How to Configure Network Load Balancing (NLB) on Windows Server 2012 R2

How to Configure Network Load Balancing (NLB) on Windows Server 2012 R2

Network Load Balancing (NLB) is a Windows Server feature that distributes incoming network traffic across multiple servers in a cluster, improving application scalability and availability. Unlike Failover Clustering, NLB is designed for stateless workloads — typically web servers, terminal servers, VPN concentrators, and other applications where multiple instances can simultaneously serve client requests. When one NLB node becomes unavailable, the remaining nodes continue handling traffic. Windows Server 2012 R2 includes NLB as a built-in feature with support for both unicast and multicast operating modes, session affinity, and port-specific rules.

Prerequisites

You need at least two Windows Server 2012 R2 servers that will serve as NLB cluster members. Each server should have at least two network adapters: one dedicated to NLB (cluster traffic) and one for normal server management. All NLB nodes must be on the same subnet. The application or service being load balanced must be installed identically on each node and must be capable of handling requests without persistent state stored locally (or with external state storage such as a shared database or session state server). Administrative rights on all nodes are required.

Step 1: Install Network Load Balancing Feature

Install NLB on all servers that will participate in the cluster:

Install-WindowsFeature NLB -IncludeManagementTools

Install on remote nodes:

$nlbNodes = @("WebServer01", "WebServer02", "WebServer03")
$nlbNodes | ForEach-Object {
    Invoke-Command -ComputerName $_ -ScriptBlock {
        Install-WindowsFeature NLB -IncludeManagementTools
    }
}

Verify installation:

Get-WindowsFeature NLB | Select-Object Name, InstallState

Step 2: Plan NLB Network Configuration

Before creating the NLB cluster, plan the addressing:

Cluster IP Address — The virtual IP address clients will connect to (e.g., 192.168.1.200). This IP is shared across all NLB nodes and must be registered in DNS pointing to the service hostname. Dedicated IP Address — Each node retains its own unique IP for management and server-to-server communication. Operating Mode — Unicast mode uses a single MAC address shared by all nodes (switches may flood traffic to all ports). Multicast mode assigns a multicast MAC to the cluster IP while nodes retain their original MACs (requires switch support for multicast ARP).

Step 3: Configure Network Adapters

For best practices, dedicate one adapter to NLB and one to management. Configure the NLB adapter on each node with both the unique host IP and the cluster IP before creating the NLB cluster:

# Rename adapters for clarity (on each node)
Rename-NetAdapter -Name "Ethernet" -NewName "NLB_LAN"
Rename-NetAdapter -Name "Ethernet 2" -NewName "Mgmt_LAN"

# WebServer01 NLB adapter configuration
New-NetIPAddress -InterfaceAlias "NLB_LAN" -IPAddress "192.168.1.11" -PrefixLength 24 -DefaultGateway "192.168.1.1"

# WebServer02 NLB adapter configuration
# 192.168.1.12 on WebServer02, etc.

Step 4: Create the NLB Cluster

Create the NLB cluster using PowerShell. Run this on the first node (WebServer01):

New-NlbCluster -InterfaceName "NLB_LAN" `
    -ClusterName "WebCluster" `
    -ClusterPrimaryIP "192.168.1.200" `
    -SubnetMask "255.255.255.0" `
    -OperationMode Multicast

Verify the cluster was created and the first node is online:

Get-NlbCluster | Select-Object ClusterName, PrimaryClusterIP, OperationMode

Step 5: Add Additional Nodes to the NLB Cluster

Add the remaining web servers to the NLB cluster. Run these commands from the first node or the management workstation:

Get-NlbCluster -HostName "WebServer01" | Add-NlbClusterNode `
    -NewNodeName "WebServer02" `
    -NewNodeInterface "NLB_LAN"

Get-NlbCluster -HostName "WebServer01" | Add-NlbClusterNode `
    -NewNodeName "WebServer03" `
    -NewNodeInterface "NLB_LAN"

Verify all nodes joined successfully:

Get-NlbClusterNode | Select-Object Name, State, Priority, NodeIPAddress

Step 6: Configure Port Rules

Port rules define how traffic on specific ports is handled by the NLB cluster. By default, a port rule is created for all traffic (ports 0-65535). Remove the default rule and create specific rules for your workload. For a web server cluster handling HTTP and HTTPS:

# Remove the default all-ports rule
Get-NlbCluster | Get-NlbClusterPortRule | Remove-NlbClusterPortRule -Force

# Add HTTP rule with load balanced filtering mode
Add-NlbClusterPortRule -IP "192.168.1.200" `
    -StartPort 80 `
    -EndPort 80 `
    -Protocol TCP `
    -Mode Multiple `
    -Affinity None

# Add HTTPS rule
Add-NlbClusterPortRule -IP "192.168.1.200" `
    -StartPort 443 `
    -EndPort 443 `
    -Protocol TCP `
    -Mode Multiple `
    -Affinity Single

The Affinity Single setting on HTTPS ensures all connections from the same client IP go to the same node (useful for SSL session persistence). Options are: None (no affinity, best distribution), Single (same client always goes to same node), Network (all clients on same subnet go to same node).

Step 7: Configure Remote Desktop Port Rule (Passthrough)

For remote management, create a passthrough rule for RDP on port 3389 so that management connections go directly to individual servers rather than being load balanced:

Add-NlbClusterPortRule -IP "All" `
    -StartPort 3389 `
    -EndPort 3389 `
    -Protocol TCP `
    -Mode Single

Step 8: Set Node Weights for Unequal Load Distribution

If nodes have different performance capacities, adjust load weights. Higher weight nodes handle proportionally more traffic:

Get-NlbClusterNode -HostName "WebServer01" | Set-NlbClusterNode -LoadWeight 100
Get-NlbClusterNode -HostName "WebServer02" | Set-NlbClusterNode -LoadWeight 100
Get-NlbClusterNode -HostName "WebServer03" | Set-NlbClusterNode -LoadWeight 50

Step 9: Test and Verify NLB Functionality

Verify the cluster IP responds and check the current state of all nodes:

Get-NlbClusterNode | Select-Object Name, State, CurrentStatus, LoadWeight

# Test from a client: ping the cluster IP
ping 192.168.1.200

Test failover by stopping NLB on one node and verifying traffic continues:

Stop-NlbClusterNode -HostName "WebServer02" -Drain

# Verify remaining nodes handle traffic
Get-NlbClusterNode | Select-Object Name, State

# Resume the stopped node
Start-NlbClusterNode -HostName "WebServer02"

Step 10: Configure DNS for the NLB Cluster

Register the cluster virtual IP in DNS so clients can resolve the service name:

Add-DnsServerResourceRecordA -ZoneName "contoso.com" `
    -Name "webcluster" `
    -IPv4Address "192.168.1.200" `
    -TimeToLive (New-TimeSpan -Minutes 5)

Summary

Network Load Balancing on Windows Server 2012 R2 provides a straightforward, built-in mechanism for distributing network traffic across multiple servers to achieve horizontal scalability and fault tolerance for stateless workloads. With proper port rule configuration, affinity settings, and node weight tuning, NLB can effectively serve web farms, terminal server pools, and other scenarios where multiple servers handle equivalent requests. For stateful applications, external session management or affinity settings are critical to ensuring a consistent user experience.