With the explosive growth of the Internet and its increasingly important role in our lives, the traffic on the Internet is increasing dramatically, which has been growing at over 100% annual rate. The workload on the servers is increasing rapidly so that servers will be easily overloaded for a short time, especially for a popular web server. To overcome the overloading problem of the servers, there are two solutions. One is the single server solution, i.e. to upgrade the server to a higher performance server, but it will soon be overloaded when requests increases so that we have to upgrade it again, the upgrading process is complex and the cost is high. The other is the multi-server solution, i.e. to build a scalable server on a cluster of servers. When load increases, we can simply add a new server or more into cluster to meet the increasing requests. However, there are several methods to construct the cluster of servers.

Now the widely used one is Round-Robin DNS, which maps a single name to the different IP address in a round-robin manner; thus different clients will be mapped to different servers in the cluster for the ideal situation. In this way, the load is distributed among the servers. However, due to the scheduling granularity is per host, different users' access pattern may lead to dynamic load imbalance. Moreover, it is not so reliable, when a server node fails, the clients who maps the name to the IP address will find the server is down, and the problem still exists even if they press "reload" or "refresh" button in their browsers.

An even better way is to use a load balancer to distribute load among servers in a cluster. The parallel services of servers can be made to appear as a virtual service on a single IP address, so that the end users see a virtual server, not a cluster of servers. The scheduling granularity is per connection, which can make a sound load balance among the servers. Fails can be masked when one server or more fail. Server management is becoming easy, and administrator can take a server or more in and out of service at any time, which won't interrupt services to users.

Load balancing can be done in two levels, application-level and IP-level. For example, a reverse proxy is an application-level load balancing method to build a scalable web server. They forward the HTTP request to the different web servers in the cluster, get back the result, and then return it to the clients. Since the overhead of dealing the HTTP requests and replies in the application-level is high, the application-level load balancer will be a new bottleneck when the number of server nodes increase to 4 or more, which depends on the throughput of each server.

The overhead of IP load balancing is small and the maxim number of server nodes can reach easily to more than 100, and IP-level load balancing will have less latency than application level load balancing. The other obvious advantage is that it can support any kind of TCP/IP applications at the same time, whether it is HTTP/HTTPS, or Telnet, or video/audio streaming, or for enterprise applications, CORBA, Tuxedo, CICS, and whether the protocol is UDP or TCP, the IP level load balance can handle well. Application-level load balancing is application specific, for example, a reverse-proxy cannot be used as a telnet proxy. For a new application, most likely you will have to create a corresponding new application load balance server.

The side effect of load balance server is fail-over. When a node in a cluster goes down, load balance server can detect it and remove the server from the cluster. New coming connections will re-direct to other servers in the cluster. And when the server comes back, it will be added to the cluster again. As long as there are still working nodes in the cluster, user will not even notice this. So the whole usability of the site can be very high.

1.2 Main IP level load balance technology

For an IP level load balance server, how to dispatch the IP packets to servers in the cluster will affect the topology, configuration and performance of the whole cluster. Here’s the three technologies used in TriLoad Balancer.

1.2.1 Network Address Translation

In NAT mode, the service IP address will be configured on the load balance server. When a client sends request packets, the NAT server will convert the destination address to the address of the real server chosen and relay the packets to the real server, when the real server replies, the load balance server will change the source address, which is now the address of the real server to the service IP address and send the packets back.

The advantage of the virtual server via NAT is that real servers can run any operating system that supports TCP/IP protocol, real servers can use private Internet addresses, and only an IP address is needed for the load balancer.

The disadvantage is that the scalability of the load balance server via NAT is limited. The load balancer may be a bottleneck of the whole system when the number of server nodes increase to around 20 or more, because both the request packets and response packets are need to be rewritten by the load balancer.

1.2.2 Direct Routing

Not like NAT, in which request and response packets all need to pass through the load balancer, the load balancer in direct routing mode just schedules requests to the different real servers, and the real servers return replies directly to the users. Since in most applications, request will have far less bytes than response, so the load balancer can handle huge amount of requests, comparing to NAT. Thus using direct routing will greatly increase the maximum number of server nodes for a load balancer. The maximum throughput of the load balancer can reach over 1Gbps, even if the load balancer just has 100Mbps full-duplex network adapter.

