To increase outbound traffic throughput for sustained uploads, such as streamed audio or visual media, you can enable Direct Server Return (DSR) for each of your real servers. With DSR, connection requests and incoming traffic are passed from the Barracuda Load Balancer ADC to the real server but all outgoing traffic goes directly from the real server to the client. DSR is ideal for high-bandwidth requirements such as content delivery networks and lets you keep the existing IP addresses of your real servers.
- WAN refers to interface(s) configured to access the external network.
- LAN refers to interface(s) configured to access the internal network.
Figure 1 below illustrates how requests and responses are processed in a one-armed network where DSR is enabled for the real servers.
- The request arrives at the switch and is passed to the virtual IP (VIP) address on the Barracuda Load Balancer ADC.
- A real server is selected, and the data frame of the packet is modified to be the MAC address of that real server.
- The packet is then placed back on the network.
- Because the VIP address is bound to the real server’s loopback interface, the real server accepts the packet.
- The real server responds directly to the client using the VIP address as the source IP address.
Figure 1. Example DSR, one-armed architecture.
Because DSR uses a flat network topology at the Layer 2 (switching) and Layer 3 (IP) levels, the Barracuda Load Balancer ADC, VIP addresses, and real servers all must be within the same IP network and connected on the same switch. Figure 1 above shows this topology. Each real server must be one hop away from the Barracuda Load Balancer ADC and use the WAN port. The switch of the real servers must be either directly connected into the WAN port of the Barracuda Load Balancer ADC or connected to a series of switches that eventually reach the WAN port of the Barracuda Load Balancer ADC without going through any other networking devices. You can have DSR servers and non-DSR servers running the same service.
When you deploy real servers in DSR mode, ensure that the following conditions are met:
- The Barracuda Load Balancer ADC has the WAN adapter plugged into the same switch or VLAN as all of the real servers.
- The real servers are on the same subnet as the WAN of the Barracuda Load Balancer ADC.
- The WAN IP address, all VIPs, and all of the real servers that use DSR are on the same IP subnet.
- Each real server recognizes the VIP as a local address. Enable a non-ARPing virtual adapter such as a loopback adapter and bind it to the VIP address of the load-balanced service. Because this is not a true adapter, do not define a gateway in the TCP/IP settings for this adapter.
- Real servers that accept traffic from multiple VIPs have a loopback adapter enabled for each VIP . Additionally, the applications on each real server are aware of both the virtual IP address and the real IP addresses.
DSR has the following limitations:
- Layer 7 services (HTTP, FTP, UDP Proxy, TCP Proxy, and RDP) are not supported.
- Response headers and data cannot be handled (e.g., caching, compression, URL rewrites).
- SSL offloading is not supported.
- Only Layer 4 load balancing is supported.
- Only client IP persistence can be used; cookie persistence is not supported.
Before you use DSR, go to the NETWORK > Interfaces page and add a custom virtual interface with a netmask that is larger than that of the VIP address. The Barracuda Load Balancer ADC uses the custom virtual interface to correctly forward packets to real servers that are enabled with DSR.
After you add the custom virtual interface, go to the BASIC > Services page and enable DSR individually for each real server listed under each service. In the server settings, set Direct Server Return to Enable.
For more information on deploying DSR in a Microsoft Windows Server, Linux, or Windows XP environment, see: