Of the two types of clusters supported by
Windows Server 2003, Network Load Balancing is the easier one to
install, configure, and maintain. You can use the existing hardware and
applications in your computers, and there is no additional software to
install. You use the Network Load Balancing Manager application in
Windows Server 2003 to create, manage, and monitor NLB clusters.
1. Understanding Network Load Balancing
A
Network Load Balancing cluster consists of up to 32 servers, referred
to as hosts, each of which is running a duplicate copy of the
application you want the cluster to provide to clients. Network Load
Balancing works by creating on each host a virtual network adapter
that represents the cluster as a single entity. The virtual network
adapter has its own IP and media access control (MAC) addresses,
independent of the addresses assigned to the physical network interface
adapters in the computers. Clients address their application requests
to the cluster IP address instead of to an individual server’s IP
address.
Off the Record
In
an Ethernet or Token Ring network interface adapter, the MAC address,
also known as the adapter’s hardware address, is a unique six-byte
hexadecimal value hard-coded into the adapter by the manufacturer.
Three bytes of the address contain a code identifying the manufacturer,
and three bytes identify the adapter itself. |
|
Directing
clients to the IP address of the cluster is a task left to the name
resolution mechanism that provides clients with IP addresses. For
example, if you are currently running an individual Web server on the
Internet, the DNS server hosting your domain has a record associating
your Web server’s name with the Web server computer’s IP address. If
you change from the single Web server to a Network Load Balancing
cluster to host your Web site, you must modify the DNS resource record
for the Web site’s name so that it supplies clients with the cluster IP
address, not your original Web server’s IP address.
|
When
an incoming client request addressed to the cluster IP address arrives,
all the hosts in the cluster receive and process the message. On each
host in an NLB cluster, a Network Load Balancing service functions as a
filter between the cluster adapter and the computer’s TCP/IP stacks.
This filter enables NLB to calculate which host in the cluster should
be responsible for resolving the request. No communication between the
hosts is required for this purpose. Each host performs the same
calculations independently and decides whether it should process that
request or not. The algorithm the hosts use to perform these
calculations changes only when hosts are added or removed from the
cluster.
2. Planning a Network Load Balancing Deployment
Before
you deploy a Network Load Balancing cluster, you must create a plan for
the network infrastructure that will support your cluster servers. The
high availability provided by NLB will do you no good if your users
can’t access the servers because of a failure in a router, switch, or
Internet connection. In addition, because many NLB installations
provide Web and other services to Internet users, you must consider the
security of your cluster servers and the rest of your internal network.
Important
Deploying
a Network Load Balancing cluster is not a task to undertake casually or
haphazardly. As with any major network service, the NLB deployment
process must be planned carefully, tested thoroughly on a lab network,
and then implemented in a pilot program before proceeding with the full
production deployment. |
For
a high-traffic Web site with high-availability requirements, a typical
network infrastructure design would consist of a Web server farm
located on a perimeter network, as shown in the following figure. The
perimeter network has redundant connections to the Internet, preferably
with different Internet service providers (ISPs) or with one ISP that
has connections to multiple Internet backbones. A firewall at each
Internet access router protects the perimeter network from Internet
intruders, and another firewall isolates the perimeter network from the
internal network.
|
|
NLB Operational Modes
The
servers that are going to be the hosts in your NLB cluster do not
require any special hardware. There is no shared data store as in a
server cluster, for example, so you do not have to build a storage area
network. However, NLB imposes certain limitations on a server with a
single network interface adapter in a standard configuration, and in
some cases, you can benefit from installing a second network interface
adapter in each of your servers.
Windows Server 2003 Network Load Balancing has two operational modes: unicast mode and multicast mode.
In unicast mode, Network Load Balancing replaces the MAC address of the
physical network interface adapter in each server with the MAC address
of the virtual network adapter representing the cluster. The server
does not use the computer’s original MAC address at all, effectively
transforming the computer’s physical network interface adapter into a
virtual network adapter. The Address Resolution Protocol (ARP) resolves
both of the server’s IP addresses (the IP address originally assigned
to the network interface adapter and the cluster IP address) to the
single MAC address for the cluster.
Off the Record
NLB
does not actually modify the MAC address in the network interface
adapter itself; the address assigned to the adapter by the manufacturer
is permanent and cannot be changed. NLB only replaces the MAC address
in the computer’s memory, substituting a virtual MAC address for the
physical address the system reads from the network adapter card. |
|
The
ARP is a TCP/IP protocol that resolves IP addresses into MAC or
hardware addresses. To transmit to a particular IP address, a TCP/IP
computer must first discover the MAC address associated with that IP
address so that it can build a datalink layer protocol frame. ARP
functions by transmitting a broadcast message containing an IP address
to the local network. The computer using that IP address is responsible
for replying with a message containing its MAC address.
In
the case of an NLB cluster in unicast mode, each server in the cluster
replies to ARP requests that contain either its original IP address or
the cluster IP address by sending a response containing the cluster MAC
address. Therefore, no computer on the network can transmit to the MAC
address assigned for the NLB server’s physical network interface
adapter.
|
Because
the network interface adapters of all the servers in the cluster have
the same MAC address, the cluster servers cannot communicate among
themselves in the normal way, using their individual MAC addresses. The
servers can, however, communicate with other computers on the same
subnet, and with computers on other subnets, as long as the IP
datagrams don’t contain the cluster MAC address.
