F5-BIG-IP Load Balancing

F5 BIG-IP Load BalancingWhen deploying Microsoft enterprise mobility solutions such as Windows 10 Always On VPN and DirectAccess, more than one server may be required to meet capacity requirements or provide local and/or geographic redundancy.


Windows Server features an integrated load balancer called Network Load Balancing (NLB). It is an inexpensive way to create a cluster of servers to provide local redundancy. NLB is integrated with DirectAccess and must be configured using the Remote Access Management console. For Always On VPN it must be configured directly using the Network Load Balancing manager.


NLB has some serious drawbacks and limitations and should typically be avoided for most enterprise deployments. NLB is broadcast-based and generates a tremendous amount of noise on the network. Heartbeat messages are broadcast to the subnet every second. As more nodes are added to the cluster, the broadcast traffic grows exponentially. Microsoft suggests a limit of 8 nodes per NLB cluster, practically speaking NLB clusters should be limited to no more than 4 nodes.

In addition, NLB lacks the visibility and granular control of network traffic often required by network administrators. Further, troubleshooting NLB is prohibitively difficult. There are also challenges getting NLB to work correctly in virtual environments, making NLB difficult to support.


A dedicated load balancing appliance such as the F5 BIG-IP is recommended whenever local redundancy or additional capacity is required for DirectAccess and Always On VPN deployments. Physical appliances provide better performance, but virtual appliances work well in most scenarios too.

F5 BIG-IP Resources

The following is a list of resources for configuring the F5 BIG-IP for Always On VPN and DirectAccess.

Additional Information

Fill out the form below for more information about F5 BIG-IP integration with Always On VPN and DirectAccess.