Implementing Windows NLB-Style Load Balancing in Linux: Distributed IP Sharing Solutions


29 views

When migrating from Windows to Linux infrastructure, many administrators seek equivalent functionality to Windows Network Load Balancing (NLB). The key characteristics we're trying to replicate:

  • Multiple nodes sharing a single virtual IP address
  • No requirement for a dedicated frontend load balancer
  • Distributed decision-making about request handling
  • No single point of failure

While Linux doesn't have a direct 1:1 equivalent to Windows NLB, several production-grade solutions can achieve similar functionality:

1. IPVS (IP Virtual Server) with Direct Routing

This is part of the Linux kernel and provides high-performance load balancing:


# Install required packages
sudo apt install ipvsadm

# Configure virtual IP
sudo ip addr add 192.168.1.100/24 dev eth0

# Add real servers
sudo ipvsadm -A -t 192.168.1.100:80 -s rr
sudo ipvsadm -a -t 192.168.1.100:80 -r 192.168.1.101 -g
sudo ipvsadm -a -t 192.168.1.100:80 -r 192.168.1.102 -g

2. Keepalived with VRRP

A more robust solution that includes health checking:


# Sample keepalived.conf
vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 100
    advert_int 1
    virtual_ipaddress {
        192.168.1.100/24
    }
}

virtual_server 192.168.1.100 80 {
    delay_loop 6
    lb_algo rr
    lb_kind DR
    protocol TCP

    real_server 192.168.1.101 80 {
        weight 1
        TCP_CHECK {
            connect_timeout 3
        }
    }
}

When implementing NLB-style solutions in Linux, consider these factors:

  • ARP Limitation: Linux nodes need proper ARP configuration to handle shared VIPs
  • Packet Filtering: Systems must accept packets not destined for their own MAC
  • Health Checking: Implement proper monitoring to detect failed nodes

For simpler two-node scenarios, UCARP provides lightweight IP failover:


# Install UCARP
sudo apt install ucarp

# Basic configuration
ucarp --interface=eth0 --srcip=192.168.1.1 \
--vhid=1 --pass=secret --addr=192.168.1.100 \
--upscript=/usr/local/bin/vip-up.sh \
--downscript=/usr/local/bin/vip-down.sh

For enterprise deployments, consider these enhancements:

  • Combine Keepalived with HAProxy for L7 load balancing capabilities
  • Implement consistent hashing for sticky session requirements
  • Use configuration management tools (Ansible/Puppet) for cluster-wide deployment

When migrating from Windows to Linux infrastructure, one common question is how to replicate Windows Network Load Balancing (NLB) functionality. Unlike traditional proxy-based load balancers, NLB operates at the network layer with participating nodes sharing the same IP address through MAC address trickery.

Microsoft's NLB works by:

  • Having all cluster nodes listen on the same virtual IP
  • Using MAC address manipulation to distribute traffic
  • Employing statistical mapping algorithms to direct requests
  • Maintaining synchronization through heartbeat messages

This differs from solutions like HAProxy or Nginx which require a dedicated frontend server.

For Linux environments, we have several production-grade options:

1. IPVS (IP Virtual Server) with Direct Routing

While often used with LVS, IPVS can be configured for direct routing similar to NLB:


# Install IPVS tools
sudo apt-get install ipvsadm

# Create virtual service
sudo ipvsadm -A -t 192.168.1.100:80 -s wlc

# Add real servers (all nodes use the VIP)
sudo ipvsadm -a -t 192.168.1.100:80 -r 192.168.1.1 -g
sudo ipvsadm -a -t 192.168.1.100:80 -r 192.168.1.2 -g
sudo ipvsadm -a -t 192.168.1.100:80 -r 192.168.1.3 -g

2. UCARP for VIP Failover

UCARP allows multiple hosts to share virtual IPs:


# On all nodes:
ucarp --interface=eth0 --srcip=192.168.1.1 \
--vhid=1 --pass=secret --addr=192.168.1.100 \
--upscript=/usr/local/bin/vip-up.sh \
--downscript=/usr/local/bin/vip-down.sh

Key factors when choosing a solution:

  • ARP handling: Linux requires proper ARP configuration for shared IPs
  • Load balancing algorithms: Round-robin, least-connections, etc.
  • Health checking: Built-in vs. custom monitoring
  • Performance impact: Kernel-level vs. userspace solutions

A robust alternative combining VRRP and LVS:


vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.1.100/24
    }
}

virtual_server 192.168.1.100 80 {
    delay_loop 6
    lb_algo wlc
    lb_kind DR
    protocol TCP

    real_server 192.168.1.1 80 {
        weight 1
        TCP_CHECK {
            connect_timeout 3
        }
    }
    real_server 192.168.1.2 80 {
        weight 1
        TCP_CHECK {
            connect_timeout 3
        }
    }
}

Each solution has trade-offs between simplicity, performance, and features. For most production environments, a combination of Keepalived and IPVS provides the closest functionality to Windows NLB while maintaining Linux standards.