Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Microsoft Cluster Server and 6500 with MLS

Hi all,

have an interesting delimma with a MSCS setup we're trying to build. We have the 2 servers connected to a little hub in a lab that is hanging off a port on our 6509. The servers have a separate private connection for their heartbeat traffic. Our 6509 has dual Sup1a(s) and we have MLS setup with default timings and a flow mask of destination. The cluster node that is the active owner/primary has the virtual IP, however according to ARP tables the virtual IP uses the MAC address of the NIC of the server. At this point all is fine. When you enter a show mls entry ip destination <clusterIP> is shows the proper egress port and the correct MAC address that is currently listening.

Here's the problem. When we fail the cluster resources to node 2 the virtual IP fails over correctly and it now assumes the MAC address of node 2. When entering the sho mls entry from above it still shows the incorrect MAC address even though the egress port is correct. Since the MLS is doing the inline L2 re-write it's addressing the packet with a dest L2 header of the server that is no longer the owner of the cluster IP. The MLS timings won't age the entry out because as long as clients are trying to connect the MLS cache shows as switching packets so it thinks it's still alive. Since MLS is made up of separate one way connections it doesn't care that the server isn't responding. At this point you can't connect back to the cluster IP until we clear the MLS entry associated with the IP.

We thought about changing the MLS flow mask, but even if we took it all the way to a full flow it wouldn't create a new flow until the client had a new source port which would require a re-start of the application.

We need the MSCS virtual to put a virtual MAC with the virtual IP, however so far that doesn't seem to be a possibility.

anyone have any ideas?????



Cisco Employee

Re: Microsoft Cluster Server and 6500 with MLS

New Member

Re: Microsoft Cluster Server and 6500 with MLS

thanks for the reply.

the supervisors are at 5.4(2) and the MSFCs are at 12.0(7)XE1.

In doing some more analysis we see the cluster nodes doing a gratuitous arp and updating the MAC on the MSFCs, however since the MLS entry is already created it doesn't get updated there. we're exploring the idea more of switching to a full flow mask, won't fix any current connections but it would help any new connections.

still hoping there may be other ideas out there, though.