Previous Next

• 08-15-2008, 6:38 AM

  coolbear Joined on 08-15-2008, 10:27 AM Posts 4

  Problem load balancing multiple sites on multiple ips. Reply Contact I have a problem load balancing with pfSense to 2 boxes running iis7. Each box hosts 6 sites and uses shared config to keep in sync. Each site is bound to a different ip address on each box, so site1 on box1 is (for example) 192.168.1.1:80, site1 on box2 is 192.168.1.2:80, site2 on box1 is 192.168.1.3:80, site2 on box2 is 192.168.1.4:80 etc. The problem is that pfSense cannot determine which site is up or down on which server because iis reponds to requests for stopped sites with a 404 page. That is unless _all_ the sites are stopped on a single server, in which case iis does not respond and pfSense then correctly marks all the sites on that machine as down and routes requests elsewhere. It seems that when running multiple sites on iis, bound to different ips but on the same _port_ you find that iis will respond to requests for sites you have stopped unless you have stopped all of the sites. Surely this cannot be correct? If you run each site on a different port iis appears to work as you would expect, and as soon as you stop a site it stops responding, rather than serving a 404 page. Has anyone else come across this issue and is there a resolution, other than to run all sites on a different port? Many thanks!

• 08-17-2008, 10:13 PM

  In reply to

  steve schofield Joined on 06-10-2002, 8:54 PM MI Posts 2,581	Re: Problem load balancing multiple sites on multiple ips. Reply Contact I'm assuming pfsense is a firewall product for BSD or *nix.   What are you using to load-balance between multiple machines?  NLB (network load balancing) provided by MS? Steve Schofield Windows Server MVP - IIS http://weblogs.asp.net/steveschofield http://www.IISLogs.com Log archival solution Install, Configure, Forget

• 08-18-2008, 8:11 AM

  In reply to

  coolbear Joined on 08-15-2008, 10:27 AM Posts 4

  Re: Problem load balancing multiple sites on multiple ips. Reply Contact steve schofield: I'm assuming pfsense is a firewall product for BSD or *nix.   What are you using to load-balance between multiple machines?  NLB (network load balancing) provided by MS? It's a firewall running on bsd. It does load balancing, you create a virtual ip and it farms off requests to a pool of servers that you define. If detects whether a server is down by whether it gets a response or not from the ip/port that you set up. My problem is that iis7 is not behaving and is responding on an ip/port that is bound to a site that is stopped, when it should just not respond (the way apache would, and (i'm told) the way iis6 would).

• 08-18-2008, 9:27 AM

  In reply to

  steve schofield Joined on 06-10-2002, 8:54 PM MI Posts 2,581

  Re: Problem load balancing multiple sites on multiple ips. Reply Contact We run into a similar situation with using hardware load-balancers.  What we do to work around this type of situation is install Microsoft Loopback Adapter, put the VIP related IP addresses on the loopback adapter.  This way, the OS 'thinks' the ip address lives on the box.  Try 1) Install the loopback adapter, remove all the protocols except for TCP/IP 2) Add the VIP ip address as the primary address on the loopback adapter, if you have additional IP's, add them appropriately.  There is no default gateway or DNS settings on this NIC. 3) Change the Automatic Metric on the IP Settings tab so the Interface metric is 99.   This option is in the Advanced TCP/IP settings section. Hope this helps. Steve Schofield Windows Server MVP - IIS http://weblogs.asp.net/steveschofield http://www.IISLogs.com Log archival solution Install, Configure, Forget

• 08-18-2008, 9:29 AM

  In reply to

  steve schofield Joined on 06-10-2002, 8:54 PM MI Posts 2,581

  Re: Problem load balancing multiple sites on multiple ips. Reply Contact One additional thing.  If adding the loopback adapter does not work appropriately, try running the command in my blog post.  http://weblogs.asp.net/steveschofield/archive/2008/07/23/enable-loopback-adapter-on-windows-server-2008.aspx Hope this helps. Steve Schofield Windows Server MVP - IIS http://weblogs.asp.net/steveschofield http://www.IISLogs.com Log archival solution Install, Configure, Forget