The direct routing feature uses MAC-spoofing technology, so it requires that one of the load balancer's interfaces and the real servers' interfaces must be in the same IP network segment, and physical segment as well.

1.2.3 IP Tunneling

Like in the load balancer via direct routing approach, it processes only the client-to-server half of a connection, and the response packets can follow separate network routes to the clients.

The disadvantage is that all servers must have "IP Tunneling"(IP Encapsulation) protocol enabled. Well the advantage is since servers connect each other using IP Tunnel, the load balancer and real servers can resides on different LAN, or even WAN.

1.3 Elements of load balance server

The load balance server boosts the performance of servers by directing TCP/IP requests to different servers within a group of servers; in this way, it balances the requests among all the servers. This load balancing is transparent to users or any client applications; it is transparent to server application as well.

The whole load balance cluster consists the following elements.

1.3.1 Load Balancer Core

The core of the load balance server to relay user requests to real server.

1.3.2 VIP

Virtual IP address, or service IP address. Other than the base address of the load balance server, which should not be visible to outside and be used internally, such as admin through the web interface, VIP can be accessed from outside. One Load Balancer can have many VIPs.

1.3.3 Service

Combination of protocol, VIP and port, which is public to outside for client to access. The load balance server will route the packets of the service sent by clients to the real server. There could be more multiple virtual services on the same VIP.

1.3.4 Master Load Balancer(Enterprise)

The master server in the cluster. It can copy working status to the backup server in real time. When the master server becomes up again after it going down and being taken over, it can take over the backup server manually, or automatically according to the force take-over setting.

1.3.5 Backup Load Balancer(Enterprise)

The backup server in the cluster. It can copy work status from master server in real time. It will standby until the master becomes down.

1.3.6 Real Server

A TCP/IP application server, which will finally respond to the user request to the service. Such as a web sever, ftp server, etc. A cluster can have many real servers.

1.3.7 Monitor

A daemon program checks the health of the real servers periodically. When the status of real server changes, the monitor will call alert programs specified. Different types of monitors can check different TCP/IP applications, or different aspect of a real server. For example, http monitor, ping monitor, etc. According to the service type, a default monitor will be added to a new service, for HTTP service, it will be a http monitor, and for other services, it will be a connect monitor.

A monitor can have parameters, different monitors have different parameters. For example, an http monitor will have URL as one of its parameters, and ping will have server as its parameter. See appendix d for detail.

1.3.8 Alert

Alert is a program being called when the status of real server changes. The most useful alerts are:

l lb alert: when real server becomes down or becomes up, it can control the load balance server to delete or add real server. This Alert is added for newly added service automatically.

l mail alert: send mail to inform the event.

Like monitor, alert can also have parameters, see appendix D for detail.

1.3.9 Scheduler

The algorism used to decide which real server will be used to the new coming connection.

1. rr: Round Robin, distribute jobs equally amongst the available real servers

2. wrr: Weighted Round Robin, assign jobs to real servers proportionally to real servers’ weight. Servers with higher weights receive new jobs first and get more jobs than servers with lower weights. Servers with equal weights get an equal distribution of new jobs

3. lc: Least-Connection, assign more jobs to real servers with fewer active jobs

4. wlc: Weighted Least-Connection, assign more jobs to servers with fewer jobs and relative to the real servers' weight. This is the default

5. lblc: Locality-Based Least-Connection, assign jobs destined for the same IP address to the same server if the server is not overloaded and available; otherwise assign jobs to servers with fewer jobs, and keep it for future assignment.

6. lblcr: Locality-Based Least-Connection with Replication, assign jobs destined for the same IP address to the least-connection node in the server set for the IP address. If all the node in the server set are over loaded, it picks up a node with fewer jobs in the cluster and adds it in the sever set for the target. If the server set has not been modified for the specified time, the most loaded node is removed from the server set, in order to avoid high degree of replication.

7. dh: Destination Hashing, assign jobs to servers through looking up a statically assigned hash table by their destination IP addresses.

8. sh: Source Hashing, assign jobs to servers through looking up a statically assigned hash table by their source IP addresses.

