Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

Configuring DSR

1 Introduction

Direct Server Return (DSR) is a method whereby traffic hits the LoadMaster on the way in and bypasses the LoadMaster on the way out.

The primary advantage of DSR is that the LoadMaster only handles a portion of the work associated with load balancing, specifically the inbound traffic. The servers respond directly to the clients, bypassing the LoadMaster on the way out.

If the particular traffic profile for a site is for every packet in, eight packets are sent out, this would result in the LoadMaster handling around 87% less traffic than it would without DSR.

For DSR to work, the Virtual IP (VIP) address on a Real Server must be configured so that the server does not respond to ARP requests on the VIP address.

For Linux with a recent 2.4 kernel, this can be done by creating the VIP as an IP alias on the loopback interface. On Windows this involves creating a loopback adapter with specific configuration parameters. Refer to the Configuring a VIP on the loopback interface on Linux and  DSR Configuration on Windows sections for detailed steps on how to do this in both operating systems.

When you create the Virtual Service, enable Force L4 in Standard Options and select Direct return as the Forwarding method when adding the Real Server. This means that the LoadMaster just routes the packets from a client to a Real Server without modifying the IP addresses. The Real Server accepts requests for the VIP destination address because it has configured the VIP as an IP alias. The Real Server will then reply to the IP address of the requesting client with the source IP address of the reply set to the VIP.

The table below shows an example of DSR steps.

Step

Source IP

Destination IP

 MAC Address

1

216.139.43.10

195.30.70.200

Dest.: 00:00:00:00:00:aa

2

216.139.43.10

195.30.70.200

Dest.: 00:00:00:00:00:bb

3

195.30.70.200

216.139.43.10

Source: 00:00:00:00:00:bb

2 Configuring a VIP on the loopback interface on Linux

On a linux machine, the “ifconfig –a” command will look something like this:

root@RS1 $ ifconfig –a

eth0 Link encap:Ethernet HWaddr 00:00:00:00:00:bb inet addr: 195.30.70.11 Bcast: 195.30.70.255 Mask:255.255.255.0

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:96561817 errors:526 dropped:0 overruns:5 frame:0 TX

packets:97174301 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 Interrupt:10 Base address:0x4000

lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:3924 Metric:1 RX packets:3985923

errors:0 dropped:0 overruns:0 frame:0 TX packets:3985923 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0

To create an additional loopback interface with an IP alias, use the “ifconfig” command like this:

root@RS1 $ ifconfig lo:1 <VirtualServiceIPAddress> broadcast 195.30.70.200 netmask 255.255.255.255

root@RS1 $ ifconfig lo:1

lo:1 Link encap:Local Loopback inet addr:195.30.70.200 Mask:255.255.255.255 UP LOOPBACK RUNNING MTU:3924 Metric:1

If the machine reboots, this configuration will no longer be available. To set this permanently, some Linux configuration files need to be edited. Steps on how to do this vary from distribution to distribution.

The next step is to disable invalid ARP replies. Add the following to the /etc/sysctl.conf file:

net.ipv4.conf.all.arp_ignore=1

net.ipv4.conf.eth0.arp_ignore=1

net.ipv4.conf.eth1.arp_ignore=1

net.ipv4.conf.all.arp_announce=2

net.ipv4.conf.eth0.arp_announce=2

net.ipv4.conf.eth1.arp_announce=2

3  DSR Configuration on Windows

For Windows, it is typically best to use the loopback address. However, to use the loopback address, the loopback adapter needs to be added first. To add the loopback adapter for the relevant version of Windows and to configure the VIP of the loopback interface, follow the instructions in the Add a loopback interface on Windows Server 2012, 2016 and 2019  section.

1.

3.1 Add a loopback interface on Windows Server 2012, 2016 and 2019

To add a loopback adapter on Windows Server 2012, 2016 and 2019, follow the steps below:

1. Click Start and select Server Manager.

Server Manager_1.png

2. Click Tools and selectComputer Management.

Server manager.png

3. Click Device Manager.

Computer Management.png

4. Click the computer name, click Action from the top menu bar and select Add Legacy Hardware.

Add Legacy Hardware.png

5. Click Next.

Add Hardware.png

6. Select Install the hardware that I manually select from a list (Advanced).

7. Click Next.

Add Hardware_2.png

8. Select Network adapters.

9. Click Next.

10. Select Microsoft on the left.

Add Hardware_3.png

11. Select Microsoft KM-TEST Loopback Adapter on the right.

12. Click Next.

13. Click Next again.

14. Click Finish.

15. Click Start and select Control Panel.

Control Panel.png

16. Click Network and Internet.

Network and Internet.png

17. Click Network and Sharing Center.

Network and Sharing center.png

18. Click Change adapter settings.

Add a loopback interface on_8.png

It is a good idea to rename the adapters so that they are distinguishable, for example; rename the new adapter to loopback and the real network adapter to network.

19. Configure the loopback adapter with the Virtual Service IP.

a) Right-click the loopback interface and select Properties.

Loopback properties.png

b) Select Internet Protocol Version 4 (TCP/IP) and click Properties.

Internet Protocol Version 4 (TCP IP).png

c) The TCP/IP properties window will appear. This is where the Virtual Service IP address can be configured. Enter the Virtual Service IP address and click Advanced....

Advanced TCP IP settings.png

d) In Advanced TCP/IP Settings, remove the check from the Automatic metric checkbox.

e) Enter 254 in the Interface metric text box.

Setting the Interface metric is an important step. This will disable this server so that it will not respond to ARP requests for the MAC address for the Virtual Service IP.

f) Click OK to activate the change.

g) Click OK and Close.

 

 

 

 

Ensure the “network” adapter is the actual network adapter that will send and receive traffic.

20. On the Windows command line, run the following commands:

netsh interface ipv4 set interface "network" weakhostreceive=enabled

netsh interface ipv4 set interface "loopback" weakhostreceive=enabled

netsh interface ipv4 set interface "loopback" weakhostsend=enabled

3.1.1 Loopback Adapter Configuration for IPv6

On the Windows command line, run the following commands:

netsh interface ipv6 set interface LAN weakhostreceive=enabled

netsh interface *ipv6 *set interface Kemp-SMTP-LOOPBACK weakhostreceive=enabled

netsh interface *ipv6 *set interface Kemp-SMTP-LOOPBACK weakhostsend=enabled

In the loopback adapter properties:

IPv6 address: <IPAddressOf TheVIP>

Subnet prefix length: 128

In Advanced Properties, set the Interface metric to 254.

If you want IPv6 DSR, you must have the IPv6 address as the primary address on the interface. Additional addresses may be IPv6 or IPv4, as required.

 

References

Unless otherwise specified, the following documents can be found at http://kemptechnologies.com/documentation.

Web User Interface (WUI), Configuration Guide

Last Updated Date

This document was last updated on 19 September 2022.


Was this article helpful?
0 out of 0 found this helpful

Comments