VPN – NLB

Network Load Balancing is intended for stateless applications that do not have long-running in-memory state. Such application treats each client request as an independent operation, and therefore it can load-balance each request independently. Stateless applications often have read-only data or data that changes infrequently. IIS servers, virtual private networks (VPNs), and File Transfer Protocol (FTP) servers typically use Network Load Balancing. Network Load Balancing clusters can also support other TCP- or UDP-based services and applications.

Network Load Balancing can combine up to 32 servers.

 Virtual Private Network - Network Load Balancing can be used with virtual private network (VPN) servers to load-balance PPTP clients.

Scenario – Ceate a cluster of 2 RAS servers so that the load can be balanced between these two RAS servers.

Steps to create this cluster –

· Check that the RAS servers are able to ping each other.

· Install “Network Load Balacing” (NLB) driver on the network interface of both these RAS servers.

· The Network Load Balancing device driver Wlbs.sys is loaded onto each host in the cluster and includes the statistical mapping algorithm that the cluster hosts collectively use to determine which host handles each incoming request.

· Both these network interface on the RAS server will get the same Media Access Control (MAC) address.

· Now try to ping the RAS servers they will not be able to ping each other.

· Configure the properties for NLB by going to nlbmgr.msc from command prompt.

· In NLB properties enter a virtual IP that the clients will use to connect to the RAS server. This virtual IP will be shared by both the RAS servers.

· To enable Network Load Balancing in Windows Server 2003 support for both Point-to-Point Tunneling Protocol (PPTP) and Layer Two Tunneling Protocol (L2TP) virtual private network (VPN) sessions, Network Load Balancing must be configured in single affinity mode.

· You need to select one RAS server as Host1 (with priority 1) and other RAS server as Host2 (with priority 2), which will act as the failover server i.e. in case of failure of the first server it will act as the backup server.

· Go to the command prompt of the ras server and give the command “wlbs display”. It will give the latest status of the cluster.

· Run command “nlb query” to get the status of the host.

After the cluster is created and the convergence has happened, you can connect from the client by giving the virtual IP address.

What is "

NLB Drainstop" –

· When you make VPN connections to the cluster from RAS clients all the calls will be redirected to one RAS server which is the primary server.

· If you run the command “nlb drainstop” on the primary RAS server it will stop taking any more connections.

· All the new VPN connections will be re-directed to the failover RAS server.

· To enable the primary RAS server to start taking new VPN connections once again, run the command “nlb start” on the primary server.

For more information on NLB refer to the MSDN article at - https://technet2.microsoft.com/WindowsServer/en/Library/c1db8c13-da31-4541-81d8-e2b3ebe742fb1033.mspx

Puja Pandey
Software Design Engineer/Test
Windows Networking Group

[This posting is provided "AS IS" with no warranties, and confers no rights.]