Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Friday, March 10, 2017 9:16 PM
Hi,
I have a question, I'm a bit new on the networking area. I got the task to build a NLB, for a soon to be deployed web app.
I searched thru the internet and found a guide to follow, I'll paste the link at the end.
When I did a browsing test from another server, it worked fine. I got directed thru server A or server B using the Cluster IP (10.240.195.58 / 23)
I did as well a ping test to the 2 servers and the cluster IP and it worked out.
I tried to do the test of ping and web browsing from a different subnet, but none responded. Just to clarify even when they are different subnets, they can communicate freely, no firewall permissions are needed, because any internal communication will not go thru the firewall. The routers/Switches already allows communication between every vlan, even when a brand new server/PC connects to the network.
So I got something like the picture added. Now the configuration I did for the NLB was this
Name NIC IP NIC Name
Server A 10.240.194.223 Management
Server A 10.240.195.204 NLB
Server B 10.240.194.249 Management
Server B 10.240.195.224 NLB
Cluster IP 10.240.195.58
Subnet Mask: 255.255.254.0 (applies for all nics/cluster)
So as you can see both NICs, for both servers and cluster IP configuration is on the same VLAN.
PCs from same vlan can ping both nic on both server and cluster
PCs from another vlan can ping both nic on both server but cannot ping the cluster
Can anyone point me out what I'm doing wrong. The servers are virtualized and the vSwitch (vmware) can only point one Vlan which is the 10.240.194.0/23. 
All replies (9)
Sunday, March 12, 2017 6:33 PM ✅Answered
Hi,
Unicast – Each NLB cluster node replaces its real (hard coded) MAC address with a new one (generated by the NLB software) and each node in the NLB cluster uses the same (virtual) MAC. Because of this virtual MAC being used by multiple computers, a switch is not able to learn the port for the virtual NLB cluster MAC and is forced to send the packets destined for the NLB MAC to all ports of a switch to make sure packets get to the right destination
Multicast – NLB adds a layer 2 MAC address to the NIC of each node. Each NLB cluster node basically has two MAC addresses, its real one and its NLB generated address. With multicast, you can create static entries in the switch so that it sends the packets only to members of the NLB cluster. Mapping the address to the ports being used by the NLB cluster stops all ports from being flooded. Only the mapped ports will receive the packets for the NLB cluster instead of all ports in the switch. If you don’t create the static entries, it will cause switch flooding just like in unicast.
I'm not really familiar with the vmware produts, but at least in their document both (unicast/multicast) are possible:
Microsoft Network Load Balancing Multicast and Unicast operation modes
https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1006580
There is also example configuration document at their site:
Sample Configuration - Network Load Balancing (NLB) Multicast Mode Configuration
https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1006558
VMware recommends configuring the cluster to use NLB multicast mode even though NLB unicast mode should function correctly if you follow following vmware article:
https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1556
Regards,
-Tomi
Tomi Pietilä
Please remember to mark the replies as answers if they help and unmark them if they provide no help.
Blog
Twitter
LinkedIn
Friday, March 10, 2017 11:29 PM
Hi Ceesd, Are you using unicast or multicast with your NLB?
If you are using multicast support, you might find that your router has difficulty resolving the primary IP address into a multicast media access control (MAC) address by using the Address Resolution Protocol (ARP).
You should be able to add a static ARP entry to the router to circumvent the issue. You can also turn off NLB multicast support and use a unicast network address without a hub.
Please check the earlier post regarding the same kind of issues with setting up NLB.
https://social.technet.microsoft.com/Forums/windowsserver/en-US/7fc1e2ff-413e-4239-9594-d3205d4bb829/unable-to-ping-nlb-cluster-ip?forum=winserverClustering
Regards,
-Tomi
Tomi Pietilä
Please remember to mark the replies as answers if they help and unmark them if they provide no help.
Blog
Twitter
LinkedIn
Sunday, March 12, 2017 12:48 AM
Thanks for your reply.
Yes it is multicast. I've been reading the link you past me thru, thanks. But correct me if I'm wrong, either way if its unicast or multicast you still have to "Make sure that your router has proxy ARP support turned on"????
So what's the difference between having unicast and multicast?
as well, someone told me, though I haven't been able to find anything if its true, that if you are in an EXSi Vmware environment you have to use multicast otherwise NLB won't work properly. Is that true? I do have found guides in vmware site about configuring unicast without trouble.
Sunday, March 12, 2017 7:08 PM
Only the nic with the gateway knows how to route. Try the weak host model.
Monday, March 13, 2017 8:12 PM
Ok thanks both for your replies I manage to solve the issue. Well actually had to ask the network admin (routers switches) to make a few changes and now every vlan can ping cluster without issues.
Thanks once again!
Friday, March 17, 2017 7:08 AM
Hi,
I am checking to see if the problem has been resolved. If there's anything you'd like to know, please feel free to ask.
Best Regards
Cartman
Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact [email protected]
Tuesday, March 21, 2017 8:11 PM
Hi,
I am checking to see if the problem has been resolved. If there's anything you'd like to know, please feel free to ask.
Best Regards
Cartman
Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact [email protected]
Yes! the problem has been resolved.
Friday, October 5, 2018 1:11 PM
Hi Mate,
Can you please assist with the changes that were made by the network admin. I am facing the same issue.
Thanks in advance.
-Haresh Niwate
Monday, February 4, 2019 8:29 AM
can you please let us know what is the changes to solve the issue
Admin Azure pack issue