Microsoft NLB

Unanswered Question
Nov 16th, 2010
User Badges:

Our environment consist of two core switches 6509 running hsrp, vCenter 4.1 (ESXs).

We formed a MS cluster with 2 vm guest, one in ESX1 and the other one in ESX2.

Each ESX have three uplinks to core switches 6509s.

We configure the router according with Cisco guidelines for NLB using the IP and MAC-Address for the cluster.

The configuration is not quite working, we don't see share loading on cluster members and failover capablities also don't work.

Any help or advice will be really appreciate.

Should I be looking for other solutions rather than CISCO NLB in tandem with VMWare/ESX environments?


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Dale Miller Thu, 12/09/2010 - 08:21
User Badges:
  • Cisco Employee,

What mode of MS NLB are you current trying to set up? Depending on the mode will determine the best way to configure the network. MS NLB offers unicast mode, multicast mode and IGMP mode.


I recommend using one of the multicast modes to avoid flooding in the VLAN. Both multicast modes will utilize a unicast IP with multicast mac-address.


In multicast mode MS uses a 03xx.xxxx.xxxx multicast address outside of the IANA range. IGMP snooping will not dynamically program this address for you. You will want to statically configure the virtual mac-address for the cluster to the physical ports of the servers and on all trunks ports between the switches in the path to avoid flooding.



Example: (multicast mac can be programmed to multiple ports)


mac-address-table static 0300.5e11.1111 vlan 200 interface fa2/3 fa2/4


Another possibility would be to configure MS NLB in IGMP mode. Now the virtual mac-address will be in the IANA  range  0100.5Exx.xxxxx. IGMP snooping will  program the virtual mac-address for you once it receives a join from a member in the cluster. Muticast will be forwarded between switches using the IGMP snooping mrouter that is dynamically programmed when using PIM or IGMP snooping querier in the VLAN.



Since the virtual IP uses a multicast  mac-address it is unreachable outside the local subnet.  To address this you will need to configure a static ARP entry on each device with a L3 interface in the server vlan.


Example:

arp 10.10.10.25 0300.5e11.1111


I must warn you of a possible bug you can hit with the 6500. CSCsw87563 "Packets with multicast mac and unicast IP are software routed by cat6500". The bug is fixed in the following IOS releases:


12.2(18)SXF17

12.2(33)SXH5

12.2(33)SXI1



If PIM is required due to other multicast applications in the VLAN please review the bug provided. It provides additional details and all workarounds available.


Regards,

Dale

Actions

This Discussion