1.3.10 Persistent

Specify that a virtual service is persistent. If this option is specified, multiple requests from a client are redirected to the same real server selected for the first request. Optionally, the timeout of persistent sessions may be specified given in seconds. This option may be used in conjunction with protocols such as SSL or FTP where it is important that clients consistently connect with the same real server; or client does not keep long TCP/IP socket connection, but still keep session information on the server, such as HTTP WEB applications using cookies. When the port of the virtual service is set to 0, it is wild-card port, means the load balance server will transmit connection to any port, and persistent timeout must be set to a non-zero value.

A persistent timeout sets to zero means no persistent. This is default.

Note: If a virtual service is to handle FTP connections then persistence must be set for the virtual service if Direct Routing or Tunneling is used as the forwarding mechanism.

2 Install

2.1 Hardware prerequisite

The Load Balancer must be plugged into Ethernet network. It supports 10M/100M/1000M networks. When it is connected into the network and boots up, you can configure the server using web browser remotely.

2.2 Initial Setup

The Load Balancer is configured with initial network address 192.168.0.111, you can change it to the address when it boots up. Use a browser connect to http://192.168.0.111:8080, login as user admin, password is also admin. You should change it first time you connect to the server.

There is also a default user monitor, with password monitor. This user can only check the status of the Load Balancer; it is also a good practice to change its password.

3 Configuring load balance

3.1 Overview of configuration tasks

Configuration tasks includes:

l Configure the load balance server

l Configure the router/firewall

l Configure real server

3.2 Configure the load balance server

It is used to configure the network setting of the Load Balancer. There are five items to setup, Net Interface, IP address, Net Mask, Gateway and DNS. When the server first boots up, its IP address is 192.168.0.111.

3.2.1 Network Setting

3.2.1.1 View Network Setting

At the left list in administration home page, choose Network Setting option for the Load Balancer Base Information Page.

3.2.1.2 Modify Load Balancer Base Information

Press the modify button in Load Balancer Base Information page to update server network settings. If the server IP is changed, you must change the URL according to the new IP address for the admin home page in your browser.

3.2.2 HA Setting

3.2.2.1 View Load Balancer HA Information(Enterprise Edition)

At the left list in administration home page, choose Network Setting option for the HA setting page. This function is only enabled in Enterprise Edition. If HA Peer IP is not set, the HA service will not be started.

3.2.2.2 Modify HA setting(Enterprise Edition)

HA Master: define this load balancer is master server or backup server. When the load balancer is master, it can also choose to force takeover the backup server.

HA Peer IP: When it is not set, HA service will not be started.

HA Sync Timeout: the time out for each sync actions between HA servers, such as heartbeat. It is configure in milliseconds.

Heart Beat Interval: time between each heartbeat signal, in seconds.

Heart Beat Retry: how many times to retry before considering a heartbeat communication is failed, thus will fire a take-over action.

Force to takeover: only set when the server is master. True indicates that the master will takeover the backup server automatically when it is recovered.

3.2.3 VIP

VIP is required for services, which can be accessed by client.

3.2.3.1 View VIPs

You can add or remove VIPs as following:

3.2.3.2 Add VIP

In Add New VIP page, user can define IP, mask, Net Interface Alias and Router Only. Net Interface Alias is created by the server, however, it can be changed manually. The Net Interface must be different from the server IP itself, and each VIP should be different from each other.

When the load balancer is down, the peer load balancer can take over all VIPs, but can’t take over real IP of the load balancer. In NAT mode, real servers can set the default router to the address to the IP of the load balancer, it will cause problem if the load balancer is taken over. The solution will be define a router only VIP, and all real servers will use this VIP and the default router.

Press the Add button to add a new VIP, or select an existing VIP and press Remove to remove a VIP.

VIPs can only be removed when all services using the VIP are removed, or the following error message will be prompt when delete a VIP used by any services. :

3.2.4 Service

Service is core to load balance server. All clients will access the application servers using services specified.

3.2.4.1 View Services

There’s no limitation on how many services can be defined, but all services should have different IP address, protocol and port combination.

3.2.4.2 Add Services

When you press Add button, the server will guide you to the service help page, which has instructions about how to configure router/firewall and real servers running different operation system. Load Balancer Admin Console cannot configure them for you, you must configure manually. Here’s the sample instruction about how to configure the router/firewall and real server running Linux.

3.2.4.3 Modify Service

To change the service setting, such as service information, real servers in the service and monitors, press the pencil icon at the right side of the service. The following chapters will introduce how to add, modify, disable, enable and delete real servers and monitors.

The service page will list base information, and the servers, monitors and alerts as well.

Only schedule algorithm, persistent timeout and enabled status can be modified after its creation.

3.2.4.4 Remove Service

To delete a service, just select it and press the remove button. A service can only be removed when there are no servers in the service. If service is not empty, it will show a failure page.

3.2.4.5 Enable/Disable Service

A service can be disabled when the service is not required temporarily but still need to keep the settings of the service.

When the service is disabled, the icon becomes grey.

3.2.5 Real Server

Application runs on real server to listen on certain TCP/IP port, it is the server who finally responds to the client request. A real server belongs to a certain service, however, different real servers can be of the same machine with the same IP address, as long they belongs to different service, thus listening at different port.

3.2.5.1 View Real Server

3.2.5.2 Add Real Server

For service having forward type dr (direct routing) or tun (tunneling), the server must listen at the same port of the service. There’s no limitation for forward type nat (Network Address Translation).

When the service forward type is nat, the server port must be a non-zero value.

When add a new server, the following page will guide you through the steps required for router/firewall setting, and the settings on the real server. The content of the help page changes depending on the forward type of the service.

When add a new server, the default monitor, or, the service monitor will be used. You can choose not to use the service monitor and define the monitors for the server only.

3.2.5.3 Modify Real Server

Only forward type, weight,monitor whether using service monitor and enabled can be edited.

The service detail page also supply for remove /enable/disable servers, oppositely, here support operate multiple items at the same time.

3.2.6 Monitor

Monitor use to check the health of real servers. An http monitor will be automatically created for a service listening at port 80 or 443; otherwise, a ping monitor will be created. The default check interval is 30 seconds

3.2.6.1 View Monitor

3.2.6.2 Add Monitor

Use the default arguments unless you know well the arguments of the monitor.

Select different monitor type will show different arguments.

The following figureis for Http monitor.

The following figure is that select Connect monitor.

The following figure is for Ping monitor.

3.2.6.3 Modify monitor

Only Monitor Type can’t be modified.

3.2.6.4 Remove Monitor

3.2.7 Alert

Alert is called when monitor finds out that the status of a real server changes.

3.2.7.1 List Alert

3.2.7.2 Add Alert

Alert is a program called when the status of real serverchanges.

Alert lb will be created automatically for a service. The server will be removed from cluster when it is down, and added to the cluster again, if it becomes available.For a mail alert, when status matches the ones set, the server will email to the recipient defined.

Select different alert type will show different arguments.

3.2.7.3 Modify Alert

Only Name and Alert type can’t be modified

3.2.7.4 Delete Alert

4 Planning the load balance server

This chapter describes what should be considered before installing and configuring load balance server.

First, you must choose forward method among DR (Direct Routing), NAT (Network Address Translation) and TUN (IP tunneling).

Second, you should also decide whether to use persistence. If the application is stateful, for example, a web application needs to login and has session information, you will have to enable persistent.

In Direct Routing, load balancer will relay the packets with the destination of the service IP to the real servers, so the TCP stack of the real server must acknowledge the packets. It can be achieved by configure the service IP at the loopback device. However, since operating system will add the IP address as the router to the network of the service IP address, it may cause conflict with the real IP at some time. Not like Unix, you can set the netmask of the IP to 255.255.255.255, Windows and some Unix variants such as AIX do not accept that netmask, so you either have to delete the router after the server boots up, or, you can carefully choose the service IP and netmask to avoid the conflict. In Unix, you can always add command to startup script to add and delete the routing rule; it is not as easy to do it on Windows OS. So, it is a good practice to use service IP with odd number as the last digit, and then you can use 255.255.255.252 as the network mask.

4.1 Direct Routing

This is default and most efficient mode. Load balance server, router (or firewall) and all real servers should be within the same physical network segment. Use this method as long as you can.

4.1.1 Configure Load Balance Server

Configure the server using the admin console:

l Configure the internal IP of load balancer

l Add the service IP as the VIP

l Add the service on the VIP, while choose DR as the load balance type

l Add all real servers to the service

4.1.2 Configure Router/Firewall

Configure using the router/firewall specific interface:

l Add routing rule to outside, say, the Internet, to make sure the clients can connect to the service IP.

l Add network interface and IP address which is in the same IP network segment of the service IP

l Add network interface and IP address which is in the same IP network segment of the internal addresses of real servers

Note: check the reference book for your router/firewall for command detail.

