tencent cloud

Feedback

Setting 100.64.0.0/10 IP ‍Range as the Health Check IP

Last updated: 2024-01-04 14:34:05
    This document takes a TCP listener as an example to describe how to change the health check source IP address of a CLB instance from the CLB VIP to the 100.64.0.0/10 IP range.

    Use Cases

    1. Aggregating real server security groups The health check source IP is aggregated into the 100.64.0.0/10 IP range.
    2. Solving the problem of private network loopback in self-built Kubernetes cluster The K8s service needs to be exposed both inside and outside the cluster. The former is implemented through the cluster's internal load balancing (IPVS), and the latter is implemented through private network CLB. IPVS will bind the IP address of the private network CLB instance to a local interface, so that access to the instance address in the cluster is actually to use the IPVS load balancing in the cluster. In the TKE service, the private network CLB uses the CLB VIP as the health check source IP, which conflicts with the address bound to the IPVS in the native K8s implementation, resulting in the failure of private network CLB health check. Setting the health check source IP to the 100.64.0.0/10 IP range can avoid address conflicts and solve the problem of health check failures.

    Troubleshooting the Issue

    1. Log in to the CLB console.
    2. Select your region in the top-left corner of the Instance management page, find the target instance in the instance list, and click Configure listener in the Operation column.
    3. On the Listener management tab, find the target listener, and click the
    
    icon on the right to edit the listener.
    4. In the Edit listener pop-up window, click Next to go to the Health check tab.
    5. On the Health check tab, select 100.64.0.0/10 IP range as the health check source IP address, click Next, and click Submit.
    
    

    FAQs

    What are the advantages of using the 100.64.0.0/10 IP range as the health check source IP address?

    For CLB instances whose health check source IP address falls into the 100.64.0.0/10 IP range, you do not need to add this IP range to the allowlist of the security group of the associated real servers. If the real servers are configured with other security policies (such as iptables), this IP range must be added to the allowlist. Otherwise, health check failures may be caused.
    The security policy for real servers is aggregated to the 100.64.0.0/10 IP range.
    This IP range can prevent IP conflicts because it is a private IP range of Tencent Cloud and will not be allocated to users.

    Will a fixed IP address be used when I select the 100.64.0.0/10 IP range as the health source IP address?

    No. An IP address in the 100.64.0.0/10 IP range, instead of a fixed IP address, is used as the health check source IP address.

    References

    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support