The NLB cluster uses a unicast IP address and non-IGMP multicast mac (03:bf) so IGMP is not used. N1k floods this frame.
This method could overwhelm the network in some situations.
1. Use a dedicated VLAN for NLB VMs to limit mcast replication & flooding.
NLB with Multicast+IGMP-
Microsoft violates RFC2236 by putting a unicast IP in the IGMP Group messages. N1k drops these messages since they violate the RFC. CSCue32210 - "Add support for Microsoft NLB - Multicast+IGMP mode in Nexus 1000v" is targeted for a future release. Before this feature exists we can configure the network as follows:
1. Dedicate a VLAN for NLB VMs to limit mcast replication & flooding.
2. Disable IGMP snooping on that vlan
no ip igmp snooping
3. Add a static entry on upstream router for NLB cluster IP & shared MAC.
int vlan 10
ip arp 188.8.131.52 0100.5e7f.7c28
4. Use mac-pinning configuration with manual pinning NLB vEths to one set of uplinks. This will isolate flooding to a single upstream fabric interconnect & switch.
port-profile type veth NLB-VM
channel-group auto mode on mac-pinning relative
pinning id 0 backup 1 <-these numbers may differ in your environment
VMware Trunk Port Group is supported from ACI version 2.1
VMM integration must be configured properly
ASA device package must be uploaded to APIC
ASAv version must be compatible with ACI and device package version
In the Previous articles of ACI Automation, we are using Postman/Newman as the Rest API tool to automate the ACI Configuration.
In this article I’m going to discuss on usin...
One of the first steps in building your ACI Fabric is to go through Fabric Discovery. While Fabric Discovery is usually a straightforward process, there are various issues that may prevent you from discovering an ACI switch. This article wil...