Translate

Total Pageviews

My YouTube Channel

Thursday 10 October 2013

Microsoft NLB not working properly in Unicast Mode (1556)


Details

When running Microsoft Network Load Balancing (NLB) configured in unicast mode, the Network traffic is directed to only one of the nodes.

Solution

In unicast mode, all the NICs assigned to a Microsoft NLB cluster share a common MAC address. This requires that all the network traffic on the switches be port-flooded to all the NLB nodes. Normally, port flooding is avoided in switched environments when a switch learns the MAC addresses of the hosts sending network traffic through it.

The Microsoft NLB cluster masks the cluster's MAC address for all outgoing traffic to prevent the switch from learning the MAC address.

In the ESXi/ESX host, the VMkernel sends a RARP packet each time certain actions occur; for example, when a virtual machine is powered on, experiences teaming failover, performs certain vMotion operations, and so forth. The RARP packet informs the switch of the MAC address of that virtual machine. In an NLB cluster environment, this exposes the MAC address of the cluster NIC as soon as an NLB node is powered on. This can cause all inbound traffic to pass through a single switch port to a single node of the NLB cluster.

To resolve this issue, you must configure the ESXi/ESX host to not send RARP packets when any of its virtual machines is powered on.

Notes:
  • VMware recommends configuring the cluster to use NLB multicast mode even though NLB unicast mode should function correctly if you complete these steps. This recommendation is based on the possibility that the settings described in these steps might affect vMotion operations on virtual machines. Also, unicast mode forces the physical switches on the LAN to broadcast all NLB cluster traffic to every machine on the LAN. If you plan to use NLB unicast mode, ensure that:

    • All members of the NLB cluster must be running on the same ESXi/ESX host.
    • All members of the NLB cluster must be connected to a single portgroup on the virtual switch.
    • vMotion for unicast NLB virtual machines is not supported.
    • The Security Policy Forged Transmit on the Portgroup is set to Accept.
    • The transmission of RARP packets is prevented on the portgroup / virtual switch as explained in the later part of the article.
  • VMware recommends having two NICs on the NLB server.

ESXi/ESX 3.x, 4.x, and 5.x

You can prevent the ESXi/ESX host from sending RARP packets upon virtual machine power up, teaming failover, and so forth using the Virtual Infrastructure (VI) Client or vSphere Client. You can control this setting at the virtual switch level or at the port group level.

To prevent RARP packet transmission for a virtual switch:

Note: This setting affects all the port groups using the switch. You can override this setting for individual port groups by configuring RARP packet transmission for a port group.

  1. Log into the VI Client/vSphere Client and select the ESXi/ESX host.
  2. Click the Configuration tab.
  3. Click Networking under Hardware.
  4. Click Properties for the vSwitch. The vSwitch Properties dialog appears.
  5. Click the Ports tab.
  6. Click vSwitch and click Edit.
  7. Click the NIC Teaming tab.
  8. Select No from the Notify Switches dropdown.


  9. Click OK and close the vSwitch Properties dialog box.

To prevent RARP packet transmission for a port group:

Note: This setting overrides the setting you make for the virtual switch as a whole.

  1. Log into the VI Client or vSphere Client and select the ESXi/ESX host.
  2. Click the Configuration tab.
  3. Click Networking under Hardware.
  4. Click Properties for the vSwitch. The vSwitch Properties dialog appears.
  5. Click the Ports tab.
  6. Click the portgroup you want to edit and click Edit.
  7. Click the NIC Teaming tab.
  8. Select No from the Notify Switches dropdown.


  9. Click OK to close the vSwitch Properties dialog.

ESX 2.x

  1. Log into the Management Interface and click Options > Advanced Settings.
  2. Set the value for Net.NotifySwitch to 0.

    NoteNet.NotifySwitch is a global setting that impacts all virtual machines.

For more information on NLB, see the Microsoft TechNet article Network Load Balancing Technical Overview.

Note: The preceding link was correct as of October 16, 2012. If you find the link is broken, please provide feedback and a VMware employee will update the link. The information provided in this link is provided as-is and VMware does not guarantee the accuracy or applicability of this information.

For related information, see Microsoft Network Load Balancing Multicast and Unicast operation modes (1006580).

Windows 2008 introduced a strong host model that does not allow different NICs to communicate with each other. For example, if a request comes in on the second NIC and if there is no default gateway set up, then the NIC will not use the first NIC to reply to the requests, even though a default gateway setup on the first NIC.

To change that behavior and return to the 2003 model, run these commands from the command prompt:

netsh interface ipv4 set interface "Local Area Connection" weakhostreceive=enable
netsh interface ipv4 set interface "Local Area Connection" weakhostsend=enable


Where Local Area Connection is the name of the network interface.

For more information, see the Microsoft TechNet Magazine article on Strong and Weak Host Models.

Note: The preceding link was correct as of October 16, 2012. If you find the link is broken, provide feedback and a VMware employee will update the link. The information provided in this link is provided as-is and VMware does not guarantee the accuracy or applicability of this information.
Source:-

No comments:

Post a Comment