Kieran Jacobsen

Kieran Jacobsen

He/Him. Microsoft MVP and GitKraken Ambassador. 🌏 Poshsecurity.com. 🏳‍🌈 Gay. 🐱 Cat owner.

Windows Server 2008 R2 + LVS with Direct Routing and Windows Firewall

For those of you who are in the need for an IP LoadBalanacer, and do not want to pay for an F5, check out the LVS project.

We recently set up a number of LVS balanced pages, and quickly came into difficulty in selecting thr routing method used. We struggled to find documentation, and were told to use the NAT technique, something that we were not happy with. The lack of documentation was also not helped due to the fact we wanted to load balanced Windows 2008 R2 servers running IIS 7.5.

We managed to work out how to set up both the Linux side of the fence (the machines running LVS) and then what to do on the Windows Servers being balanced. We also managed to leave the Windows Firewall on!

Once you have your LVS setup running. Perform the following steps to

1. Perform the standard configuration using what ever method you like (Piranha the web interface is brilliant for this) and ensure you select "Direct Route"

2. Restart Pulse service

3. Add the Loop back adapter to each Windows machine as specified at DR and LV Tun Clusters

4. You do not need to disable the Windows Firewall

5. Setup weak host send and recieve as specified at the loadbalancer blog.

Snort on Ubuntu 11.04

Powershell Script Template