cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8500
Views
7
Helpful
9
Replies

MS-NLB-virtserver

ohassairi
Level 5
Level 5

hello

we installed recently 2 microsoft servers that use network load balancing configured in NIC cards.

as a consequence, i discovered that any packet sent to these servers is broadcasted to all switch ports!

using sniffer i found that MAc destination address was: MS-NLB-virtserver.

so it seems to be like if cisco switch consider this address as multicast or broadcast, that's why it sends it to all ports.

any suggestion to fix this problem?

i thought about static mac to port mapping, but is it possible to define 2 static entries for the same MAC?

1 Accepted Solution

Accepted Solutions

On each of the access switches in the Layer-2 broadcast domain enter the command:

mac address-table static 1111.1111.1111 vlan 10 interface FastEthernet0/1 FastEthernet0/2

Obviously change the MAC address from 1111.1111.1111 and the intefaces to the real interfaces where the Cluster is (you can have several interfaces in the list). If the Cluster isn't directly connected to the switch but the switch is in the same layer-2 domain you will need to add it to the uplink. If you have a redundant (STP) topology you will need to add it to each potential path.

HTH

Andy

View solution in original post

9 Replies 9

jsivulka
Level 5
Level 5

If the cluster hosts are attached to a switch instead of a hub, the use of a common MAC address would create a conflict since layer-two switches expect to see unique source MAC addresses on all switch ports. To avoid this problem, Network Load Balancing uniquely modifies the source MAC address for outgoing packets; a cluster MAC address of 02-BF-1-2-3-4 is

set to 02-h-1-2-3-4, where h is the host's priority within the cluster (set in the Network Load Balancing Properties dialog box). This technique prevents the switch from learning the cluster's actual MAC address, and as a result, incoming packets for the cluster are delivered to all switch ports.

The below URL addresses a problem where Windows Load Balancing Server (WLBS) causes slow traffic through switches.

http://www.cisco.com/en/US/tech/tk870/tk877/tk880/technologies_tech_note09186a008011b481.shtml

http://support.microsoft.com/default.aspx?scid=kb;en-us;193602

MS NLB works in several ways - unicast, multicast Layer-2 and Multicast IP with IGMP. It looks like you have it installed with Unicast. With this there is a virtual MAC & IP address assigned to the application that is clustered. The MAC is a virtual MAC address that never appears on the network, however the Cluser members respond to ARPs using this virtual MAC. What happens is within the Layer-2 domain the MAC is not seen so is flooded to all ports. This is the expected behaviour; check the CAM tables on the switches in the Layer-2 domain and you won't find it, however it will be in the ARP tables on the Layer-3 devices withing the domain.

I have seen a few networks drop to their knees when MS-NLB is deployed without consultation from the Network administrators....

HTH

Andy

thank you both for your help.

so according to what i read there is no solution for this problem.

the only thing that we can do is to put the 2 NIC in separate vlan!

can you confirm it?

thanks

Depending on the number of switches in the layer-2 broadcast domain you could hard-code the Virtual MAC address into the CAM tables. You can also do the same for Layer-2 Multicast. If you use Layer-3 Mutlicast & IGMP then if you have Multicast routing enabled & IGMP snooping in your network it should all be automatic since the IGMP snooping mechanism would learn which hosts want to receive the IP Multicast traffic.

What you suggest though is a good way forward. Create a new VLAN and limit where it goes - keep it confined to one or two switches where the Cluster hosts are.

HTH

Andy

thanks andrew, actually we did not activate IGMP and it will bi very difficult to create new vlans this will perturbate the network design.

however it could be a good idea to hardcode the virtual mac-address into the cam since number of sw is limited.

could you advice with the commands? shall we have 2 static entries for the same MAc using mac-address-table static.....

On each of the access switches in the Layer-2 broadcast domain enter the command:

mac address-table static 1111.1111.1111 vlan 10 interface FastEthernet0/1 FastEthernet0/2

Obviously change the MAC address from 1111.1111.1111 and the intefaces to the real interfaces where the Cluster is (you can have several interfaces in the list). If the Cluster isn't directly connected to the switch but the switch is in the same layer-2 domain you will need to add it to the uplink. If you have a redundant (STP) topology you will need to add it to each potential path.

HTH

Andy

thanks andy.

ahmad82pkn
Level 2
Level 2

i did as Andy said, but no luck.

any thought why so?

connected a L2 switch with port-channel 48 and mentioned all CAS MAC address against that Port Channel, but still traffic is flooding, what else i can check?

HAMP6509CORE#sh run | inc static

mac-address-table static 0201.0a50.0a81 vlan 810 interface Port-channel48

mac-address-table static 0202.0a50.0a81 vlan 810 interface Port-channel48

mac-address-table static 02bf.0a50.0a81 vlan 810 interface Port-channel48

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: