Arms and Architecture
All WebMux models have four (4) load balancing operation modes with each mode having its advantage. The number of Arms refers to the number of physical networks. There are one or two LAN connections (typically External and Internal).
2-Arm NAT is the required configuration when you have two subnets. It is the common “Destination” NAT configuration in which the clients connect to an IP address on the WebMux and the WebMux proxies to the back-end servers. The servers “see” the IP address of the client, as if the WebMux was not there. This is the required configuration when there are two IP subnets (Internet-side and Internal).
2-Arm Transparent makes the WebMux an inline bridge–seeing all of the traffic below the IP layer and able to manage traffic without IP address changes. Note that, being a bridge, you must avoid bridge loops–having a circular path through inter-connected bridges. Also, being inline and 2-Arms, the load-balanced traffic flows through the WebMux.
1-Arm Single Network is a special case of bridging in which the WebMux bridges internally on one interface (that can be bonded for higher capacity). The bridge loop issue is elimiated. Note that all traffic is “source NATted” (aka SNAT)–so the WebMux becomes the client and the server does not see the IP address of the client. A limitation of this configuration is that an additional IP address must be assigned to the WebMux for each 65,000 simultaneous connections–because of that SNAT configuration and client-server relationship.
1-Arm Direct Server Return (DSR) the highest-performance option in cases where it is supported, also known as “Direct Routing” or “Out-of-Path (OOP)” this makes the WebMux the traffic director for incoming traffic but return traffic can route back bypassing the WebMux (unless the WebMux does SSL termination). Note that this requires a simple configuration of a “loopback adapter” on the servers and also not there is no performance advantage if SSL or TLS termination is required as the WebMux becomes the endpoint for the SSL/TLS security relationship.