Web Server Load Balancing Example Configuration

This section shows how to configure the Load Balancer from start to finish for load balanced environment with two web servers.

Example network environment

../_images/diagrams-serverlb-example.png

Server Load Balancing Example Network

Figure Server Load Balancing Example Network shows the example environment configured in this section. It consists of a single firewall, using its WAN IP address for the pool, with two web servers on a DMZ segment.

Configuring pool

To configure the pool:

  • Navigate to Services > Load Balancer
  • Click the Pools tab
  • Click fa-plus Add to create a new pool
  • Configure the pool as shown in Figure Pool Configuration, which uses the following settings:
    Name:WebServers
    Mode:Load Balance
    Description:Web server Pool
    Port:80
    Retry:5
    Pool Members:Add both web servers (10.6.0.11 and 10.6.0.12) using an HTTP Monitor
  • Click Save
../_images/serverlb-pool.png

Pool Configuration

Configuring virtual server

../_images/serverlb-virtualserver.png

Virtual Server Configuration

  • Click the Virtual Servers tab
  • Click fa-plus Add to add a new virtual server
  • Configure the Virtual Server as shown in Figure Virtual Server Configuration, which uses the following settings:
    Name:WebVirtualServer
    Description:Web Server
    IP Address:The firewall’s WAN IP address, 198.51.100.6
    Port:80
    Virtual Server Pool:
     WebServers
    Fall Back Pool:None
  • Click Submit
  • Click Apply Changes

Warning

In this example, if both of the pool servers are down, the Virtual Server is inaccessible. The firewall will act as if no Virtual Server is configured. If something on the firewall is bound to port 80, clients will reach that instead. This includes the built-in Web GUI redirect for port 80, so that should be disabled under System > Advanced on the Admin Access tab.

Configuring firewall rules

Firewall rules must be configured to allow access to the servers in the pool. The rules must allow the traffic to the internal IP addresses and port being used, and no rules are necessary for the outside IP Address and Port used in the virtual server configuration.

Create an alias containing all the servers in the pool, so access can be allowed with a single firewall rule.

  • Navigate to Firewall > Aliases
  • Click fa-plus Add to add an alias.
  • Use the following settings:
    Name:www_servers
    Type:Hosts
    Hosts:The IP addresses of both web servers: 10.6.0.11 and 10.6.0.12
  • Click Save
  • Click Apply Changes

Figure Alias for Web Servers shows the alias used for this example configuration, containing the two web servers.

../_images/serverlb-alias.png

Alias for Web Servers

Next, create a firewall rule using that alias: * Navigate to Firewall > Rules * Change to the tab for the interface where connections will enter (e.g. WAN) * Click fa-level-up Add to start a new rule at the top of the list * Use the following settings:

Interface:WAN
Protocol:TCP
Source:any
Destination Type:
 Single Host or Alias
Destination Address:
 www_servers
Destination Port Range:
 HTTP
Description:Allow to Web Server
  • Click Save
  • Click Apply Changes

Figure Adding Firewall Rule for Web Servers shows a snippet of the firewall rule added for this configuration. The options not shown are left at their defaults.

../_images/serverlb-fwruleedit.png

Adding Firewall Rule for Web Servers

Figure Firewall Rule for Web Servers shows the rule as it appears in the list.

../_images/serverlb-fwrule.png

Firewall Rule for Web Servers

Viewing load balancer status

Now that the load balancer is configured, to view its status, browse to Status > Load Balancer and click the Virtual Servers tab. This page displays the status of the server as a whole, typically listed as either Active or Down.

The Pools tab shows an individual status for each member of a Pool (as shown in Figure Pool Status). The row for a server is green if it is online, and red if the server is offline.

Additionally, each server in the pool has a checkbox next to it. Servers that are checked are active in the pool, and unchecked servers are disabled in the pool, the same as moving them between the enabled and disabled list on the pool editing page. To disable a server: Uncheck it, then click Save.

../_images/serverlb-status-online.png

Pool Status

If the web server service is stopped on one of the servers, or if the server is removed from the network entirely if using ICMP monitors, the status updates to Offline and the server is removed from the pool.

Verifying load balancing

To verify load balancing, curl is the best option to ensure the web browser cache and persistent connections do not affect the results of testing. curl is available for every OS imaginable and can be downloaded from the curl website. To use it, simply run:

curl http://mysite

In that command, replace 198.51.100.6 with either the IP address or hostname of the site. This must be tested from outside the network (e.g. from a remote network or client on WAN). The following illustrates an example of testing with curl from the WAN side:

# curl http://198.51.100.6
This is server www2 - 10.6.0.12
# curl http://198.51.100.6
This is server www1 - 10.6.0.11

When initially testing load balancing, configure each server to return a page specifying its hostname, IP address, or both, so it is made obvious which server is responding to the request. If sticky connections is not enabled, a different server will respond to each request.