ILB Operation Modes
ILB supports stateless Direct Server Return (DSR) and Network Address Translator (NAT) modes of operation for IPv4 and IPv6, in single-legged and dual-legged topologies.
Stateless DSR topology
NAT mode (full-NAT and half-NAT) topology
Direct Server Return Topology
In DSR mode, ILB balances the incoming requests to the back-end servers, but lets the return traffic from the servers to the clients bypass it. However, you can also set up ILB to be used as a router for a back-end server. In this case, the response from the back-end server to the client is routed through the system that is running ILB. ILB's current implementation of DSR does not provide TCP connection tracking (meaning that it is stateless). With stateless DSR, ILB does not save any state information of the processed packets, except for basic statistics. Because ILB does not save any state in this mode, the performance is comparable to the normal IP forwarding performance. This mode is best suited for connectionless protocols.
Advantages:
Better performance than NAT because only the destination MAC address of packets is changed and servers respond directly to clients.
There is full transparency between the server and the client. The servers see a connection directly from the client IP address and reply to the client through the default gateway.
Disadvantages:
The back-end server must respond to both its own IP address (for health checks) and the virtual IP address (for load-balanced traffic).
Because the load balancer maintains no connection state (meaning that it is stateless), adding or removing servers will cause connection disruption.
The following figure shows the implementation of ILB using the DSR topology.
Half-NAT Load-Balancing Topology
In the half-NAT mode of ILB operation, ILB rewrites only the destination IP address in the header of the packets. If you are using the half-NAT implementation, you cannot connect to a virtual IP (VIP) address of the service from the same subnet on which the server resides. The following table shows the IP addresses of the packets flowing between client and ILB, and between ILB and back-end servers.
Full-NAT Load-Balancing Topology
In the full-NAT implementation, the source and destination IP addresses are rewritten to ensure that the traffic goes through the load balancer in both directions. The full-NAT topology makes it possible to connect to the VIP from the same subnet that the servers are on.
The following table depicts the IP addresses of the packets flowing between a client and ILB, and between ILB and a back-end server using the full-NAT topology. No special default route using the ILB box is required in the servers. But note that the full-NAT topology requires the administrator to set aside one or a range of IP addresses to be used by ILB as source addresses to communicate with the back-end servers. Assume that the addresses used belong to subnet C. In this scenario, the ILB behaves as a proxy.