Microsoft NLB and IGMP

Unanswered Question
May 29th, 2008

Hi, I'm trying to resolve some issues with Microsoft Network Load Balancing (NLB).

I've read some tech notes about static Layer 2 and 3 MAC assosiation, but my network is

growing up fast and that solution is not the best option for me. I need a dynamic solution,

and one Microsoft recomendation is "IGMP Multicast" implementing "IGMP snooping":

Does anyone try this solution ?

My network consist of severals Catalyst 6500 and 4500, and the servers are isolated in one

specific Vlan that is spread on this catalyst.

Multicast is not running in my network. Do I have to configure it in all Catalyst where this

Vlan is present ?

Regards !!


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Kevin Dorrell Thu, 05/29/2008 - 07:08

This is interesting, so I just wrote an entry in my blog about it. Here it is:

The way NLB works is by using layer-2 multicasts. When a client wants to talk to a server, (or in this case a virtual server) it puts out an ARP request for the server's IP address. The server (one or both, I don't know) responds with a multicast MAC address. From then on each frame from the client to the application is addressed to the multicast MAC address.

There are a number of things to consider:

The servers generate IGMP for the IP group corresponding to the MAC multicast address. If the switch is running IGMP snooping, then this ensures that the multicast frames are sent to the servers and nowhere else. If the switch is not running IGMP snooping, then the frames are flooded to all ports on the VLAN - the scheme still works, but at the expense of flooding all the client-to-server traffic.

IGMP snooping filters only those packets that are strictly IP, i.e. the ones that have EtherType 0×0800. There is also a keepalive between the servers, also addressed to the multicast MAC destination, at a rate of 2 packets per seond per server. The Ethertype is 0×886F. These are flooded to all ports on the VLAN, regardless of IGMP snooping.

If you think about it, this is not really Network Load Balancing, but CPU load balancing. All client frames go to both servers, and then the servers decide between themselves which packet each server is handling, and which are left to the partner.

It does not work too well through a router. When a router gets a MAC address in an ARP response, it does not believe it, so it discards it. The only way I have found to get round this is with a static ARP entry in the router.

Even if you do put a static ARP entry in the router, does it balance the load from the router? I suppose it depends what algorithm the servers use to distribute the load. If it is based on the sourec MAC address, then it won't work to well through a router! On the other hand, if it is based on the source IP address, then that means that both servers have to process all packets all the way up to layer-3.

Kevin Dorrell



This Discussion