• 08-18-2008, 3:02 PM

  In reply to

  coolbear Joined on 08-15-2008, 10:27 AM Posts 4

  Re: Problem load balancing multiple sites on multiple ips. Reply Contact Many thanks for the advice. I have done this: Added the loopback Used the netsh commands you suggested  Removed everything but tcpip v4/6 from the adapter Removed one of the ips from the main (live adapter) Assigned it to the loopback, with metric 99 and no dns/gateway. Mask 255.255.255.0 Rebooted I still get a 404 page from IIS for the site bound to the ip I've moved to the loopback adapter, even though it is stopped in IIS admin. I think I've done everything you suggested, I may have done something wrongly though, please let me know.  Thanks

• 08-18-2008, 11:02 PM

  In reply to

  steve schofield Joined on 06-10-2002, 8:54 PM MI Posts 2,581

  Re: Problem load balancing multiple sites on multiple ips. Reply Contact I would get one site working on both nodes first before adding multiples IP address to confirm the configuration is working.   Does the VIP address actually live on the firewall?  From a layer 2/3 perspective, the MAC / IP address live on the firewall and load-balances the HTTP traffic? Steve Schofield Windows Server MVP - IIS http://weblogs.asp.net/steveschofield http://www.IISLogs.com Log archival solution Install, Configure, Forget

• 08-18-2008, 11:04 PM

  In reply to

  steve schofield Joined on 06-10-2002, 8:54 PM MI Posts 2,581

  Re: Problem load balancing multiple sites on multiple ips. Reply Contact Another configuration option you can do is disable IIS from listening on port 80 for all ips. 0.0.0.0:80.  You can then setup the box to listen for each IP and port.  Here is a article that shows the syntax.  It's meant to have apache and iis 7 on the same machine, but in this case also there is 2 ip addresses.  http://weblogs.asp.net/steveschofield/archive/2007/07/06/iis7-post-44-iis7-and-apache-on-the-same-machine.aspx Hope this helps.   Steve Schofield Windows Server MVP - IIS http://weblogs.asp.net/steveschofield http://www.IISLogs.com Log archival solution Install, Configure, Forget

• 08-19-2008, 8:29 PM

  In reply to

  coolbear Joined on 08-15-2008, 10:27 AM Posts 4

  Re: Problem load balancing multiple sites on multiple ips. Reply Contact Thanks for all your advice. For your info the VIP lives on the firewall and load balances as you say. I couldn't go back to basics and set it up from scratch as I have clients using a live system on the boxes so can't take it down. I've not tried the suggestions in the apache post as I don't see that they will work, I've tried adding the ips to the iplisten list already and I still get the behaviour I've described. I've gone for changing the setup so I have one ip for iis on each box and I'm running each site on a different port. This appears to work fine since iis doesn't respond to stopped sites if they're on different ports, so pfSense detects them as up/down correctly. It's quite a faff to set up though. I'm actually quite happy the new config, however, because with this set up I won't have to remap all my ips when I add a new web node to the cluster. It concerns me still that iis doesn't play ball with ip mappings to individual sites though, it really ought to bind correctly to only sites that are up and not respond with 404 to sites that are down.

• 08-19-2008, 9:52 PM

  In reply to

  steve schofield Joined on 06-10-2002, 8:54 PM MI Posts 2,581

  Re: Problem load balancing multiple sites on multiple ips. Reply Contact I'm not familar enough with pfSense to say, it sounds a little like a Cisco content switch where the traffic goes in and out the same device.  How does the pfSense check for site up / down?  A load-balancer I've worked with has 'special' TCP mappings on the device and uses DSR (direct server return) so all traffic goes out the server NIC.   This setup sounds similar but the TCP rules are opposite.  If possible, you could use Virtual PC or Vmware to setup a similar environment.  By default, IIS listens on all bindings requests for port 80.  By decoupling that setting, the bind / ip to a particular site sounds doable, or at least a lead.  This is the first request I've seen using IIS and pfSense. :-> Steve Schofield Windows Server MVP - IIS http://weblogs.asp.net/steveschofield http://www.IISLogs.com Log archival solution Install, Configure, Forget