Exchange 2010 NLB on Nexus1000v - UCS - Cat4500

Unanswered Question
Oct 23rd, 2013
User Badges:

Server Infrastructure: Microsoft Server 2012 Hyper-V installed on UCS Blade Servers. Network infrastructure is Nexus1000v for HyperV - FI62xx (endhost mode) uplinked to Catalyst 4510 Core Switch.

Plan: Deploy Exchange 2010 NLB with two servers, each with one network card, NLB mode: IGMP multicast


Configured:

- Catalyst: static ARP for Cluster VIP

- Nexus1000v: disabled IGMP snooping on servers VLAN


All configuration is acting strangely, it works for some clients but not for others, if we stopped one node in NLB, more things stops working but some works fine.


Nexus1000v configuration guide describes only NLB Unicast scenario.


I suppose that something is missing in configuration.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mwronkow Wed, 10/23/2013 - 11:28
User Badges:
  • Cisco Employee,

N1k only supports Unicast NLB.  For multicast & multicast+IGMP NLB there are a few things we can do that are not ideal because there will be excessive traffic flooding.

http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_2_1_s_v_1_5_1/release/notes/n1000v_rn.html#wp117941


NLB with multicast (non-IGMP)-

The NLB cluster uses a unicast IP address and non-IGMP multicast mac (03:bf) so IGMP is not used. N1k floods this frame.

This method could overwhelm the network in some situations.

1.    Use a dedicated VLAN for NLB VMs to limit mcast replication & flooding.


NLB with Multicast+IGMP-

Microsoft violates RFC2236 by putting a unicast IP in the IGMP Group messages.  N1k drops these messages since they violate the RFC.  CSCue32210 - "Add support for Microsoft NLB - Multicast+IGMP mode in Nexus 1000v" is targeted for a future release.  Before this feature exists we can configure the network as follows:

1.    Dedicate a VLAN for NLB VMs to limit mcast replication & flooding.

2.    Disable IGMP snooping on that vlan

vlan 10

no ip igmp snooping

3.    Add a static entry on upstream router for NLB cluster IP & shared MAC.

int vlan 10

ip arp 14.17.124.40 0100.5e7f.7c28

4.    Use mac-pinning configuration with manual pinning NLB vEths to one set of uplinks.  This will isolate flooding to a single upstream fabric interconnect & switch.

port-profile type veth NLB-VM

  channel-group auto mode on mac-pinning relative

  pinning id 0 backup 1   <-these numbers may differ in your environment


Matthew

Actions

This Discussion

Related Content