4.1.3 Configure Real Server

The real server must be at the same network segment of the internal address of the load balance server, and be configured to accept packets with destination of the service IP, also set the router/firewall as the default gateway. Depending on the Operating System of the real server, its configuration should be different.

4.1.3.1 Linux

l For Linux servers wither kernel greater or equal to 2.4

echo "1" >/proc/sys/net/ipv4/ip_forward

iptables -A PREROUTING –t nat -p tcp -d <serviceIP> --dport <servicePort> -j REDIRECT --to <servicePort>

l Add the router or firewall as the default gateway

route add –net 0.0.0.0 gw <routerIP>

Note: for Linux 2.2 kernel and up, you can also configure a non-arp device for the first step. Check Appendix C for detail.

4.1.3.2 Unix (here’s the example of AIX)

l Add alias to loopback device,

ifconfig lo0 alias <serviceIP> netmask 255.255.255.255

l Add the router or firewall as the default gateway

route add 0 <routerIP>

route change –host <serviceIP> 127.0.0.1

Note: for other Unix variants, check their Unix Admin Guide for detail.

4.1.3.3 Windows

l Configure the service IP on local loopback device. Check Appendix B for detail.

l Add the router or firewall as the default gateway

route add 0.0.0.0 mask 0.0.0.0 <routerIP> /p

4.2 Network Address Translation

This is easy to configure and used for a cluster with only small amount of real servers.

4.2.1 Configure Load Balance Server

Configure the server using the admin console:

l Configure the internal IP of load balancer

l Add the service IP as the VIP

l Add the service on the VIP, while choose NAT as the load balance type

l Add all real servers to the service

4.2.2 Configure Router/Firewall

Configure using the router/firewall specific interface:

l Add routing rule to outside, say, the Internet, to make sure the clients can connect to the service IP.

l Add network interface and IP address which is in the same IP network segment of the service IP

Note: check the reference book for your router/firewall for command detail.

4.2.3 Configure Real Server

The real server must set the default router to the internal IP of load balance server.

4.2.3.1 Linux

l Add the load balancer as the default router

route add –net 0.0.0.0 gw <loadBalanceIP>

4.2.3.2 Unix (here’s the example of AIX)

l Add the load balancer as the default router

route add 0 < loadBalanceIP >

4.2.3.3 Windows

l Add the load balancer as the default router

route add 0.0.0.0 mask 0.0.0.0 < loadBalanceIP > /p

Note: if the service IP and the real IP are within the same network segment, you will have to add another routing rule to force use the load balance server as the router. For example, the service IP is 192.168.0.10, netmask 255.255.255.0, you should add routing rule route add -net 192.168.0.0 netmask 255.255.255.0 gw 192.168.0.10 on the real server (The sample command given is for Linux, you use the command specific to the real server operating system). For AIX, you should also use no -o ipignoreredirects=1 to disable ICMP redirect.

4.3 Tunneling

Most the configuration will be identical to Direct Routing, and it should be used when load balance server and real servers are not in a physical network segment, or even across the WAN. Currently only Linux and Windows 2000 Server supporting IPIP encapsulation can be used as real server.

4.3.1 Configure Load Balance Server

Configure the server using the admin console:

l Configure the internal IP of load balancer

l Add the service IP as the VIP

l Add the service on the VIP, while choose TUN as the load balance type

l Add all real servers to the service

4.3.2 Configure Router/Firewall

Configure using the router/firewall specific interface (same as DR):

l Add routing rule to outside, say, the Internet, to make sure the clients can connect to the service IP.

l Add network interface and IP address which is in the same IP network segment of the service IP

l Add network interface and IP address which is in the same IP network segment of the internal addresses of real servers

Note: check the reference book for your router/firewall for command detail.

4.3.3 Configure Real Server

The real server can connect to the load balance server through WAN, and must be configured to accept packets with destination of the service IP, also setup the router/firewall as the default gateway.

