The latest insights from the load balancing experts | Loadbalancer.org
  • Support
  • Blog
  • +1 833 274 2566
  • Solutions
  • Services
  • Products
  • Resources
  • Get Started
  • Support
  • Blog
Schedule your demo
  • Solutions
  • Services
  • Products
  • Resources
  • Get Started
  • Support
  • Blog

The latest insights from the load balancing experts | Loadbalancer.org

  • Latest posts
  • By topic
    • How Tos
    • Events
    • Guest Blogs
    • Top Ten Blogs
    • HA Proxy
  • By sector
    • Healthcare
    • Storage
    • Security
    • Print
    • Microsoft
  • How-To's
  • HAProxy
  • High Availability
  • Just for Fun
  • Security
  • Events
  • News
  • Linux
  • Top 10 Blogs
  • Amazon AWS
  • Reviews and Comparisons
  • Healthcare
  • SSL
  • Web Application Firewall (WAF)
  • Case Studies
  • Microsoft Azure
  • Disaster Recovery
  • Direct Server Return (DSR)
  • Global Server Load Balancing (GSLB)
  • Microsoft
  • Microsoft Exchange
  • Print
  • Denial of Service
  • Microsoft Remote Desktop Services
  • Object Storage
  • Web Filters / Proxy
  • Broadcast Media
  • X-Forwarded-For Header (XFF)
  • Guest Blogs
  • VMware
  • Google Cloud Platform (GCP)
  • Nutanix
See more tags

Load balancing via Direct Routing has several key advantages over NAT based methods

1 July 2008 / 2 min read / Direct Server Return (DSR)

One of the (many) traditional problems with load balancing is the requirement to change your infrastructure in order to implement a hardware load balancer.

Traditional DNS based round robin was easy as you just added extra IP addresses to your A record, but when using a hardware load balancer you need to get it between your clients and your servers. Some of the original units such as the CISCO 416 local re-director could be used in 'bridge mode' where traffic was physically forced to pass through the load balancer hardware and the packets were changed on the fly. Although this was fairly transparent it introduced a single point of failure in the load balancer unit. Most recent load balancer hardware is configured in NAT mode (like a firewall) where traffic is translated from an external subnet to an internal one while carrying out the load balancing of packets.

The advantage of NAT mode is:

  • Works with all backend servers (real servers) by changing the default gateway to point at the load balancer
  • Fairly high performance as it works like a router (faster than your average firewall)
  • Enables traffic inspection, translation and reporting on both inbound and outbound
  • Is transparent to the real servers (i.e. server logs show correct client IP address.)

But the big disadvantage of NAT mode load balancing is that you need to move your backend servers into a different subnet.
This  can be a real pain in the neck...

  • NAT requires both an external (public) and internal (private) subnet
  • All the backend servers must use the load balancer as a default gateway
  • Any non-load balanced services DNS, SMTP etc. must all have specific firewall pin holes or routes created for them
  • Often all internal services can be masqueraded through the load balancers external IP
  • When you setup you often need to physically change your architecture (network cabling)
  • When something goes wrong you often need to physically change your architecture (network cabling)

NB. Layer 7 proxies (F5, Zeus, HaProxy etc.) in non-transparent mode don't have these issues (but they are very computationally expensive). In transparent mode they must be setup in the same manner as NAT with internal subnet and default gateway.

Direct Routing (Direct Server Return) is the only transparent load balancing technique that doesn't require the default gateway to point at the load balancer.
The advantages of Direct Routing are:

  • Full transparency: The servers see a connection directly from the client IP and reply to the client through the normal default gateway.
  • No infrastructure changes required: The load balancer can be on the same subnet as the backend servers.
  • Lightning fast: Only the destination MAC address of the packets is changed and multiple return gateways can be utilized for true multi-gigabit throughput

The disadvantages of Direct Routing are:

  • Backend server must respond to both its own IP (for health checks) and the virtual IP (for load balanced traffic)
  • Port translation or cookie insertion cannot be implemented.
  • The backend server must not reply to ARP requests for the VIP (otherwise it will steal all the traffic from the load balancer)
  • Prior to Windows Server 2008  some odd routing behavior could occur in <2% of Windows Server installation.
  • In some situations either the application or the operating system cannot be modified to utilse Direct Routing.

In my personal opinion, if you can use Direct Routing then you should use it.
Lori MacVittie has a few extra disadvantages listed here

Found in

Direct Server Return (DSR), Linux

About the author

Malcolm Turnbull-profile-image
Malcolm Turnbull

Malcolm is the founder of Loadbalancer.org, a company that has generated more than 17 years strong organic growth using Open Source technology sold as packaged hardware & software solutions. He has a tendency to talk way too much and play devils advocate in any conversation.

Read More

Related posts

HAProxy
HAProxy
21 May 2020
Layer 4 vs Layer 7 load balancing - we still love DSR, but… Andrew Howe
Direct server return, direct routing - no matter what you call it, using DSR maximises the throughput of return traffic and allows for near endless scalability. Here's why we still love it.

3 min read

Read more
Direct Server Return (DSR)
Direct Server Return (DSR)
20 Dec 2018
15 years later, we still love DSR Andrew Howe
Some relationships fizzle out over time. You know how it goes - you change, you start fighting, you grow apart. But fifteen years on, Loadbalancer.org’s love affair with Layer 4 DR mode is

2 min read

Read more
How-To's
28 Jul 2008
LVS Local node patch for Linux 2.6.25, Centos 5 kernel build how-to Malcolm Turnbull
Standard Kernel builds of LVS (Linux Vitual Server) don't have the ability to load balance traffic that is from the local node. For example if you terminated some SSL traffic using stunnel or pound on

3 min read

Read more

Get started

Get in touch

Start a conversation about the right solution for your business.

Get in touch

Create your quote

Transparent pricing you can see straight away.

Create your quote

Download now

Try us free for 30 days – see why our customers love us.

Download now

Schedule a virtual meeting with us

Working remotely or from home? Let’s meet on a call or online.

Let's meet

Follow Loadbalancer.org

+1 833 274 2566
  • Company
    • Solutions
    • Services
    • Load balancer
    • Why Loadbalancer.org
    • Blog
    • Professional services
    • Sitemap
  • Load balancer
    • Get a quote
    • Free trial
    • Online demo
  • Resources
    • Manuals
    • Deployment guides
    • Applications
    • White papers
    • Case studies
    • Solutions
  • Support
    • FAQ's
    • Open a ticket
    • Security news
  • Applications
    • Healthcare
    • Storage
    • Print
    • Security
    • Microsoft
The latest insights from the load balancing experts | Loadbalancer.org

The latest insights from the load balancing experts | Loadbalancer.org. All rights reserved

  • Contact Us
  • Terms & Conditions
  • Privacy Policy