NLB integration modes (Enterprise Edition)

ISA Server 2006 Enterprise Edition only

Network Load Balancing (NLB) configuration is enabled per array. Each array can be configured in one of these modes:

• Integrated NLB. In this mode, you use ISA Server Management to configure NLB. You can configure whether a specific network should be load balanced. An integrated easy-to-manage configuration, array integrity maintenance, multi-networking, VPN support, and troubleshooting information are available. NLB configuration for unicast mode and single affinity is supported.
• Non-integrated NLB. In this mode, you use the Windows-based NLB tools to configure NLB.

By default, NLB integration is not enabled when you install Microsoft Internet Security and Acceleration (ISA) Server 2006. For instructions on enabling NLB integration, see Enable Network Load Balancing integration.

After NLB is enabled for the array, you can configure NLB on the array-level networks. You can enable NLB on any physical Ethernet network. Do not enable NLB on networks that are not physically connected to the array. Specifically, we recommend that you enable NLB on all networks physically connected to the array (except for the intra-array network). For instructions, see Enable Network Load Balancing for a network.

When you enable NLB on a network, you specify the virtual IP address for that network. For instructions, see Configure a virtual IP address for a network.

ISA Server performs stateful inspection on all traffic. For this reason, ISA Server works with Windows NLB to ensure that incoming and outgoing traffic for each session is handled by the same array member. This is important because it enables ISA Server to perform stateful inspection on the traffic.

Disabling NLB integration

When you disable integrated NLB mode, the existing Windows NLB settings remain configured on each array member. You can use Windows NLB tools on each array member computer to further modify these NLB configuration settings.

To completely disable NLB:

1. Disable NLB for each network. For instructions, see Enable Network Load Balancing for a network.
2. Apply changes. Check the Services tab and verify that the status for Network Load Balancing on each server is Not Configured. Also, verify that all array members are running.
3. Disable NLB integration. For instructions, see Disable Network Load Balancing integration.

Adding virtual IP addresses to network adapters

When NLB integration is enabled, ISA Server enables you to add additional virtual IP addresses to network adapters across your array. These additional IP addresses can be used in NLB publishing scenarios.

An example of a scenario where you would require more than one virtual IP address is when you are publishing two Web servers to two distinct public names on the Internet, such as https://www.contoso.com and https://www.fabrikam.com. Two Web listeners are required, each with it's own digital certificate matching the public site name. Since both listeners will listen on port 443, they must listen on separate virtual IP addresses. The addition of virtual IP addresses makes this possible.

When you add IP addresses to your network adapters through the ISA Server NLB properties, each adapter on the ISA Server array will be assigned an identical IP address in addition to the dedicated IP address of the adapter on that server. For example, if you add the IP address 206.73.118.1 to the External network, each array member's external network adapter will have that address added. This eliminates the risk of non-matching IP addresses, which can occur when manually assigning addresses to each array member's adapter.

Notes

• When you enable integrated NLB, the addresses provided in ISA Server override the addresses you may have added using the Windows interface.
• To add virtual IP addresses, on the NLB tab of the network properties, click Add VIP. Each of the addresses will be added to the matching network's network adapter with same subnet mask as that of the primary virtual IP address.
• For more information about NLB in ISA Server, see Network Load Balancing Concepts in ISA Server 2006 on the Microsoft ISA Server TechCenter Web site (http://www.microsoft.com).

Important

You cannot change the primary virtual IP address while additional virtual IP addresses are present. The change must be made as follows:

1. Change the primary virtual IP address.
2. Disable NLB on the network.
3. Apply the change.
4. Wait for all of the array members to apply the change.
5. Enable NLB on the network.
6. Apply the change.

Alternatively, you can follow this procedure:

1. Remove the additional virtual IP addresses.
2. Change the primary virtual IP address.
3. Apply the change.
4. Wait for all of the array members to apply the change.
5. Reconfigure the additional virtual IP addresses.
6. Apply the change.

---

Get latest ISA Server content at ISA Server Guidance. Send feedback about this page.

• English-to-Russian translation