NLB: Dedicated IP Addresses Explained (An NLB Myth debunked?)

  • Article

For information on Network Load Balancing - or “Wibbles” as we affectionately refer to it locally - it was called Windows Load Balancing Service, or WLBS until Windows 2000 - the definitive guide still appears to be nlbtech2.doc at the time of writing. I think there was a newer version for Windows Server 2003 that I can't find any more (or did I dream it? ), so for the purposes of this discussion, Nlbtech2 is the juice.

Anyway, when configuring a dual-NIC NLB cluster - one cluster NIC, one internal, a common slip is to configure the “dedicated” IP address on the non-clustered adapter. This doesn't do anything. It doesn't hurt, but it's not working the way you might imagine it does. Here's the money quote from The Source:

Network Load Balancing never load-balances traffic for the dedicated IP address. Instead, it load-balances incoming traffic from all IP addresses other than the dedicated IP address.

“Dedicated” in the NLB sense means “excluded”. NLB will (attempt to) balance every other IP address bound to an NLB-enabled NIC except the dedicated IP. So, on your NLB NIC, you have a maximum of one IP address that will not be balanced, and this is what you punch into the NLB UI as the “dedicated” IP if you need to create an exclusion.

The dedicated IP also needs to be bound first in TCP/IP properties (eg, it needs to be the address you see on the first page of the TCP/IP Properties dialog, which should be first in the list on the Advanced addressing page) so that connections originated on the NLB NIC originate from this unbalanced IP address, not on a clustered IP - which could be balanced to another node when the response arrives back for the source IP(!). (To pick which NIC will initiate connections to non-cluster hosts, you can fiddle the interface metrics ).

So, why have a “Cluster” IP if all IP's except the dedicated IP are balanced? Think of it as the primary cluster IP - it's basically used to determine the MAC address of the cluster, so all cluster members with the same primary IP can spot each other and converge (the heartbeat packets (ethernet 886f) also contain the cluster primary IP - it's not just used in the MAC).