Direct server return (DSR) is a load balancing scheme that allows service requests to come in via the load balancer virtual IP (VIP). The responses are communicated by the back-end servers directly to the client. The load is taken off the load balancer as the return traffic is sent directly to the client from the back-end server, bypassing it entirely. You may want to do this if you have larger files to be served or traffic that doesn’t need to be transformed at all on its way back to the client.
Here’s how it works: Incoming requests are assigned a VIP address on the load balancer itself. Then the load balancer passes the request to the appropriate server while only modifying the destination MAC address to one of the back-end servers.
You need to be aware of the following when using DSR:
- Address resolution protocol (ARP) requests for the VIP must be ignored by the back-end servers if the load balancer and back-end servers are on the same subnet. If not, the VIP traffic routing will be bypassed as the back-end server establishes a direct connection with the client.
- The servers handling the DSR requests must respond to heartbeat requests with their own IP and must respond to requests for content with the load balancer VIP.
- Application acceleration is not a possibility because the load balancer does not handle the responses from the backend servers.
Here are the configuration steps for Linux and Microsoft Windows OS, as well as the NetScaler setup:
- Create an additional loopback interface with an IP alias (the load balancer VIP is represented by x.x.x.x), use the ifconfig command:
$ ifconfig lo:1 <VirtualServiceIPAddress> broadcast x.x.x.x netmask 255.255.255.255
- Enter the following command to verify configuration:
$ ifconfig lo:1
lo:1 Link encap:Local Loopback inet addr:126.96.36.199 Mask:255.255.255.255 UP LOOPBACK RUNNING MTU:3924 Metric:1
Note that if the machine reboots, this configuration will not be persistent. To set this permanently, some Linux configuration files need to be edited. Steps on how to do this vary from distribution to distribution.
- Disable invalid ARP replies by adding the following to the /etc/sysctl.conf file:
Microsoft Windows configuration
Use the following steps to create the loopback interface for a Microsoft Windows OS:
- Click the Windows Start menu> Control Panel > Add Hardware.
- Click Next.
- Select Yes, I have already connected the hardware and click Next.
- Select Add a new hardware device from the installed hardware list, then click Next.
- Select Install the hardware that I manually select from a list and click Next.
- Select Network adapters and click Next.
- Select Microsoft from the Manufacturer list.
- Choose Microsoft Loopback Adapter from the Network Adapter list and click Next.
- Click Next two more times and then click Finish.
Configure the Virtual IP for both OS
The VIP address on the loopback interface needs to be set up with a netmask value of 255.255.255.255(/32). It should be set up without the default gateway setting.
The interface metric needs to be set to 254 in order to prevent the loopback network adapter from answering ARP requests. When setting up the IP address, do the following: Click on Advanced, uncheck Automatic metric, and set the Interface Metric to 254. (These steps are different for certain versions of Microsoft Windows; for example, in Windows Server 2012, the loopback interface is renamed to Microsoft KM-TEST Loopback Adapter.)
There are several features that need to be enabled within NetScaler in order for DSR to work. Note that all the steps can be performed through CLI. The CLI commands are included as well.
DSR uses MAC-based forwarding, which needs to be enabled because it’s disabled by default. To enable MAC-based forwarding in NetScaler:
- Click the Configuration tab > System > Settings > Configure modes.
- Select the MAC-based forwarding mode and click OK.
These steps can be done through CLI as well; use the enable ns mode mbf command.
Next, the load balancing feature needs to be enabled because it’s disabled by default, too.
- Navigate to System > Settings. In Configure Basic Features, select Load Balancing.
The CLI command is enable ns feature lb.
A server-object needs to be created for each load-balanced server.
- Click the Configuration tab > Traffic Management > Load Balancing Servers > Add.
- You will need the server name and the IP address of the server.
The CLI command is add server Serverx y.y.y.y.
Each service offers one or more services (such as HTTP, DNS, MySQL, and so on). NetScaler load balances traffic across services, not across servers. A service with the protocol ANY needs to be created, as well as a basic monitor, and Use Source IP (USIP) needs to be enabled. The service has to be tied to a server on a specific port (in the example, port 80).
- Click the Configuration tab > Traffic Management > Load Balancing> > Services > Add.
- Select the appropriate services and click OK.
The CLI command is add service ANY_serverx_service serverx ANY 80 -usip Yes.
A virtual server that balances traffic to one or more of the virtual services is required. The protocol chosen should be ANY (just like the service), the load balancing method is Source IP Hash and the redirection mode is MAC based (aka, MAC-based forwarding). It is recommended to make the virtual server Sessionless, as no return traffic passes the NetScaler.
- From the Configuration Utility, navigate to Traffic Management > Load Balancing > Virtual Servers and fill in the required fields
From the CLI, run the following commands to create the load balancing virtual server:
add lb vserver <VServer_Name> ANY <IP_Address> * -m MAC <-connfailover STATELESS>
add lb vserver DSR ANY -M MAC -connfailover stateless
add lb vserver vserver_DSR ANY 10.0.0.11 80 -lbmethod SOURCEIPHASH -m MAC -sessionless ENABLED
Be aware that for certain services (such as FTP), you need to enable connection failover, stateless.
Lastly, bind the service to the virtual server by running the following command via CLI (may not need to be done if you previously bound the services via GUI on service creation):
CLI command is bind lb vserver vserver_DSR service_Server1_ANY.