Only send traffic to the living
A load balancer should not send requests to a dead or struggling backend. Health checks are how it decides which instances are eligible.
Two ways to check
Active health checks probe each backend on a schedule, for example requesting a health endpoint every few seconds. A backend that fails enough probes is marked unhealthy and removed; once it passes again it returns. Active checks catch failures even when no user traffic is hitting that instance.
Passive health checks observe real request results. If live requests to a backend start failing or timing out, it is ejected without a separate probe. Passive checks react to exactly the conditions users experience.
Using both together
- Active checks notice silent failures and verify recovery.
- Passive checks react instantly to real user facing errors.
- Hysteresis, requiring several consecutive results, prevents flapping in and out of the pool.
Together they keep the pool accurate without overreacting to a single blip.
Key idea
Active health checks probe backends on a schedule while passive checks watch real traffic, and using both keeps the pool accurate.