How DR and TUN Modes Optimize Load Balancer Performance

Background

Network communication involves six essential elements: source IP, source port, source MAC, destination IP, destination port, and destination MAC. The port identifies the application‑level participants, the IP addresses locate the endpoints at the network layer, and MAC addresses identify nodes on the data‑link layer.

DR (Direct Routing) Mode

In DR mode the load balancer only rewrites the destination MAC address of the request packet, leaving all other fields unchanged. The real server must reside in the same LAN as the load balancer to receive the modified MAC. The server holds a hidden VIP bound to its

lo

interface; this VIP is invisible to other devices because ARP responses are suppressed (

arp_ignore=1

and

arp_announce=1

). When the client sends

CIP → VIP

, the response is

VIP → CIP

directly from the real server, bypassing the load balancer.

TUN Mode

TUN mode avoids modifying the request packet; instead it adds an extra IP header (encapsulation) before forwarding to the real server. This allows the real server to be outside the load balancer’s LAN, provided it can strip the outer IP header and process the inner packet (IP tunneling). The hidden VIP on the

lo

interface and the same ARP settings are still required.

Summary of Modes

NAT : Modifies destination and source IPs; works at network layer; supports port mapping; response packets must pass through the load balancer.

FULLNAT : Modifies both source and destination IPs, removing the need for the real server’s gateway to be the load balancer, but loses client‑side information.

DR : Only rewrites destination MAC; requires same LAN; hides VIP on

lo

; response bypasses load balancer.

TUN : Adds an outer IP header without changing MAC; allows real server to be off‑LAN; requires IP tunneling support; still hides VIP.

Key Takeaway

Both DR and TUN modes reduce the load balancer’s bottleneck by letting the real server return responses directly to the client, which is especially beneficial under high concurrency where response packets are larger than request packets.