Random failed_to_connect_to_backend errors on GCE LB

google-cloud-platformgoogle-compute-engineload balancing

I made a simple setup with two GCE instances behind a load balancer. But in the balancer logs, I can see random 502 responses with the following error:
"failed_to_connect_to_backend"

Al thought the last health check was fine with 200 response, and checking my nginx logs shows that the request didn't even get though the backend to nginx.

I'm unable to know what the issue is, are there any sort of logs showing why it failed to connect to the backend? is it a a health check issue? are there any health checks logs?

Best Answer

Have you configured keep alive timeout correctly?

A TCP session timeout, whose value is fixed at 10 minutes (600 seconds). This session timeout is sometimes called a keepalive or idle timeout, and its value is not configurable by modifying your backend service. You must configure the web server software used by your backends so that its keepalive timeout is longer than 600 seconds to prevent connections from being closed prematurely by the backend.

This is now in official GCP documentation. Recommended setting for nginx: KeepAliveTimeout 620. Recommended setting for Apache: keepalive_timeout 620s.

https://blog.percy.io/tuning-nginx-behind-google-cloud-platform-http-s-load-balancer-305982ddb340

https://cloud.google.com/compute/docs/load-balancing/http/

https://cloud.google.com/load-balancing/docs/https/#timeouts_and_retries

Related Solutions

Google Cloud: Health Check is not removing failed instance from HTTP Load Balancer

health checks managed instance groups VS health checks load balancing

The health checks used by managed instance groups are the same health checks used by load balancing, with some differences in behavior. Health checks that you apply to load balancing services help a load balancer determine where to direct network traffic. These health checks do not cause Compute Engine to recreate instances. Health checks that you apply to managed instance groups will proactively signal to the managed instance group to delete and recreate instances if they become UNHEALTHY.

For the majority of scenarios, use separate health checks for load balancing and for monitoring managed instance groups. Health checking for load balancing can and should be more aggressive since these health checks determine whether an instance receives user traffic. Since customers might rely on your services, you want to catch non-responsive instances quickly so you can redirect traffic if necessary. In contrast, health checking for instance groups will cause Compute Engine proactively replace failing instances so you could create health checks that are more conservative than health checks for a load balancer.

https://cloud.google.com/compute/docs/instance-groups/creating-groups-of-managed-instances#monitoring_groups

Google cloud http(s) load balancer returning 502 despite healthy backend service

Traffic from the load balancer to your instance is not enabled by default. Unfortunately this is not well documented, and really, when you create a load balancer this should happen automatically.

Try adding this firewall rule the network that your load balancer and VMs are on:

130.211.0.0/22   tcp:1-5000   Apply to all targets

Best Answer

Related Solutions

Google Cloud: Health Check is not removing failed instance from HTTP Load Balancer

Google cloud http(s) load balancer returning 502 despite healthy backend service

Related Topic