Windows Network Load Balancing (NLB)

Network Load Balancer (NLB)


Network load balancing is an excellent feature of the Microsoft Server Family operating systems. It allows the setup to make use of a single IP address to balance the load between two or more machine.


In order to utilize the Windows Server Network load balancer, you will need two machines running windows server 2003/2008. Each machine needs to have at least one network card and at least one fixed IP address. For best performance, it is recommended that each machine has two adapters, one mapped to the real IP address and one mapped to the virtual IP address.  This is because, on a single adapter machine, if you configure NLB in Unicast mode then the adapter will be only in NLB use, no other network traffic could use that adapter but if you configure NLB in Multicast mode then all traffic would use that adapter and hence degrade the performance due to load on single adapter.
  • The basic requirements for setting up Network Load Balancing:-
  • Two or more servers running the same service (e.g. IIS)
  • Both the servers should have a Windows Server Operating System installed.
  • IIS should be installed and running on both the servers.
  • The IP addresses for both the servers should be static i.e. manually assigned (DHCP should not be used)

Step 1: Setting up Web Application on both servers
The first step is to ensure Web Application is setup and running on both the windows servers. Test whether both the applications are functioning properly. To check this fire up your browser on both machines and type http://localhost/WebApp/Login.aspx you should see the login page.


Step 2: Configure IP addresses

Unlike previous (win 2003 server) versions of NLB, the new version (in win 2008 server) has a central manager application that you can use to create a cluster from a single machine. Gone are the hassles of having to configure each machine manually, you can do it all from a single machine over the network which is a nice change.

 

WebServer1:

Dedicated IP: 192.168.1.115

Subnet Mask: 255.255.0.0

 

To create a virtual IP address (which would be assigned to NLB as Cluster IP), you need to pick an available IP address on the same class C network segment. In our case it would be:

 

Virtual IP: 192.168.1.130

Subnet Mask: 255.255.0.0




WebServer2:

Dedicated IP: 192.168.1.115

Subnet Mask: 255.255.0.0

 

Same virtual IP address would be added in Advance TCP/IP settings on WebServer2 server.

 

Virtual IP: 192.168.1.130

Subnet Mask: 255.255.0.0




In Win 2003 server, you need to enter Virtual IP manually in Advance TCP/IP settings, as shown in image below. While in Win 2008 server you don’t need to enter Virtual IP address manually, NLB configures these settings for you automatically.

 

 

Step 3: Configure Load Balancing IP address


Network Load Balanced clusters are built using the Network Load Balancing Manager which may be launched from the Start -> All Programs -> Administrative Tools menu or from a command prompt by executing nlbmgr. Once loaded, the manager will appear as shown in the following figure:


To pre-configure the account and password credentials to be used on each node in the cluster, select Options -> Credentials and enter an account and password. Note that the account must be a member of the administrators group. If default credentials are configured, the user will be prompted for account and password information each time a connection to a cluster node is established.
To begin the cluster creation process, right click on the Network Load Balancing Clusters entry in the left panel of the manager window and select the New Cluster menu option. This will display the New Cluster connection dialog. In this dialog, enter either the name or IP address of the first server to be included in the load balanced cluster and press the Connect button to establish a connection to that server. If the connection is successful the first server will be listed as shown below:


Clicking Next will display a warning that DHCP will be turned off for the network adapter of the specified host and that any necessary gateway information will need to be configured manually using the server's network connection properties dialog (accessible from the Control Panel). Subsequently, the Host Parameters screen will appear as shown below:


The Priority (unique host ID) is a number between 1 and 32 and serves two purposes. Firstly, the number provides a unique ID within the cluster to distinguish the server from other nodes. Secondly, it specifies the priority order of the cluster. The cluster node with the lowest priority is assigned to handle all traffic that is not covered by a port rule. All servers joining a cluster must have a unique ID. A new server attempting to join a cluster with a conflicting ID will be denied membership.
The Dedicated IP addresses fields are used when a single network adapter is used for both communication between cluster nodes and external network traffic. It is used to specify the host's unique IP address, which is used for non-cluster network traffic (i.e. direct connections to the specific server from outside the cluster without being affected by the Network Load Balancing). This must be a fixed IP address and not a DHCP address and as such should also be entered into the network properties dialog of the node. To configure dedicated IP addresses, click on the Add... button and enter the IP address and subnet mask (for example 255.255.0.0).

