Related Topics
In a typical load balancing scenario, server responses to client requests are routed through FortiADC on their way back to the client. FortiADC examines the headers of each response and may insert a cookie, before sending the server response on to the client.
In a Direct Server Return (DSR) configuration, the server receiving a client request responds directly to the client IP, bypassing FortiADC. Because FortiADC only processes incoming requests, cluster performance is dramatically improved when using DSR in high bandwidth applications, especially those that deliver a significant amount of streaming content. In such applications, it is not necessary for FortiADC to receive and examine the server’s responses: the client makes a request and the server simply streams a large amount of data to the client.
DSR is supported on Layer 4 TCP and UDP clusters only, and is not supported for FTP clusters (Layer 4 TCP clusters with a start port of 21).
DSR configurations are often configured on a single VLAN or subnet, where the cluster IP and the server IPs are all on the internal interface. Refer to Configuring Direct Server Return for details.
DSR can also be used in multiple VLAN configurations, although this is less common. Cluster IP addresses are on one VLAN/subnet, while server IP addresses are on another VLAN/subnet.
In any DSR configuration, note that the incoming client traffic is assumed to originate on the other side of the gateway device for the subnets on which FortiADC and the servers reside. The servers will usually have their default gateway set to something other than FortiADC so that they can respond directly to client requests.
In DSR configurations where a client device resides on the same side of the gateway as the DSR servers, there is the possibility that the servers will receive the ARP (Address Resolution Protocol) request for the virtual cluster IP address. Since the cluster IP address is configured on the loopback interface of each server (See Configuring Direct Server Return ), one or more may respond to the ARP request. The client, and possibly even the gateway, will then route requests for the cluster IP to servers directly without going through FortiADC. If this occurs, you need to reconfigure the servers so that they do not respond to ARP requests for the cluster IP addresses configured on the loopback interface. The procedure to follow to do this is specific to the operating system running on the servers, so please consult the documentation for your server operating system.