Troubleshooting Virtual Machine Instances Termination and Relaunch | Professional Cloud Architect Exam

C.

The best practice when configuration a health check is to check health and serve traffic on the same port.

However, it is possible to perform health checks on one port, but serve traffic on another.

If you do use two different ports, ensure that firewall rules and services running on instances are configured appropriately.

If you run health checks and serve traffic on the same port, but decide to switch ports at some point, be sure to update both the backend service and the health check.

Backend services that do not have a valid global forwarding rule referencing it will not be health checked and will have no health status.

The issue reported in the question suggests that the instance group is not able to sustain its running instances, and the instances are being terminated and relaunched every minute. This may happen due to a variety of reasons, including the unavailability of resources, application issues, or network connectivity problems. Therefore, to identify the root cause of the problem and ensure that the backend service is configured correctly, we need to perform some troubleshooting steps.

Out of the given options, the most suitable solution is Option C - Ensure that a firewall rule exists to allow load balancer health checks to reach the instances in the instance group. This option is the correct solution because it addresses the possible cause of the issue, i.e., the unavailability of health checks for the instance group.

To ensure that a firewall rule exists to allow load balancer health checks to reach the instances in the instance group, we can perform the following steps:

1. Verify the health check configuration: First, we need to verify the health check configuration for the load balancer. We can check the settings for the health check URL, protocol, and port.

2. Check the firewall rules: Next, we need to check the firewall rules for the instance group. We should ensure that there is a firewall rule that allows traffic from the load balancer to reach the instances in the instance group. Specifically, the rule should allow traffic from the IP address range used by the load balancer health check.

3. Check the backend service configuration: We also need to check the backend service configuration for the instance group. We should ensure that the backend service is correctly configured to route traffic from the load balancer to the instances in the instance group.

By following the above steps, we can identify and fix any issues with the firewall rules, health check configuration, or backend service configuration, which may be causing the problem. This will help ensure that the instance group can sustain its running instances and serve web traffic effectively.

Option A - Ensure that a firewall rule exists to allow source traffic on HTTP/HTTPS to reach the load balancer, is incorrect because it is not addressing the root cause of the problem, which is related to the health checks for the instance group.

Option B - Assign a public IP to each instance and configure a firewall rule to allow the load balancer to reach the instance public IP, is also incorrect. This solution will not help because the instances do not have a public IP address, and assigning a public IP may not be a viable solution for all situations.

Option D - Create a tag on each instance with the name of the load balancer. Configure a firewall rule with the name of the load balancer as the source and the instance tag as the destination, is also incorrect. This option may not be necessary to address the problem at hand, and it may not be the most effective way to ensure that the instance group can sustain its running instances.