Note
When
you configure the servers in an NLB cluster to use unicast mode with a
single network interface adapter, you cannot use the Network Load
Balancing Manager application on one of the servers to manage the other
servers in the cluster. |
In
some cases, this is not a problem. Dedicated Web servers hosting the
same site, for example, don’t often need to communicate with each other
under normal conditions. However, if you determine that it is necessary
for the servers in your NLB cluster to communicate with each other,
there are two possible solutions:
Configure the cluster servers to operate in NLB multicast mode
In multicast mode, NLB assigns a cluster MAC address to the physical
network interface adapter, but it also retains the adapter’s original
MAC address. The cluster IP address resolves to the cluster MAC
address, and the server’s original IP address resolves to the original
MAC address. For this configuration to function properly, the routers
on the network must support the use of multicast MAC addresses.
Install a second network interface adapter in each server
One of the network interface adapters becomes the network interface
adapter for the cluster, with its original MAC address replaced by the
cluster MAC address. Both the cluster IP address and the adapter’s
original IP address resolve to the cluster MAC address. The system does
not use this adapter’s original MAC address. Like a single adapter in
unicast mode, the cluster adapter cannot communicate with the other
servers in the cluster. The second adapter retains its original MAC
address and assigned IP address and handles all noncluster network
communications.
Tip
In
a Windows Server 2003 Network Load Balancing cluster, you must
configure all the servers to operate in either unicast or multicast
mode. You cannot mix unicast and multicast servers in the same cluster.
However, you can mix network interface adapter configurations,
installing two network interface adapters in some of a cluster’s
servers, while leaving a single adapter in others. In the case of a
unicast cluster, only the servers with multiple adapters are able to
communicate with the other servers. |
In
summary, a server in an NLB cluster can have either one network
interface adapter or multiple adapters, and it can run in either
unicast or multicast mode. By combining these options, you can use four
possible NLB configurations, each of which has advantages and
disadvantages, as shown in Table 1.
Table 1. NLB Configuration Advantages and Disadvantages
| NLB Configuration | Advantages | Disadvantages |
|---|
| Single network interface adapter in unicast mode | | |
| Single network interface adapter in multicast mode | | |
| Multiple network interface adapters in unicast mode | No router incompatibility problems Permits ordinary communications among cluster servers Network performance enhanced because cluster traffic and ordinary network traffic use different network interface adapters
| |
| Multiple network interface adapters in multicast mode | | |
The
most popular configuration for large NLB installations is to install
two network interface adapters in each server and run them in unicast
mode. This configuration enables the servers to function as normal
participants on the network, in addition to performing their NLB server
duties. There are also no problems with routers handling multicast MAC
addresses and no bottlenecks caused by cluster traffic and ordinary
network traffic sharing a single network interface adapter.
NLB Networking
Although
the servers in a Network Load Balancing cluster do not share a single
data store, as in a server cluster, and perform their own independent
calculations to determine which server will service an incoming
request, the servers do communicate with each other. The cluster
servers must exchange information to know how many servers are in the
cluster and to determine when a server has been added or removed from
the cluster. This communication enables the cluster to compensate for a
failed server and to take advantage of new servers in the cluster by
redistributing the traffic load.
Important
A
single computer, running Windows Server 2003 cannot be a member of a
Network Load Balancing cluster and a server cluster at the same time,
because these two clustering solutions use network interface adapters
in different ways. If you want to deploy both an NLB cluster and a
server cluster on your network, you must use separate servers for each
cluster. |
The cluster traffic between NLB servers takes the form of a heartbeat
message that each server transmits once per second to the other servers
in the cluster. If one cluster server fails, it stops transmitting its
heartbeat messages, and the other servers detect the absence of the
heartbeats. Once the other servers in the cluster miss five consecutive
heartbeat messages from a server, they begin a process called convergence,
in which they recalculate their traffic distribution algorithm to
compensate for the missing server. In the same way, adding a new server
to an NLB cluster introduces a new heartbeat to the network, which
triggers a convergence in the other servers, enabling them to
redistribute the traffic so that the new server receives an equal share
of the load.
Note
Because
all the servers in the cluster are using the same cluster MAC address,
transmitting the heartbeats is simply a matter of directing the packets
to that address. The servers don’t need to broadcast the heartbeat
messages, reducing the impact of the cluster traffic on the network. |
When
you deploy NLB cluster servers with a single network interface adapter
in each computer, obviously all the cluster-related traffic must travel
over the same network as your ordinary traffic. This is usually not a
major burden because the heartbeat packets are small, less than 1,500
bytes, and they fit into a single Ethernet packet. If you decide to
install multiple network interface adapters in each cluster server, you
can connect both adapters to the same local area network (LAN) or
construct a separate network for the cluster traffic.
Planning
If
your NLB cluster consists of servers that are already isolated on a
perimeter network, there is probably no need to create a separate LAN
for cluster traffic. However, if you are deploying an NLB cluster on a
heavily trafficked internal network, you might benefit from installing
a dedicated cluster LAN. |