The next dialog called Cluster IP addresses allows you to add additional virtual IP addresses. This might be useful if you have a web server that is hosting multiple Web sites each of which is tied to a specific IP address. In our case, we don’t need any and can just click next as shown in figure below.




On this screen, IP address would be the virtual IP address. You may enter the domain name associated with the cluster in “full internet name”. If you have not registered any domain name or wish to use the IP address it leaves it blank.
Choose the appropriate Cluster operation mode. When Unicast is selected all the hosts (computers) in a cluster share an identical Unicast MAC address. Network Load Balancing overwrites the original MAC address of the cluster adapter with the Unicast MAC address that is assigned to all the cluster hosts. When multicast is selected the original MAC address is retained by each host in the cluster.
Once selection is complete, click Next to proceed to the Port Rules screen:



Network Load Balancing may be configured on a port by port basis or range of ports. For each port three options are available to control the forwarding of the traffic:
  • Single Host - Traffic to the designated port is forward to a single node in the cluster.
  • Multiple Hosts - Traffic to the designated port is distributed between the nodes in the cluster.
  • Disabled - No filtering is performed.


The available Client affinity settings are as follows:
  • Single - Requests from a single source IP address are directed to the same cluster node.
  • Network - Requests originating from within the same Class C network address range are directed to the same cluster node.
  • None - No client affinity. Requests are directed to nodes regardless of previous assignments.

After successfully configured WebServer1, we have to configure another host (WebServer2) on this NLB. To configure WebServer2, repeat steps (of Figures 5, 6, 7 and 9). Step 8 would be automatically omitted by NLB as Cluster Parameters for 192.168.1.130 would be same for all hosts in the cluster. Set WebServer2’s priority as 1 and WebServer1’s Priority as 5.
When both the servers are configured and their status in NLB become Converged, that mean NLB is properly configured and in working state.

The final step: Testing the setup

So it’s time to test whether it works, so go to the client system open the web browser and type the cluster IP address http://192.168.1.130/WebApp/Login.aspx and you’ll see the Login page stored in WebServer2 Server as its priority is 1. To check WebServer1 server, disable the network adapter of WebServer2 server (Control Panel -> Network Connections -> Right-click Local Area Connection and click disable) refresh the web browser on the client. Web application still working and all areas of the application are accessible.





Comments

Post a Comment

Popular posts from this blog

Data Bound Controls in ASP.Net - Part 4 (FormView and DetailsView controls)

FormView The FormView control is used to display a single record from a data source. It is similar to the DetailsView control, except it displays user-defined templates instead of row fields. Creating your own templates gives you greater flexibility in controlling how the data is displayed. The FormView control supports the following features: ·          Binding to data source controls, such as SqlDataSource and ObjectDataSource. ·          Built-in inserting, updating and deleting capabilities. ·          Built-in paging capabilities. ·          Programmatic access to the FormView object model to dynamically set properties, handle events, and so on. ·          Customizable appearance through user-defined templates, themes, and styles. Templates For the FormView control ...
Read more

JavaScript - ES2015 (aka ES6)

The ES2015 Since this long time passed between ES5.1 and ES6, the release is full of important new features and major changes in suggested best practices in developing JavaScript programs. To understand how fundamental ES2015 is, just keep in mind that with this version, the specification document went from 250 pages to ~600. In this blog, we describe the most important changes. Arrow Functions A new  this   scope Promises Generators let   and  const Classes Constructor Super Getters and setters Modules Importing modules Exporting modules Template Literals Default parameters The spread operator Destructuring assignments Enhanced Object Literals Simpler syntax to include variables Prototype super() Dynamic properties For-of loop Map and Set New String methods New Object methods Arrow functions Arrow functions since their introduction changed how most JavaScript code looks (and works). Visually, it’s a simple and welcome ...
Read more

The Clickjacking attack and X-Frame-Options

Clickjacking  Clickjacking is a type of “web framing” or “UI redressing” attack. What that simply means in practice is that: 1. A user (victim) is shown an innocuous, but enticing web page (think watch online video) 2. Another web page (that generally does something important – think add friends on social network) is layered on top of the first page and set to be transparent 3. When the user thinks they are clicking on the web page they see (video), they are actually clicking on the higher layered (framed) page that is transparent There are two main ways to prevent clickjacking: 1.     Sending the proper X-Frame-Options HTTP response headers that instruct the browser to not allow framing from other domains 2.     Employing defensive code in the UI to ensure that the current frame is the most top level window Using X-Frame-Options X-Frame-Options  originally invented by Microsoft for IE8, but supported by a number ...
Read more