0

Can we do network load balancing among servers with different subnet IPs present in a LAN. Basically I have my website on these 2 servers and website name is mapped to a Virtual IP. What type of load balancer can achieve this. Should it be possible with NAT.

user13727833
  • 3
  • 4

1 Answers1

0

You can use just about any common load balancer. The incoming requests for your services need to be directed to the load balancer instead of to your servers and the load balancer needs to be able to reach the backend servers.

The load balancer will source nat (snat) the incoming packets, that is it will substitute the source address with its own address, before passing them on to one of your servers.

So the backend servers will reply to the load balancer instead of to the original client. For the response packets the load balancer will again do address substitution, this time substituting the target adress with the original client address.

To let the backend server service gain knowledge of the original client address, the load balancer is often, but not always, configured to inject this address as an application field which can be interpreted and/or logged by the backend service. For http this may for example be a http header such as x-forwarded-for or x-client-ip or similar.

The load balancer can be configured with several backend servers for each service, and they can be placed on different subnets as long as the server application requirements permit this. The load balancer is commonly indifferent as to where the backends are, as long as they are reachable.

You could try this by configuring haproxy, nginx or apache httpd, or just about any of the other open source and commercial load balancers on the market.

Caveat: There are load balancers which use a somewhat different approach, such as Microsoft Windows NLB. NLB is commonly installed on the actual backend servers to integrate the load balancing with the backend. This creates a requirement that the backend servers usually need to be on the same subnet for the NLB intra-cluster communication to work. NLB can also be combined with IIS ARR to provide a more ordinary load balancing frontend (such as found with other load balancers), at which the backend nodes may be placed on different subnets.

ErikE
  • 4,676
  • 1
  • 19
  • 25
  • Thanks for your response Erik. I am going to use SSL, and I want to retain https through out the request (when request redirects to server from load balancer also). So I have to use Layer 7 in TCP mode. Am I correct. Also please let me know if the LB in this link supports my requirement, https://www.amazon.in/dp/B0814V1RZ9/ref=cm_sw_r_wa_apa_i_ZbH9Eb12587DR – user13727833 Jul 01 '20 at 23:02
  • Load balancing tcp is done at layer 4, at which layer 7 will be encrypted to the loadbalancer. If you need to apply LB-logic at L7 whilst retaining https, you first need to terminate ssl at the loadbalancer, apply the logic, then re-encrypt the connection to the backend. For your question on the Cisco router, Cisco has a support channel, I suggest using that or reading the product documentation. – ErikE Jul 02 '20 at 11:45
  • Hi Erik, does IIS combined with ARR support loadbalancing the node servers from different subnets. – user13727833 Jul 11 '20 at 14:20
  • Yes, you can define the backend nodes to be any ip addresses. – ErikE Jul 11 '20 at 14:53
  • OK. But I want to maintain https from load balancer to the node server also. I will configure SSL on node servers. By chance if u have any idea if SSL is possible through out the request? – user13727833 Jul 11 '20 at 14:57
  • I mean, will it take care of SSL offloading. – user13727833 Jul 11 '20 at 15:58
  • I see that it supports SSL offloading, but do I need Virtual IP for ARR or MAC binding IP will also do? I could not find this info. – user13727833 Jul 11 '20 at 17:04
  • You may benefit from separating questions by the network layers which often aid analysis. You can configure IIS/ARR to offload SSL or to terminate SSL then reencrypt, the latter appears what you want. That happens at layer 5-7. MAC/IP happens at layer 2-3 and you typically only need to concern yourself with virtual ip (as in a cluster floating ip) if you combine IIS/ARR with NLB for load balancer redundancy. – ErikE Jul 11 '20 at 22:56
  • I see that IIS-ARR alone can be used for LoadBalancing without using NLB. As stated in this forum: https://forums.iis.net/t/1192312.aspx . please confirm if MAC binding IP will do for IIS-ARR alone. – user13727833 Jul 12 '20 at 02:55
  • Why would you want to do ”mac binding ip” in a standalone IIS config? The binding is a process of the arp protocol and usually takes care of itself. – ErikE Jul 12 '20 at 13:38
  • After checking with my ISP i found Virtual IP is nearly 10 times more expensive than MAC binding IP. That is the reason iam checking whether MAC binding IP will work. – user13727833 Jul 12 '20 at 13:44
  • When my ISP gives me internet connection, he will give a public static IP to my Server which is binded to its MAC address. It means I cannot assign that Static IP to any other device. It is meant only for that particular server. So I want to check this before taking the internet connection and Servers. – user13727833 Jul 12 '20 at 14:18
  • You would ordinarily publish the site from behind a firewall at which the firewall, not the server, would present a mac address to the ISP and map public ip addresses. Direct connecting a server to the internet is never adviced, even if it is possible just as you are contemplating. This does not sound like a professional setup, maybe Super User would be a better forum for all the follow up questions? – ErikE Jul 12 '20 at 14:37