Direct Routing aka. Direct Server Return on Windows 2008 using loopback adpter


Malcolm Turnbull by Malcolm Turnbull

Direct Routing aka. Direct Server Return (DSR) is a great load balancing method, the idea being that incoming traffic comes into the Virtual IP (VIP) on the load balancer.
Then all the load balancer does is change the destination MAC address of the packet (to one of the destination real servers in the pool) and flips it back to the switch which duefully delivers the packets to the selected real server.

The packet will say “Hello are you the VIP?”

Then the real server will say, “Get lost no I’m not!”.

Which is not overly useful, so we need to add a loopback adapter with the VIP address attached so the real server can accept the packet…
BUT UNDER NO CIRCUMSTANCES TELL THE NETWORK THAT IT THINKS IT OWNS THE VIP! (the arp problem).
Now up until Windows 2000 this all works fine, just set the interface metric to 254 to stop dodgy routing issues.
In Windows 2003 you also need to disable the firewall (or enable rules for the loopback adapter)

In Windows 2008 however we have a whole new way of controlling networking, and I must admit it looks like Microsoft finally have a sensible way of controlling network interfaces.

Weak and Strong Host Behaviour in Windows
“Windows XP and Windows Server® 2003 use the weak host model for sends and receives for all IPv4 interfaces and the strong host model for sends and receives for all IPv6 interfaces. You cannot configure this behaviour. The Next Generation TCP/IP stack in Windows Vista and Windows Server 2008 supports strong host sends and receives for both IPv4 and IPv6 by default.”

You still need to configure the loopback adapter with the VIP (but you don’t need to set the metric)
You still need to disable the firewall (or enable traffic to and from the loopback)

Then you need to use the following command line magic :

netsh interface ipv4 set interface "net" weakhostreceive=enabled
netsh interface ipv4 set interface "loopback" weakhostreceive=enabled
netsh interface ipv4 set interface "loopback" weakhostsend=enabled

Obviously first you will need to rename the specific adapters from the default of “Local Area Network Connection 1″ to either “net” or “loopback” respectively i.e.

win2008networkinterfaces
Or if you want look up the index number instead using the following command:
netsh interface ipv4 show interface

I’ve still got some more research to do on this but it looks like you can do all sorts of cool routing tricks in the new Windows TCP/IP stack.
Just think if we didn’t have Linux to push the boundaries Microsoft may never have been able to copy the best features so well :-) .

References:

http://microsoft.com/technet/community/columns/cableguy/cg0206.mspx

http://microsoft.com/technet/community/columns/cableguy/cg0206.mspx

http://www.microsoft.com/technet/technetmag/issues/2007/09/CableGuy/

One last gotcha, if your server is set to automaticaly update the DNS server with its IP address then sometimes the DNS server will start giving the IP on the loopback adapter as your primary address! This is not good so disable automatic DNS entries on both the server and in the DNS management consoel. (will do a seperate blog on this when I have more test data.)

20 Responses to “Direct Routing aka. Direct Server Return on Windows 2008 using loopback adpter”

  1. Sander Says:

    i noticed a little typo: weakhostrecieve -> weakhostreceive ;-)

  2. Malcolm Turnbull Malcolm Turnbull Says:

    Thanks, not sure how I missed that…

  3. Jakob Hviid Says:

    Hi! just wanted to say thanks, as this was the exact solution i was looking for!

    Windows 2008 network services changed alot since 2003 servers where released :)

    / Jakob.

  4. Chris Sim Says:

    Thank you for the tip. I searched all over trying to get 2008 working with my Barracuda. This did the trick in seconds.

  5. Malcolm Turnbull Malcolm Says:

    Nice to see we are helping Barracuda customers :-) .

    Just to confirm the two common errors with the netsh commands on Windows 2008 server:

    C:>netsh interface ipv4 set interface “net” weakhostreceive=enabled
    The filename, directory name, or volume label syntax is incorrect.

    i.e. the label doesnt exist/ misspelt / wrong case.

    C:>netsh interface ipv4 set interface 1 weakhostreceive=enabled
    The requested operation requires elevation.

    i.e. not enough permissions of user to run (needs to be admin)

  6. Windows 2008 et les Loopback Says:

    [...] http://blog.loadbalancer.org//direct-server-return-on-windows-2008-using-loopback-adpter/ [...]

  7. Efficient High-Available LoadBalanced Cluster On CentOS 5.3 (Direct Routing Method) | Content delivery network Says:

    [...] See following link for more information http://blog.loadbalancer.org/direct-server-return-on-windows-2008-using-loopback-adpter/ [...]

  8. LVS – source IP Says:

    [...] was a Windows 2008 server, which was configured initially using this Web site for [...]

  9. Re-writing/re-routing TCP packets for load balancing - Admins Goodies Says:

    [...] – some articles you may want to look at include this one stating some of the negatives and this one explaining the process in more detail as it relates to Windows Server 2008. Basically, whatever [...]

  10. LVS – source IP - Admins Goodies Says:

    [...] was a Windows 2008 server, which was configured initially using this Web site for [...]

  11. Efficient High-Available LoadBalanced Cluster On CentOS 5.3 (Direct Routing Method) | Network Solution – Linux – windows – centos- security- cpanel – plesk -directadmin helm Says:

    [...] See following link for more information http://blog.loadbalancer.org/direct-server-return-on-windows-2008-using-loopback-adpter/ [...]

  12. Nick Says:

    It may be obvious, but this is also necessary for Windows 7 real servers.

  13. User Says:

    what ip address do you assign on the loopback interface on Win2008? would it be the realserver ip?

  14. Malcolm Turnbull Malcolm Turnbull Says:

    The IP address that you assign is the VIP (Virtual IP) that you want the load balanced server to respond to when using the DR Direct Routing / DSR Direct Servr Return method. BTW you can also assign multiple addresses on the loopback.

  15. oregon Says:

    On virtual 2008 R2 (hosted by hyperv) dont ping on loopback interface

    loopback interface ip 10.x.x.x 255.255.255.255

    weakhostreceive=enabled weakhostsend=enabled Ok on loopback interface

  16. oregon Says:

    All ok — ignore last message … thk

  17. Anand Says:

    If the real server ip address is of different subnet from vip, still the DSr will work?

  18. Malcolm Turnbull Malcolm Turnbull Says:

    Yes, You can have as many subnets as you like i.e. 1 VIP in your external subnet load balancing in DR mode to servers in 50 different subnets on the internal network. BUT it cannot pass through routing hops i.e. the subnets must all be directly attached or on the same switch fabric as the load balancer. If you have routers between the servers then you would be better off using TUN mode or a layer 7 proxy like HAProxy which Loadbalancer.org Ltd is a contributor to: http://haproxy.1wt.eu/contrib.html

  19. Praveen Says:

    I have v6.18 load balancer and i was trying to set up load balancing a website. I have configured virtual ip and added real servers in it and its active now. The real servers are windows 2008 and i have added virtual ip on loop back adapter and changes the iis to listen virtual ip, enable weak host on both loopback and main interface. But the web site is not loading on virtual ip still… Could you please help me to sort this out?

  20. Aaron West Aaron West Says:

    Hi Praveen,

    Sorry we were unable to respond until now. Unfortunately we don’t monitor our Blogs to quite the same level as we would our support queue so you would be much better sending any and all questions direct to support@loadbalancer.org to get a super fast response. Hopefully your issues are now resolved but please do let us know should you have further questions.

    Kind Regards

    Aaron West
    Support Engineer
    Loadbalancer.org

Leave a Reply

Powered by sweetCaptcha