Configuring Direct Server Return (DSR)
The Direct Server Return (DSR) feature enables a server to respond directly to clients without having to go through the load balancer, which eliminates a bottleneck in the server-to-client path.
When to use DSR
When response time matters
When no intelligence is required
When the output capacity of the load balancer might be a bottleneck
No connection limit
Client access servers can see the client IP address
A single interface is required on the load balancer
Infrastructure intrusive: you must configure the load balancer virtual IP on the client access server (Loopback).
No SSL acceleration; no advanced persistence
How DSR works
DSR is also known as the "Gateway" mode.
In layer 4 gateway mode, the ALOHA load balancer sees only the traffic going from the client to the server. The servers answer directly to the client through its default gateway.
The client reaches the Virtual IP address configured on the load balancer.
The ALOHA load balancer chooses a server based on its configuration, and changes the destination MAC address of the frame before it forwards it to the server.
The server receives the packets corresponding to the request.
The server answers directly back to the client, bypassing the ALOHA load balancer.
The backends must have the service IP configured on a loopback in order to accept the requests.
Configure DSR on ALOHA
In ALOHA's user interface, browse to the "LB Layer 4" tab.
Copy and paste the following lines in the "Configuration" box:
director exchange 10.0.0.9:443 TCP balance roundrobin #alctl: load balancing algorithm mode gateway #alctl: forwarding mode check interval 10 timeout 2 #alctl: check parameters option tcpcheck #alctl: adv check parameters server exchange1 10.0.0.13:443 weight 10 check #alctl: server exchange1 server exchange2 10.0.0.14:443 weight 10 check #alctl: server exchange2
Configure DSR on Linux
This section describes the server side configuration to make it compatible with an ALOHA load balancer configured in Layer 4 DSR mode.
Create a loopback interface (i.e. lo:1) with the Virtual IP address and a netmask value setup to 255.255.255.255 (/32).
Remember to make it resilient at startup. This configuration depends on the Linux distribution you are using.
Set up the two
To apply the changes directly, run the commands below:
$ sudo sysctl -w net.ipv4.conf.all.arp_ignore=1 $ sudo sysctl -w net.ipv4.conf.all.arp_announce=2
To make these changes resilient after reboot, edit your /etc/sysctls.conf file to add the two lines below:
Next upTCP SYNPROXY Module