port 119). If the server responds with a greeting message with status code 200 or 201, the LoadMaster sends a QUIT command to the server, closes the connection and marks it as active. If the server fails to respond within the configured response time for the configured number of times, or if it responds with a different status code, it is assumed down. |
|
IMAP |
The LoadMaster opens a TCP connection to the Real Server on the Service port (port 143). If the server responds with a greeting message that starts with “+ OK” or “* OK”, the LoadMaster sends a LOGOUT command to the server, closes the connection and marks it as active. If the server fails to respond within the configured response time for the configured number of times, or if it responds with a different status code, it is assumed down. |
|
DNS |
The Name Server (DNS) Protocol value is only available in the Real Server Check Method drop-down list when the Virtual Service Protocol is set to udp. The LoadMaster performs nslookups against an A record on the server over UDP port 53. If the server successfully responds to the DNS query, the LoadMaster marks it as active. If the server fails to respond within the configured response time for the configured number of times or if it responds unsuccessfully to the A record request, it is assumed down. |
|
RDP |
By default, the remote terminal health check will use the Virtual Service port. The default ports for RDP are 3389 and 3391. RDP health checks start the same way as TCP Connection Only to confirm that the port is opened. After this, the LoadMaster checks if it can log in to the Real Server. No username or password is sent – it just checks to see if the service is listening. If a response is received, the Real Server is marked as up. If no response is received the Real Server is marked as down. |
|
Binary |
Specify a hexadecimal string to send to the Real Server. Specify a hexadecimal string which is searched for in the response sent back from the Real Server. If the LoadMaster finds the pattern in the response, the Real Server is considered up. Specify the number of bytes to search for the reply pattern within. There is no default port for this, as it is not a protocol-based check. |
|
LDAP |
Select an LDAP endpoint to use for the health check. The LDAP health check uses the LDAP credentials and protocol specified in the LDAP endpoint. The health check is run against the Real Server IP address and port. The LDAP health check comprises of a LoadMaster connecting to a Real Server and validating the specified user credentials. The health check is performed in two steps: Step 1: Check if the Real Server specified port is up and available. Step 2: Attempt to log in to the Real Server using the LDAP specified credentials. If step 1 and step 2 are true, the health check passes. If step 1 or step 2 fails, the health check fails. |
|
None |
No health checking is performed. |
By default, health checks are always seen from the interface address (the active LoadMaster if in High Availability (HA) mode, not the shared IP address). However they can be seen from the Virtual Service address in some scenarios. Production traffic may be seen from the client IP address, the Virtual Service address, or the interface address depending on the scenario. For further details, refer to the Routing Feature Description.
The LoadMaster uses health checks that can be specified in the WUI. By default, the best available health check is selected for the Virtual Service, based on the Service Type.
|
Service |
Port |
Protocol |
Layer |
|---|---|---|---|
|
FTP |
21 |
TCP |
Layer 4/Layer 7 |
|
TELNET |
23 |
TCP |
Layer 4/Layer 7 |
|
SMTP |
25 |
TCP |
Layer 4/Layer 7 |
|
HTTP |
80 |
TCP |
Layer 4/Layer 7 |
|
HTTPS |
443 |
TCP |
Layer 4/Layer 7 |
|
POP3 |
110 |
TCP |
Layer 4/Layer 7 |
|
NNTP |
119 |
TCP |
Layer 4/Layer 7 |
|
IMAP |
143 |
TCP |
Layer 4/Layer 7 |
|
DNS |
53 |
UDP |
Layer 4/Layer 7 |
|
ICMP |
N/A |
TCP |
Layer 3 |
|
TCP |
N/A |
TCP |
Layer 4 |
|
RDP |
3389 |
TCP |
Layer 7 |
|
LDAP |
389/636 |
UDP/TCP |
Layer 4/Layer 7 |
The Service Type selected may limit the available Real Server Check Method options. For example, the service type Remote Terminal will permit checking with Remote Terminal Protocol but this check method is not available for other service types.
For other ports, the LoadMaster uses Layer 4 health checks for TCP services and Layer 3 health checks for ICMP Ping for both TCP and UDP Virtual Services. The settings for the health checks can be changed from the default settings using the Virtual Service modify screen to accommodate non-standard settings. For example, one could run a HTTP service on port 8080 instead of 80, and change the health check to HTTP instead of the default Layer 4 check.