This is interesting, so I just wrote an entry in my blog about it. Here it is:
The way NLB works is by using layer-2 multicasts. When a client wants to talk to a server, (or in this case a virtual server) it puts out an ARP request for the server's IP address. The server (one or both, I don't know) responds with a multicast MAC address. From then on each frame from the client to the application is addressed to the multicast MAC address.
There are a number of things to consider:
The servers generate IGMP for the IP group corresponding to the MAC multicast address. If the switch is running IGMP snooping, then this ensures that the multicast frames are sent to the servers and nowhere else. If the switch is not running IGMP snooping, then the frames are flooded to all ports on the VLAN - the scheme still works, but at the expense of flooding all the client-to-server traffic.
IGMP snooping filters only those packets that are strictly IP, i.e. the ones that have EtherType 0Ã0800. There is also a keepalive between the servers, also addressed to the multicast MAC destination, at a rate of 2 packets per seond per server. The Ethertype is 0Ã886F. These are flooded to all ports on the VLAN, regardless of IGMP snooping.
If you think about it, this is not really Network Load Balancing, but CPU load balancing. All client frames go to both servers, and then the servers decide between themselves which packet each server is handling, and which are left to the partner.
It does not work too well through a router. When a router gets a MAC address in an ARP response, it does not believe it, so it discards it. The only way I have found to get round this is with a static ARP entry in the router.
Even if you do put a static ARP entry in the router, does it balance the load from the router? I suppose it depends what algorithm the servers use to distribute the load. If it is based on the sourec MAC address, then it won't work to well through a router! On the other hand, if it is based on the source IP address, then that means that both servers have to process all packets all the way up to layer-3.
This document gives several answers on frequently asked questions for PFRv3 channel state behavior.
Q1: What are all the channel operational states from a BR (border role) perspective and what are the rules/conditions to be in each st...
The need was to reach an host inside a LAN through a VPN connection managed by the LAN gateway (Cisco 1921).
The LAN gateway performs NAT and there was a dedicate nat rule for the host i wanted to reach through VPN.
I couldn't connect to the hos...
We have 3 identical switches configured by someone else and would like to claim some of the Gigabit ports(G1/G2/G3/G4) for use on servers. When we try to change the wiring and configuration, we run in to connectivity issues. Attached is a des...