Implementing Windows NLB-Style Load Balancing in Linux: Distributed IP Sharing Solutions


9 views

When migrating from Windows to Linux infrastructure, many administrators seek equivalent functionality to Windows Network Load Balancing (NLB). The key characteristics we're trying to replicate:

  • Multiple nodes sharing a single virtual IP address
  • No requirement for a dedicated frontend load balancer
  • Distributed decision-making about request handling
  • No single point of failure

While Linux doesn't have a direct 1:1 equivalent to Windows NLB, several production-grade solutions can achieve similar functionality:

1. IPVS (IP Virtual Server) with Direct Routing

This is part of the Linux kernel and provides high-performance load balancing:


# Install required packages
sudo apt install ipvsadm

# Configure virtual IP
sudo ip addr add 192.168.1.100/24 dev eth0

# Add real servers
sudo ipvsadm -A -t 192.168.1.100:80 -s rr
sudo ipvsadm -a -t 192.168.1.100:80 -r 192.168.1.101 -g
sudo ipvsadm -a -t 192.168.1.100:80 -r 192.168.1.102 -g

2. Keepalived with VRRP

A more robust solution that includes health checking:


# Sample keepalived.conf
vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 100
    advert_int 1
    virtual_ipaddress {
        192.168.1.100/24
    }
}

virtual_server 192.168.1.100 80 {
    delay_loop 6
    lb_algo rr
    lb_kind DR
    protocol TCP

    real_server 192.168.1.101 80 {
        weight 1
        TCP_CHECK {
            connect_timeout 3
        }
    }
}

When implementing NLB-style solutions in Linux, consider these factors:

  • ARP Limitation: Linux nodes need proper ARP configuration to handle shared VIPs
  • Packet Filtering: Systems must accept packets not destined for their own MAC
  • Health Checking: Implement proper monitoring to detect failed nodes

For simpler two-node scenarios, UCARP provides lightweight IP failover:


# Install UCARP
sudo apt install ucarp

# Basic configuration
ucarp --interface=eth0 --srcip=192.168.1.1 \
--vhid=1 --pass=secret --addr=192.168.1.100 \
--upscript=/usr/local/bin/vip-up.sh \
--downscript=/usr/local/bin/vip-down.sh

For enterprise deployments, consider these enhancements:

  • Combine Keepalived with HAProxy for L7 load balancing capabilities
  • Implement consistent hashing for sticky session requirements
  • Use configuration management tools (Ansible/Puppet) for cluster-wide deployment

When migrating from Windows to Linux infrastructure, one common question is how to replicate Windows Network Load Balancing (NLB) functionality. Unlike traditional proxy-based load balancers, NLB operates at the network layer with participating nodes sharing the same IP address through MAC address trickery.

Microsoft's NLB works by:

  • Having all cluster nodes listen on the same virtual IP
  • Using MAC address manipulation to distribute traffic
  • Employing statistical mapping algorithms to direct requests
  • Maintaining synchronization through heartbeat messages

This differs from solutions like HAProxy or Nginx which require a dedicated frontend server.

For Linux environments, we have several production-grade options:

1. IPVS (IP Virtual Server) with Direct Routing

While often used with LVS, IPVS can be configured for direct routing similar to NLB:


# Install IPVS tools
sudo apt-get install ipvsadm

# Create virtual service
sudo ipvsadm -A -t 192.168.1.100:80 -s wlc

# Add real servers (all nodes use the VIP)
sudo ipvsadm -a -t 192.168.1.100:80 -r 192.168.1.1 -g
sudo ipvsadm -a -t 192.168.1.100:80 -r 192.168.1.2 -g
sudo ipvsadm -a -t 192.168.1.100:80 -r 192.168.1.3 -g

2. UCARP for VIP Failover

UCARP allows multiple hosts to share virtual IPs:


# On all nodes:
ucarp --interface=eth0 --srcip=192.168.1.1 \
--vhid=1 --pass=secret --addr=192.168.1.100 \
--upscript=/usr/local/bin/vip-up.sh \
--downscript=/usr/local/bin/vip-down.sh

Key factors when choosing a solution:

  • ARP handling: Linux requires proper ARP configuration for shared IPs
  • Load balancing algorithms: Round-robin, least-connections, etc.
  • Health checking: Built-in vs. custom monitoring
  • Performance impact: Kernel-level vs. userspace solutions

A robust alternative combining VRRP and LVS:


vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.1.100/24
    }
}

virtual_server 192.168.1.100 80 {
    delay_loop 6
    lb_algo wlc
    lb_kind DR
    protocol TCP

    real_server 192.168.1.1 80 {
        weight 1
        TCP_CHECK {
            connect_timeout 3
        }
    }
    real_server 192.168.1.2 80 {
        weight 1
        TCP_CHECK {
            connect_timeout 3
        }
    }
}

Each solution has trade-offs between simplicity, performance, and features. For most production environments, a combination of Keepalived and IPVS provides the closest functionality to Windows NLB while maintaining Linux standards.