4.3.3.1 Linux Configuration

l For Linux servers wither kernel greater or equal to 2.4

echo "1" >/proc/sys/net/ipv4/ip_forward

iptables -A PREROUTING –t nat -p tcp -d <serviceIP> --dport <servicePort> -j REDIRECT --to <servicePort>

l Add the router or firewall as the default router

router add –net 0.0.0.0 gw <routerIP>

l Add the tunnel configure

modprobe ipip

ifconfig tunl0 0.0.0.0 up

Note: for Linux 2.2 kernel and up, you can also configure a non-arp device for the first step. Check Appendix C for detail.

4.3.3.2 Windows 2000 Server Configuration

l In control panel-> routing and remote access->manually enable it

l Routing interfaces->add a new IP Tunnel

l IP Routing->General->add a new interface->select the IP Tunnel just created

l For the Local address, specify the real IP of real server.

l For the Remote Address, specify the real IP of Load Balancer

l Disable routing and remote access and Enable it again

Note: Refer to appendix E for detail.

5 Operating and managing load balance server

5.1 Restart TriLoad Balancer

You can restart the load balance server in load balance management page.

The stand-alone server management is different from the enterprise HA servers.

The following figure is stand-alone server management.

The following figure is enterprise HA server management.

Load Balancer Status: you can restart or stop load balancer.

Config Modification: when system configuration has changed, you can save it or discard

modification.

Log Download: you can download cluster log of today and yesterday. You also can download different types of information, such as cluster statatistics, runtime history log and debug log according to some condition. These kind of information can be used for further analysis or report generation.

HA Peer Status: copy all setting from peer(except LB network settings and HA settings) It will ease the configuration both servers in HA environment.

Force to takeover: when the master load balancer becomes up, it will force to take over VIPs of backup server and all current working status..

Config File Download/Upload: download or upload the existed config file.

5.2 Monitor load balance status

The status page will be refreshed periodically, and the interval can be changed to minimum 5 seconds. You can choose let the monitor page play alarm sound in the browser when there is any server not working properly. The leading green icon means the server runs OK, grey means it is disabled, and red means the server is down. You can also get information such as Active Connections, Inactive Connections, Total Connections, In Bytes, Out Bytes, Connections Per Second, In Bytes Per Second, Out Bytes Per Second. Please note that in DR or NAT mode, because the response packets will not go through Load Balancer, the out bytes cannot reflect the real response activity.

5.3 Check server history

This page will display the status of the real servers. Refresh interval and how many lines to display can be changed

6 User Management

The server can only be managed by certain users. Only user admin can change the server setting. There’s only one admin user, and the admin user can only logged into the server once. Another login session will take over the current session. There’s another user monitor, it can be only used to monitor the status of the server and the server history, i.e., it is a read only user. There’s no limit about how many monitor user to add, and each session of the monitor user will not affect each other.


Operations accessible to admin user	Operations accessible to monitor users

6.1 Change user password

User admin has default password admin, and user monitor has default password monitor. They should be changed for the first time login.

6.2 Add new user

Only monitor user can be added.

6.3 List user and delete user

A monitor user can be deleted. However, admin user cannot.

Appendix A: Sample Scenarios

Direct Routing

In this configuration, client, Load Balancer and Real Servers are at the same physical network segment, as well as the VIP (Virtual IP). Real Servers are running Windows 2000 Server, with IIS listening at port 80. To verify the dispatcher result, each real server has a file named ip.txt under web root, containing its real IP address. The Load Balancer will forward all requests from client to real servers using direct routing.

Configuration of Load Balancer

1. Sets real IP address to 192.168.0.100, net mask 255.255.255.0

2. Adds virtual IP 192.168.0.10

3. Adds Direct Routing service to VIP 192.168.0.10 with port 80

4. Adds two real servers 192.168.0.201 and 192.168.0.202 to the service

Configuration of Real Server (take 192.168.0.201 as example)

1. Sets real IP address to 192.168.0.201, net mask 255.255.255.0

2. Adds MS Loopback Network Interface, sets its address to 192.168.0.10 with net mask 255.255.255.252

To verify the configuration, you can access URL http://192.168.0.10/ip.txt at client machine. Because normal browsers will cache the result, it is better to verify the result using tool telnet. In command line, type telnet 192.168.0.10 80, then GET /ip.txt HTTP/1.0<cr><cr> to simulate the HTTP protocol to get the HTTP response from server. You can also log into TriLoad Admin console at http://192.168.0.100:8080/, in Status page you can check the server statistics.

