Implementation of ISA firewall Network Load Balancing failover

In a network with Network Load Balancing (NLB) deployed, when a customer initiates a connection request against an NLB virtual address, NLB determines the NLB node for the customer service through some NLB algorithm, usually determined by the client source address at which the request originated. Before the NLB node changes, for a customer, it will always be serviced by a corresponding NLB node. Integrated NLB in the Enterprise Edition of ISA Firewall relies on the NLB service of the Windows Server system and is processed in the same way for customer-initiated requests.

For example, for an ISA firewall NLB array with three NLB nodes (ISA1, ISA2, ISA3), When a client (10.1.1.1) initiates a connection request, NLB determines by the NLB algorithm that this customer service is ISA1 for this account, and when another client (10.1.1.2) initiates a connection, NLB determines that the customer service is ISA2 for this purpose through the NLB algorithm. When the NLB node is not changed, the client 10.1.1.1 connection request will always be processed through the NLB node ISA1, and the client 10.1.1.2 connection request will always be processed through the NLB node ISA2.

When an NLB node fails, NLB is pooled on all nodes, and the NLB algorithm is again determined to identify the NLB node that serves the customer. For example, if the ISA1 node fails and the NLB service is no longer available, NLB will be pooled again, and if the customer 10.1.1.1 to initiate a connection request, it will be ISA2 or ISA3 to service it.

When NLB nodes fail, NLB can allow other NLB nodes to service the customer. However, what happens if the NLB service for the NLB node is not invalidated but the other services provided fail?

As the following illustration shows, two Isa firewalls belong to the same NLB array, connect to the Internet through different external links, and provide NLB services to the internal network. Two ISA firewalls allow users in the internal network to access the external network by themselves and are serving different customers; what happens if the external link on the ISA1 is suddenly disconnected?

At this point, NLB will assume that ISA1 is still a valid NLB node because the NLB service on the ISA1 does not fail, and also assign the customer to it. However, because the external link is disconnected, the customer that the ISA1 serves is no longer connected to the Internet. This, of course, can not effectively realize the fault-tolerant performance in Network Load Balancing.