Network deployment options on the KEMP LoadMaster
There are two deployment options; one-arm and two-arm. The distinction is made on a per-Virtual Service basis. The LoadMaster can house a combination of one-arm and two-arm Virtual Services. In fact, the LoadMaster can have a Virtual Service that is configured in both methods.
One-Arm Deployment
- The load balancer has one physical network card connected to one subnet
- A Single Ethernet port (eth0) is used for both inbound and outbound traffic
- Real Servers and Virtual Services will be part of the same logical network - sometimes called flat-based - this implies that both have public IP addresses if used for services within the Internet
- Server NAT does not make sense for one-armed configurations
- Does not automatically imply the use of Direct Server Return (DSR) methods on the Real Servers
- IP address transparency will function properly if clients are located on the same logical network as the LoadMaster in a DSR configuration. IP address transparency is not supported when clients are located on the same logical network as the LoadMaster in a NAT configuration.
The one armed solution can be set-up in both a single and Highly Available (HA) configuration.
Two-Arm Deployment
- The load balancer has two network interfaces connected to two subnets - this may be achieved by using two physical network cards or by creating VLANs on a single network interface
- Virtual Services and Real Servers are on different subnets
In the example diagram above, the system has been configured as follows:
- A Virtual Service has been created on the LoadMaster with an IP address of 66.220.13.66 for an HTTP service
- The Virtual Service has been configured to balance the incoming traffic across the Real Servers (server 1, 2 and 3)
- A user requests the URL http://www.kemptechnologies.com
- The URL will be resolved by the DNS into IP address 66.220.13.66
- The request will be routed to the LoadMaster, which offers this IP address as an IP-alias of its network interface eth0
- The LoadMaster is connected to the server farm subnet 10.0.0.0 via its network interface eth1
- The LoadMaster knows that there are three Real Servers in this subnet that are assigned to the requested address 66.220.13.66 and are able to deliver the required content
- The LoadMaster uses the load balancing method configured, for example weighted round robin, to send the request on to one of the three Real Servers
- Other items to note regarding the two-armed configuration are:
- Both eth0 (net side) and eth1 (farm side) interfaces are used. Additional ports go to the farm side for multi-armed configurations
- Implies that the LoadMaster (eth0) and server farm(s) are on separate logical networks, sometimes referred to as a NAT-based topology
- The server farm(s) may make use of non-routable (RFC1918) IP addresses
- Server NAT may be useful in such a configuration
- IP address transparency will function properly if clients are located on the same logical network as the LoadMaster in both NAT (common) and DSR (uncommon) configurations.
- Virtual Services may be created on any of the Ethernet interfaces.
- Real Servers may exist on either the eth0 or up to the ethX network. However, placing Real Server on eth0 in a two-armed configuration is not recommended.
Leveraging one port and configuring the “Additional Subnet” feature qualifies as two-armed.
Comments

Yes, But you need to enable "Enable Non-Local Real Servers" option in the Miscellanous Option->Network Options.
But multiple subnets only work if you're not using transparency.

Can we use Load Balancer as a proxy device ? We have two active interfaces on LB, One interface has private IP of LAN and other interface has public IP . We want that all LAN traffic goes to internet thorugh LB and in return also come from LB.
So that on LAN computer when we do " What is my IP " so we can see our LB IP or VIP IP as source.
Sajid khan
Can we use multiple subnet in One arm ?