by Malcolm Turnbull
Direct Routing aka. Direct Server Return (DSR) is a great load balancing method, the idea being that incoming traffic comes into the Virtual IP (VIP) on the load balancer.
Then all the load balancer does is change the destination MAC address of the packet (to one of the destination real servers in the pool) and flips it back to the switch which duefully delivers the packets to the selected real server.
The packet will say “Hello are you the VIP?”
Then the real server will say, “Get lost no I’m not!”.
Which is not overly useful, so we need to add a loopback adapter with the VIP address attached so the real server can accept the packet…
BUT UNDER NO CIRCUMSTANCES TELL THE NETWORK THAT IT THINKS IT OWNS THE VIP! (the arp problem).
Now up until Windows 2000 this all works fine, just set the interface metric to 254 to stop dodgy routing issues.
In Windows 2003 you also need to disable the firewall (or enable rules for the loopback adapter)
In Windows 2008 however we have a whole new way of controlling networking, and I must admit it looks like Microsoft finally have a sensible way of controlling network interfaces.
Weak and Strong Host Behaviour in Windows
“Windows XP and Windows Server® 2003 use the weak host model for sends and receives for all IPv4 interfaces and the strong host model for sends and receives for all IPv6 interfaces. You cannot configure this behaviour. The Next Generation TCP/IP stack in Windows Vista and Windows Server 2008 supports strong host sends and receives for both IPv4 and IPv6 by default.”
You still need to configure the loopback adapter with the VIP (but you don’t need to set the metric)
You still need to disable the firewall (or enable traffic to and from the loopback)
Then you need to use the following command line magic :
netsh interface ipv4 set interface "net" weakhostreceive=enabled
netsh interface ipv4 set interface "loopback" weakhostreceive=enabled
netsh interface ipv4 set interface "loopback" weakhostsend=enabled
Obviously first you will need to rename the specific adapters from the default of “Local Area Network Connection 1″ to either “net” or “loopback” respectively i.e.
I’ve still got some more research to do on this but it looks like you can do all sorts of cool routing tricks in the new Windows TCP/IP stack.
Just think if we didn’t have Linux to push the boundaries Microsoft may never have been able to copy the best features so well .
One last gotcha, if your server is set to automaticaly update the DNS server with its IP address then sometimes the DNS server will start giving the IP on the loopback adapter as your primary address! This is not good so disable automatic DNS entries on both the server and in the DNS management consoel. (will do a seperate blog on this when I have more test data.)