Four‑Tier Load Balancer (FLB): Topology, NAT Model, and Direct Route Model

This article introduces the characteristics of four‑tier load balancer (FLB) technology and derives the NAT and Direct Route (DR) models through a series of questions.

FLB operates at OSI layer 4 and requires two IP addresses: a virtual IP (VIP) exposed to clients and a distribution IP (DIP) that forwards packets to real servers (RS). The basic network topology is shown below.

Since FLB works in kernel space, packet forwarding avoids user‑kernel context switches and simply inspects the IP address and port without performing a TCP three‑way handshake, resulting in very fast processing.

Question: If a client sends a packet to the VIP, why does the backend server not drop it when the destination IP does not match its own?

The NAT (Network Address Translation) model solves this by translating the VIP to the IP of a selected RS before forwarding. The NAT topology is illustrated below, and the backend server’s default gateway must be set to the load balancer’s address.

Drawbacks of the NAT model include CPU consumption for address translation and a bandwidth bottleneck caused by asymmetric traffic: client requests are small, but server responses are large and must also pass through the load balancer.

The Direct Route (DR) model eliminates these two drawbacks by keeping the source IP of the server’s response as the VIP. To achieve this, the backend server must configure a hidden VIP, and the load balancer uses MAC‑address spoofing to replace the destination MAC with the server’s MAC, enabling point‑to‑point communication. Consequently, the DIP and backend servers must reside in the same LAN.

The backend server must have a hidden VIP that is not directly reachable.

The load balancer rewrites the destination MAC address to the server’s MAC.

The DIP and backend servers must be in the same data‑center (LAN).

The article concludes by previewing the next installment, which will detail the experimental setup and verification of the LVS DR model.