Some load balancers may require you to create a loopback interface on a Windows server or servers. The loopback device then gets the load balanced IP added to it; that IP is used for the inbound load balanced connections. The loopback adapter is used so that no ARP replies are sent out.
When checking on how to do this recently for a server running Windows Server Core 2016 (no GUI) I found that most commonly people were suggesting a method using devcon.exe (not a default binary included with Windows Server, officially you can download it as part of the Windows Driver Kit. The traditional method using the device manager couldn’t be used due to the fact the GUI is missing from the core edition.
I wanted an easy method to do this for a large amount of servers using PowerShell which didn’t involve me to do much to keep it simple. While searching around I found that someone created a PowerShell module which will download the portable version of devcon.exe for you and do the hard work. Here are the full steps to create the loopback interface and assign an IPv4 + IPv6 IP to it.
Set the required variables
These steps will set the variables that we will be using in the subsequent steps. These variables are used so that you do not have to keep editing the steps below to suite your environment, they should be ready to copy/paste.
# The name for the loopback adapter interface that will be created. $loopback_name = 'Loopback' # The name for the servers main network interface. This will be updated to allow weak host send/recieve which is most likely required for the traffic to work for the loopback interface. $primary_interface = 'Ethernet' # The IPv4 address that you would like to assign to the loopback interface along with the prefix length (eg. if the IP is routed to the server usually you would set the prefix length to 32). $loopback_ipv4 = '10.254.1.3' $loopback_ipv4_length = '32' # The IPv6 address that you would like to assign to the loopback interface along with the prefix length (eg. if the IP is routed to the server usually you would set the prefix length to 128). If you are not adding an IPv6 address do not set these variables. # $loopback_ipv6 = 'fffa::1' # $loopback_ipv6_length = '128'
Create the loopback interface
These steps will create the loopback interface itself.
- Install and import the LoopbackAdapter module. This will also download
devcon.portablefrom chocolatey.
Install-Module -Name LoopbackAdapter -MinimumVersion 1.2.0.0 -Force Import-Module -Name LoopbackAdapter
- Create the loopback interface.
New-LoopbackAdapter -Name $loopback_name -Force
At this stage you will now have the loopback interface created. It has no IP’s assigned, and if the server you are setting this up on is joined to a domain, any IP’s added to the interface will be registered in DNS by default which is not good in most situations, so continue reading if you want to fix that.
Create objects
These steps will create objects that are used to change the settings for the loopback interface such as the metric as well as enabling weak host send/receive on the servers main interface.
$interface_loopback = Get-NetAdapter -Name $loopback_name $interface_main = Get-NetAdapter -Name $primary_interface
Set metric and enable weak host send/recieve
The metric for the loopback interface should be changed to make it less preferred than the main interface. This is to help prevent the loopback interface being used for outbound traffic originating from the server – if the IP is load balanced for example the return traffic to the server may be sent to other servers so the traffic doesn’t come back at all. Additionally, the “SkipAsSource” option will be set.
Weak host send/recieve will be enabled for both the main interface and the loopback – this will allow traffic to arrive via the servers main interface even though it doesn’t have the IP for the destination assigned to it. It will also allow the server to send return traffic via the main interface even though it does not have the loopback IP assigned to it. DHCP will also be disabled for the loopback adapter.
Set-NetIPInterface -InterfaceIndex $interface_loopback.ifIndex -InterfaceMetric "254" -WeakHostReceive Enabled -WeakHostSend Enabled -DHCP Disabled Set-NetIPInterface -InterfaceIndex $interface_main.ifIndex -WeakHostReceive Enabled -WeakHostSend Enabled Set-NetIPAddress -InterfaceIndex $interface_loopback.ifIndex -SkipAsSource $True
Disable DNS Registration
If the server is on a domain or otherwise registers its DNS somewhere, you most likely do not want to register the loopback IP’s. If the server is load balanced this will result in traffic to the servers hostname possibly being sent to another server (since there would be multiple A/AAAA records).
Get-NetAdapter $loopback_name | Set-DNSClient –RegisterThisConnectionsAddress $False
Warning: If the server is running the Microsoft DNS server (including if it is a domain controller) you must edit the DNS server configuration to only listen on selected IP addresses. If the DNS server listens on the IP addresses that belong to the loopback adapter it will continue to register itself in DNS.
Set IP’s
The IP’s on the loopback interface can be set now.
# Set the IPv4 address New-NetIPAddress -InterfaceAlias $loopback_name -IPAddress $loopback_ipv4 -PrefixLength $loopback_ipv4_length -AddressFamily ipv4 # Set the IPv6 address - Uncomment this if required # New-NetIPAddress -InterfaceAlias $loopback_name -IPAddress $loopback_ipv6 -PrefixLength $loopback_ipv6_length -AddressFamily ipv6
Disable Unused Bindings
This should be safe to do as the loopback interface should not need these.
Disable-NetAdapterBinding -Name $loopback_name -ComponentID ms_msclient Disable-NetAdapterBinding -Name $loopback_name -ComponentID ms_pacer Disable-NetAdapterBinding -Name $loopback_name -ComponentID ms_server Disable-NetAdapterBinding -Name $loopback_name -ComponentID ms_lltdio Disable-NetAdapterBinding -Name $loopback_name -ComponentID ms_rspndr