How to Configure Network Load Balancing (NLB) on Windows Server 2016
Network Load Balancing (NLB) is a Windows Server feature that distributes incoming TCP/IP network traffic across multiple servers, improving availability and scalability of services such as web servers, terminal services, and VPN gateways. NLB works at Layer 4 (transport layer) and does not require specialised hardware load balancers. Unlike Failover Clustering, NLB allows all nodes to actively process requests simultaneously, making it ideal for stateless workloads. This guide covers deploying and configuring NLB on Windows Server 2016.
NLB Architecture and Modes
NLB operates in three modes: Unicast mode where the cluster MAC address is used by all nodes and switches flood traffic to all cluster ports; Multicast mode where nodes retain their original MAC addresses and the cluster uses a multicast MAC; and IGMP Multicast mode which reduces switch flooding by using IGMP. Multicast mode is generally recommended for production deployments as it avoids the unicast limitation of nodes being unable to communicate directly with each other via the cluster address.
NLB uses a port rules configuration to define how traffic is distributed. You can configure filtering for specific ports, protocols, affinity settings (none, single, or class C) to handle session persistence, and load weight to distribute traffic unevenly across nodes.
Step 1: Install the NLB Feature
Install the Network Load Balancing feature on all servers that will be NLB cluster nodes. Run the following on each server:
Install-WindowsFeature -Name NLB -IncludeManagementTools
Install-WindowsFeature -Name RSAT-NLBVerify the installation:
Get-WindowsFeature -Name NLB, RSAT-NLBStep 2: Create the NLB Cluster
Create a new NLB cluster from the first node. Specify the interface to use for NLB traffic (this should be the interface connected to your client network), the cluster IP address, subnet mask, and cluster name. Set the cluster operation mode to Multicast:
New-NlbCluster -InterfaceName "Ethernet" -ClusterPrimaryIP "192.168.1.100" -SubnetMask "255.255.255.0" -ClusterName "WEBCLUSTER01" -OperationMode MulticastVerify the cluster was created and is active on the first node:
Get-NlbCluster
Get-NlbClusterNodeStep 3: Add Additional Nodes to the Cluster
Add the second (and any subsequent) node to the NLB cluster. Run this command from the first node, specifying the name or IP of the node to add:
Get-NlbCluster | Add-NlbClusterNode -NewNodeName "WebServer02" -NewNodeInterface "Ethernet"Verify all nodes are now part of the cluster:
Get-NlbClusterNodeEach node should show a status of Converged when the cluster is healthy and all nodes are operational.
Step 4: Configure Port Rules
Port rules control how traffic is distributed across cluster nodes. By default, NLB creates a rule that covers all ports (0-65535) for all protocols with a multiple-host filtering mode. For a web server cluster, create specific rules for HTTP and HTTPS traffic:
# Remove the default all-ports rule
Get-NlbCluster | Get-NlbClusterPortRule | Remove-NlbClusterPortRule -Force
# Add a rule for HTTP (port 80)
Get-NlbCluster | Add-NlbClusterPortRule -Protocol TCP -StartPort 80 -EndPort 80 -Mode Multiple -Affinity None
# Add a rule for HTTPS (port 443) with single affinity for session persistence
Get-NlbCluster | Add-NlbClusterPortRule -Protocol TCP -StartPort 443 -EndPort 443 -Mode Multiple -Affinity SingleSingle affinity directs all traffic from a given client IP to the same node, which is important for SSL sessions that are not offloaded to a shared session store.
Step 5: Configure Load Weight
By default, all nodes receive an equal share of traffic. If your nodes have different capacities, adjust the load weight. The total load across all nodes must equal 100:
Get-NlbClusterNode -NodeName "WebServer01" | Set-NlbClusterNodePortRule -Port 80 -LoadWeight 60
Get-NlbClusterNode -NodeName "WebServer02" | Set-NlbClusterNodePortRule -Port 80 -LoadWeight 40Step 6: Assign the Cluster IP to DNS
Register the NLB cluster IP address in DNS so clients can resolve the service by hostname. On your DNS server:
Add-DnsServerResourceRecordA -ZoneName "domain.local" -Name "webcluster" -IPv4Address "192.168.1.100" -TimeToLive "00:05:00"Step 7: Configure Application on All Nodes
Install and configure the same application (for example, IIS) on all NLB nodes. For IIS, ensure the same web content is deployed to all nodes. Use a shared network path or a deployment mechanism to keep content synchronised:
Install-WindowsFeature -Name Web-Server -IncludeManagementTools
# Deploy web content to each node from a central source
robocopy "\ContentServerWebSite" "C:inetpubwwwroot" /MIR /LOG:C:Logsdeploy.logStep 8: Monitor NLB Cluster Status
Monitor the cluster and individual node status using PowerShell or the NLB Manager console:
Get-NlbClusterNode | Select-Object Name, Status
Get-NlbClusterPortRule | Select-Object VirtualIPAddress, StartPort, EndPort, Mode, AffinityTo temporarily remove a node from the cluster for maintenance without affecting clients, drain the node gracefully:
Get-NlbClusterNode -NodeName "WebServer02" | Stop-NlbClusterNode -DrainNLB on Windows Server 2016 provides a straightforward, cost-effective way to scale stateless workloads across multiple servers, delivering improved throughput and eliminating single points of failure without requiring external hardware load balancers.
