Direct Routing aka. Direct Server Return on Windows 2008 using loopback adpter

Direct Routing aka. Direct Server Return (DSR) is a great load balancing method, the idea being that incoming traffic comes into the Virtual IP (VIP) on the load balancer.
Then all the load balancer does is change the destination MAC address of the packet (to one of the destination real servers in the pool) and flips it back to the switch which duefully delivers the packets to the selected real server.

The packet will say “Hello are you the VIP?”

Then the real server will say, “Get lost no I’m not!”.

Which is not overly useful, so we need to add a loopback adapter with the VIP address attached so the real server can accept the packet…
Now up until Windows 2000 this all works fine, just set the interface metric to 254 to stop dodgy routing issues.
In Windows 2003 you also need to disable the firewall (or enable rules for the loopback adapter)

In Windows 2008 however we have a whole new way of controlling networking, and I must admit it looks like Microsoft finally have a sensible way of controlling network interfaces.

Weak and Strong Host Behaviour in Windows
“Windows XP and Windows Server® 2003 use the weak host model for sends and receives for all IPv4 interfaces and the strong host model for sends and receives for all IPv6 interfaces. You cannot configure this behaviour. The Next Generation TCP/IP stack in Windows Vista and Windows Server 2008 supports strong host sends and receives for both IPv4 and IPv6 by default.”

You still need to configure the loopback adapter with the VIP (but you don’t need to set the metric)
You still need to disable the firewall (or enable traffic to and from the loopback)

Then you need to use the following command line magic :

netsh interface ipv4 set interface "net" weakhostreceive=enabled
netsh interface ipv4 set interface "loopback" weakhostreceive=enabled
netsh interface ipv4 set interface "loopback" weakhostsend=enabled

Obviously first you will need to rename the specific adapters from the default of “Local Area Network Connection 1″ to either “net” or “loopback” respectively i.e.

Or if you want look up the index number instead using the following command:
netsh interface ipv4 show interface

I’ve still got some more research to do on this but it looks like you can do all sorts of cool routing tricks in the new Windows TCP/IP stack.
Just think if we didn’t have Linux to push the boundaries Microsoft may never have been able to copy the best features so well :-).


One last gotcha, if your server is set to automaticaly update the DNS server with its IP address then sometimes the DNS server will start giving the IP on the loopback adapter as your primary address! This is not good so disable automatic DNS entries on both the server and in the DNS management consoel. (will do a seperate blog on this when I have more test data.)

20 thoughts on “Direct Routing aka. Direct Server Return on Windows 2008 using loopback adpter

  1. Hi! just wanted to say thanks, as this was the exact solution i was looking for!

    Windows 2008 network services changed alot since 2003 servers where released :)

    / Jakob.

  2. Thank you for the tip. I searched all over trying to get 2008 working with my Barracuda. This did the trick in seconds.

  3. Nice to see we are helping Barracuda customers :-).

    Just to confirm the two common errors with the netsh commands on Windows 2008 server:

    C:>netsh interface ipv4 set interface “net” weakhostreceive=enabled
    The filename, directory name, or volume label syntax is incorrect.

    i.e. the label doesnt exist/ misspelt / wrong case.

    C:>netsh interface ipv4 set interface 1 weakhostreceive=enabled
    The requested operation requires elevation.

    i.e. not enough permissions of user to run (needs to be admin)

  4. Pingback: Windows 2008 et les Loopback

  5. Pingback: Efficient High-Available LoadBalanced Cluster On CentOS 5.3 (Direct Routing Method) | Content delivery network

  6. Pingback: LVS – source IP

  7. Pingback: Re-writing/re-routing TCP packets for load balancing - Admins Goodies

  8. Pingback: LVS – source IP - Admins Goodies

  9. Pingback: Efficient High-Available LoadBalanced Cluster On CentOS 5.3 (Direct Routing Method) | Network Solution – Linux – windows – centos- security- cpanel – plesk -directadmin helm

  10. The IP address that you assign is the VIP (Virtual IP) that you want the load balanced server to respond to when using the DR Direct Routing / DSR Direct Servr Return method. BTW you can also assign multiple addresses on the loopback.

  11. On virtual 2008 R2 (hosted by hyperv) dont ping on loopback interface

    loopback interface ip 10.x.x.x

    weakhostreceive=enabled weakhostsend=enabled Ok on loopback interface

  12. Yes, You can have as many subnets as you like i.e. 1 VIP in your external subnet load balancing in DR mode to servers in 50 different subnets on the internal network. BUT it cannot pass through routing hops i.e. the subnets must all be directly attached or on the same switch fabric as the load balancer. If you have routers between the servers then you would be better off using TUN mode or a layer 7 proxy like HAProxy which Ltd is a contributor to:

  13. I have v6.18 load balancer and i was trying to set up load balancing a website. I have configured virtual ip and added real servers in it and its active now. The real servers are windows 2008 and i have added virtual ip on loop back adapter and changes the iis to listen virtual ip, enable weak host on both loopback and main interface. But the web site is not loading on virtual ip still… Could you please help me to sort this out?

    • Hi Praveen,

      Sorry we were unable to respond until now. Unfortunately we don’t monitor our Blogs to quite the same level as we would our support queue so you would be much better sending any and all questions direct to to get a super fast response. Hopefully your issues are now resolved but please do let us know should you have further questions.

      Kind Regards

      Aaron West
      Support Engineer

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Powered by sweet Captcha