Windows Servers in LVS/DR and LVS/TUN Clusters

From LVSKB
Jump to: navigation, search

Introduction

In the Windows operating systems, ip addresses configured on the loopback interface will not participate the ARP protocol.

To use this feature, you need install Microsoft Loopback Adapter on your Windows systems.

Windows NT and Windows 2000 Server

  1. Click Start, point to Settings, click Control Panel, and then double-click Add/Remove Hardware.
  2. Click Add/Troubleshoot a device, and then click Next.
  3. Click Add a new device, and then click Next.
  4. Click No, I want to select the hardware from a list, and then click Next.
  5. Click Network adapters, and then click Next.
  6. In the Manufacturers box, click Microsoft.
  7. In the Network Adapter box, click Microsoft Loopback Adapter, and then click Next.
  8. Click Finish.

Windows Server 2003

[1] and disable Windows Firewall

Windows Server 2008

Same as 2003? Also need to enable weakhostsend and weakhostreceive in the interfaces via netsh; see: http://www.loadbalancer.org/blog/direct-server-return-on-windows-2008-using-loopback-adpter/

Disable ARP for VIP

In LVS/DR clusters, you can configure VIP on Microsoft Loopback Adapter in the Windows operating system.

The only trick is how to set netmask for VIP, because Windows do not allow to configure netmask 255.255.255.255 for VIP unless Windows registry is modified. When non-255.255.255.255 netmask is used, there is a network configured on Microsoft Loopback Adapter, this network should not route packet because it is not connected to any physical media. Usually, a much bigger netmask such as 10.0.0.0 is used, so that this loopback driver most likely will not be used while sending packets to VIP network.

While this may effectively disable ARP, it can cause some routing issues. If the real server needs to access the external network (internet browsing, DNS lookups, etc.), Windows may add a route that will attempt to use the loopback adapter even though there is no gateway. Suppose your server address is 64.x.x.x/255.0.0.0 and you browse to google.com which is 64.233.167.99, the connection will fail since the route will be favored over another because it is local (even if you set the gateway metric really high because the computer thinks no gateway is required).

The solution may be to just go into the registry and edit the subnet to 255.255.255.255. This can be done in Windows 2003 server in the registry branch: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{loopback device id} and change the SubnetMask key to 255.255.255.255.

This appears to have the affect of disabling ARP and does not affect the route table.

References