Configuring NLB
When you install Win2K AS or Datacenter, you automatically install NLB. However, NLB isn't enabled by default. To enable NLB, open the Control Panel Networking and Dial-Up Connections applet, then open the Properties dialog box for the Local Area Connection on which you plan to install NLB. (Alternatively, you can click Start, Settings, Network and Dial-up Connections, choose the Local Area Connection, and click Properties.) In the Components checked are used by this connection section, select Network Load Balancing, as Figure 1, page 42, shows.
Click Properties to display the Network Load Balancing Properties dialog box, which contains three tabs: Cluster Parameters, Host Parameters, and Port Rules, as Figure 2 shows. On the Cluster Parameters tab, enter the Primary IP address (i.e., the NLB cluster's virtual IP—VIP—address). This IP address must be valid for your subnet (and obviously unique, except for other members of the cluster), and you must set it identically for all cluster hosts. The Subnet mask field resolves automatically. The Full Internet name is the primary name that you use for the NLB cluster, and you must set it identically for all cluster hosts. Your name-resolution system (e.g., DNS, WINS, HOSTS file) must be able to resolve this name to the cluster's primary IP address. For example, I have Win2K DNS configured to resolve cluster.tim.com to 192.168.1.100, which is my cluster's VIP address. However, if you're setting up NLB for the first time for testing purposes, you don't need to resolve the name to the address. As I demonstrate later in the "Putting NLB into Action" section, you can just use the provided test address (i.e., http://192.168.1.100/nlbtest.asp) of the cluster. Enabling Multicast support is essentially mandatory for single-NIC servers in an NLB cluster. I selected this option because I performed my tests on servers that have only one NIC each.
The final step on the Cluster Parameters tab is to decide whether to select the Remote control check box. When you enable remote control, you immediately receive the warning Please consult on-line help for security implications of using remote control commands. For security reasons, you must use a firewall to shield the NLB UDP control ports (i.e., the ports that receive remote-control commands) from external intrusion. By default, the control ports are ports 1717 and 2504 at the NLB cluster's IP address. I selected remote control for my test environment, which is protected by a simple hardware-based firewall solution from Linksys.
Now, move to the Host Parameters tab, which Figure 3 shows. For each host in the cluster, you must specify a unique host priority ID. The Priority (Unique host ID) field specifies the server order in which NLB tries to allocate traffic if a host goes offline. In my test environment, I simply set the IDs of my three hosts to 1, 2, and 3. The Dedicated IP address field and its associated Subnet mask field let you send some traffic to a specific host in the cluster. For example, you can enable Telnet access to one host in the cluster. These fields are optional; you'll most likely use the host's actual IP address (rather than its VIP address as a member of the NLB cluster).
Finally, go to the Port Rules tab, which Figure 4 shows. Port rules let you control the various types of TCP/IP traffic. An example of a port rule is disabling UDP on a certain range of ports. The number and types of port rules must be identical on each server in a cluster. Other than the default rule, which the software automatically configures, port rules are optional. (You can also change the default rule.) NLB gives you three Filtering modes—Multiple hosts, Single host, Disabled—with which to direct network traffic to specific ports on the VIP address.
The Multiple hosts mode. The Multiple hosts mode distributes network traffic over the hosts in the NLB cluster. You can specify a load weight to a specific host—a compelling feature if you have, for example, a beefy Web server (superior to the cluster's other machines) that services only HTTP on port 80. (By default, the load is equally distributed among the cluster's hosts). Additionally, the Multiple hosts filtering mode offers the capability to enable a server's affinity. If you select Single affinity, NLB uses one host to serve all requests from a specific client (after that client is load-balanced to a host within the cluster). In other words, the client sticks to the Web server, for example, on which his or her IIS session resides. The Class C affinity ensures that a client's proxy server doesn't confuse NLB by appearing to be different computers. You'll need to consult with your Web developers about your client affinity requirements. (Among other considerations, well-written Web applications don't require clients to establish and maintain a session on a single Web server, but HTTP over Secure Sockets Layer—HTTPS—does.) (.NET will automatically address session state with its ability to identify a session server behind the firewall; therefore, the need to be able to specify single affinity will be unnecessary.) I chose None because my NLB test environment was a simple Web page that doesn't require session state.
Register
