0

We have a set of load-balanced (using Microsoft NLB v6.1) Windows servers (Windows Server 2008 R2) with IIS7 that host a range of web applications. These web applications do a lot of web service requests to external web services, which is fine.

We have found a problem with these web applications communicating with themselves. Say we have a web application at https://app.example.com/ that communicates with https://api.example.com/ (notice the use of SSL, which I think makes this even more problematic). Both app and api are running on the same physical web servers, load-balanced under the same physical load balancer.

For some reason, this "looped" communication doesn't work. From our ISP, we've gotten an explanation I don't really understand, but that includes "the IP stack gets confused on which server is going to get the IP response to a given request".

Is this a problem anyone, anywhere has managed to solve? We don't want to communicate with our own web services in any other way than any of our external partners communicate with them. We wan to use the same SSL certificate, same URL and same IP address. Is this possible?

Asbjørn Ulsberg
  • 153
  • 5

1 Answers1

1

This is a common problem. Basically the problem (as I understand it) is that the load balancer doesn't like the connection to come through the same port and back out the same port.

When using physical Cisco load balancers I've been able to work around this by using some pretty complex network designs. Not sure how to do the same when using NLB.

mrdenny
  • 27,174
  • 4
  • 41
  • 69
  • So our only option is to buy a physical load balancer? Is Cisco the best option then or are there others that will perform the tasks we want and solve the problem I've described easier and better? – Asbjørn Ulsberg Aug 06 '11 at 10:35
  • I've always done it with Cisco in the past. Current project I'm looking at I'm getting Brocade. Same features lower price. I'm not a networking guy, I'd highly recommend checking your config through a network specialist before committing funds. I'd hate to point you in the wrong direction. – mrdenny Aug 06 '11 at 23:13