How to Configure Windows Server 2016 Network Load Balancing
Network Load Balancing (NLB) in Windows Server 2016 distributes incoming network traffic across multiple servers in a cluster, improving availability and scalability for TCP/IP-based services such as web servers, Terminal Services, and VPNs. Unlike Failover Clustering which targets stateful applications, NLB is ideal for stateless services where any node can handle any request.
Prerequisites
- Two or more Windows Server 2016 servers with network adapters.
- All servers must be on the same subnet (or configured for multicast NLB).
- A virtual IP address allocated for the NLB cluster.
- Firewall rules permitting NLB traffic (UDP 2504 and other required ports).
Step 1: Install the NLB Feature
Install NLB on all servers that will participate in the cluster:
Install-WindowsFeature -Name NLB -IncludeManagementToolsVerify installation:
Get-WindowsFeature -Name NLBStep 2: Create the NLB Cluster
From the first node, create the NLB cluster using PowerShell. Specify the interface to bind NLB to and the cluster IP address:
New-NlbCluster -InterfaceName "Ethernet" -ClusterPrimaryIP "192.168.1.200" -SubnetMask "255.255.255.0" -OperationMode "Multicast"Multicast mode is recommended because it allows the server’s network adapter to retain its own MAC address while sharing the cluster MAC. Unicast mode causes all adapters on the cluster to share one MAC address, which can complicate communication between nodes.
Step 3: Add Additional Nodes
Join additional servers to the NLB cluster from the first node:
Get-NlbCluster -HostName "Node1" | Add-NlbClusterNode -NewNodeName "Node2" -NewNodeInterface "Ethernet"Verify all nodes are in the cluster:
Get-NlbClusterNode -HostName "Node1"Step 4: Configure Port Rules
Port rules define how NLB distributes traffic. By default, NLB handles all TCP and UDP ports. To add a specific rule for HTTP traffic on port 80:
Add-NlbClusterPortRule -IP "192.168.1.200" -StartPort 80 -EndPort 80 -Protocol TCP -Mode Multiple -Affinity SingleAffinity settings:
- None: Requests distributed regardless of client IP (best performance).
- Single: All requests from the same client IP go to the same node (session persistence).
- Network: All requests from the same Class C subnet go to the same node.
To add an HTTPS rule:
Add-NlbClusterPortRule -IP "192.168.1.200" -StartPort 443 -EndPort 443 -Protocol TCP -Mode Multiple -Affinity SingleStep 5: Remove the Default Port Rule
The default port rule covers all ports. Remove it if you want only specific rules to apply:
Get-NlbClusterPortRule | Where-Object {$_.StartPort -eq 0 -and $_.EndPort -eq 65535} | Remove-NlbClusterPortRule -ForceStep 6: Set Node Weights
Each node has a load weight that determines its share of traffic. Default weight is 50 per node. To change the weight for a specific node:
Set-NlbClusterNodePortRule -HostName "Node1" -InterfaceName "Ethernet" -StartPort 80 -EndPort 80 -Protocol TCP -LoadWeight 70Step 7: Verify Cluster Status
Get-NlbCluster -HostName "Node1"
Get-NlbClusterNode -HostName "Node1"
Get-NlbClusterPortRule -HostName "Node1"To check from a remote machine using the NLB Manager GUI, open nlbmgr.exe and connect to the cluster IP.
Step 8: Drain and Stop a Node for Maintenance
Before taking a node offline for maintenance, drain its connections gracefully:
Stop-NlbClusterNode -HostName "Node2" -InterfaceName "Ethernet" -DrainAfter maintenance, bring it back online:
Start-NlbClusterNode -HostName "Node2" -InterfaceName "Ethernet"Troubleshooting
If nodes cannot communicate with each other in multicast mode, check switch ARP tables. Some managed switches require static ARP entries for the cluster MAC address. Additionally, verify that the NLB cluster IP is excluded from DHCP pools to prevent address conflicts.
View NLB event logs:
Get-WinEvent -LogName System | Where-Object {$_.ProviderName -eq "Microsoft-Windows-NlbDriver"} | Select-Object -First 20Summary
NLB on Windows Server 2016 provides a straightforward way to distribute network traffic across multiple servers for stateless services. By configuring appropriate port rules, affinity settings, and node weights, you can achieve scalable load distribution. For stateful applications requiring shared storage and automatic failover, consider Failover Clustering instead.
