A NetScaler unmodified udp-ecv monitor continues to pass with the server being shut down or unreachable.

There are two approaches to properly using the udp-ecv probe:

1. Modify the data that the probe sends to the service, and modify the string that the probe expects to receive. This data should be valid for the protocol being used, and should accurately match conditions on the service that genuinely indicate a healthy state.

For example, when creating a udp-ecv monitor to check the health of DNS servers, the Data string to send should conform to a valid DNS request, such as an Address record request for a valid hostname.

Then, the data entered into the Response string should contain at least a partial string of the valid response, such as the IP address.

2. Combine the default udp-ecv monitor with another monitor, such as a ping probe. This ensures that an ICMP Unreachable response from the server causes the service to go into a DOWN state, as well as require an actual response from the server.

Problem Cause

The udp-ecv monitor, if it has not been modified to expect a particular string in the service's response, will assume the service is in an UP state if it receives no response to its probes. Only in the case where the probe is answered with an Internet Control Message Protocol (ICMP) “Port Unreachable” error will the monitor declare the service is down.

This is because UDP does not provide a mechanism for determining a connection state, so there is no way to judge whether or not a particular UDP port is being listened to.

This can ultimately mean that common service problems, such as routing black holes, or even completely disconnected servers can cause the probe to appear to pass as a false positive.

It is important to note that when creating a UDP service, the NetScaler defaults to using an ICMP Ping probe, which does require a valid response to consider the service in an UP state.

If a udp-ecv probe is later added, the default ping probe is removed. Therefore to use both simultaneously, they both need to be manually added.