After stepping through the tcpdump, we determined that the health checks are
Layer 4 TCP health checks where the load balancer doesn't provide any HTTP
request information whatsoever and closes the connection as soon as it is
established. Here is the play-by-play of tcpdump:
Source
The obvious question is, are these TCP health checks well-formed HTTP
requests or not?
I guess it's hard to snoop the exact contents of the request since
it's sent via SSL, but maybe you could configure it to send the exact
same health checks to port 80 via plain HTTP. Then you could use
Wireshark
Is there any reason why Tomcat running under the JSVC daemon using the
Apache Portable Runtime for SSL would act erratically to TCP health checks?
We are using a Juniper DX for load balancing that uses TCP health checks to
port 443 of a Tomcat instance in order to keep the machine in the forwardin