Network Address Translation

Configuration of Load Balancer

5. Sets real IP address to 192.168.0.100, net mask 255.255.255.0

6. Adds virtual IP 192.168.0.10

7. Adds NAT service to VIP 192.168.0.10 with port 80

1. Adds two real servers 192.168.0.201 and 192.168.0.202 to the service

Configuration of Real Server (take 192.168.0.201 as example)

1. Sets real IP address to 192.168.0.201, net mask 255.255.255.0

2. Adds routing rule to force the real server use Load Balancer for all responses back to clients, even the client is at the same network: route add 192.168.0.0 mask 255.255.255.0 192.168.0.100

Appendix B: Configure Loopback on Windows

In Direct Routing, load balancer will relay the packets with the destination of the service IP to the real servers, so the TCP stack of the real server must acknowledge the packets. It can be achieved by configure the service IP at the loopback device. However, Since Windows operating system will add the IP address as the router to the network of the service IP address. It may cause conflict at some time. Not like Unix, you can set the netmask of the IP to 255.255.255.255, Windows do not accept that netmask, so you either have to delete the router after the server boots up, or, you can carefully choose the service IP and netmask to avoid the conflict. It is a good practice to use service IP with odd number as the last digit, and then you can use 255.255.255.252 as the network mask.

First, add an MS Loopback network card device in control panel.

Then configure the service IP address on the device.

In netmask field, the first three numbers should always be 255, and try 252, 248, etc for the last number.

If it is not possible to avoid the network conflict, you will have to delete the routing rule when the server boots up. You can execute the following command manually or automatically.

route delete <serviceIPNetwork> <serviceIP>

Note: the service IP Network address is the mask result of the service IP calculated by the netmask you specified.

Appendix C: Configure No-Arp Network Device

Linux will respond to ARP request not only for the addresses configured on the real network device, it will also respond to all IP addresses not in 127 network segment (the loopback segment) even they are configured on loopback device. This feature will confuse load balance server when working in Direct Routing or Tunneling mode. The following patch can turn on and off this feature on demand. But it required rebuilding the kernel, thus, the method mentioned in chapter 4 maybe a better choice, even it may introduce some minor cost on the real servers. It will not add any load on the load balance server however.

First download the patch from http://www.ssi.bg/~ja/. Find hidden-2.XXX.diff , where XXX is the kernel version of the Linux server you choose, download the file and save it to /usr/src/linux, and execute patch -p1 < hidden-2.XXX.diff to apply the patch. Then rebuild the kernel, for compile instructions, refer to the README file in /usr/src/linux-2.X/ directory.
After the kernel rebuilt, place the following command into server startup script.

echo 1 > /proc/sys/net/ipv4/conf/all/hidden

echo 1 > /proc/sys/net/ipv4/conf/lo/hidden

echo 1 > /proc/sys/net/ipv4/conf/tunl0/hidden

Note: the last statement is only required when tunneling is used.

Appendix D: Host Variables

Variables supported by both monitor and alert:

l forwardType：the forward type of the real server(include DR,NAT,TUN mode, if its value is default, then use the type that service defined.

l persistentTimeout：the timeout of the sesion of the virtual service persist.Zero means no session timeout.

l port：service port on the real server.

l protocol：the protocol that service defined to support.

l scheduler：the algorism of the virtual service used to choose real server for a request.

l server：the real server IP address

l serverName：the identified name of the real server.

l serviceName：the identified name to virtual service.

l servicePort：virtual service port.

l timeout：the timeout of the monitor.

l vip：the virtual service IP.

l weight：weight of real server.

Appendix E: Configure IP Tunnel on Windows

1. Press "Start" -> "Settings”, open "Control panel"

2. Run "Routing and Remote Access" in "Administrative Tools"

3. Choose "Computer name (local)" press "Action" menu and choose "Configure and Enable Routing and Remote Access"

4. In "Routing and Remote Access Server Setup Wizard"-> "Next"

Figure 1

5. Choose "Manually configured server"-> "Next"->"Finish" and "Yes” to start the service

Figure 2

6. Open "New IP Tunnel...", input any name

Figure 3

7. Open "New Interface...", choose the IP Tunnel just created.

8. Configure parameters: set local address to the real IP address of the real server and remote address to the real IP address of the Load Balancer.

Figure 4

9. Disable routing and remote access and Enable it again.