Netgear Switch stacks and NLB
-
Tuesday, November 29, 2011 10:18 AM
Hi,
I've tried putting this in the Exchange forum, as its an Exchange environment I have a problem with. Can't see how to link forum posts, so I'll have to republish here..
Hi All,
I'm investigating an issue with two netgear stacks and the Network Load Balancer feature of 2008. I know the NLB can be used for many things, but in my case its used on the CAS's of my Exchange server, hence posting in an Exchange forum.
The two netgear switches are connected togerther via a LAG (or a trunk). STACK1 has the Outlook clients on it. STACK3 has the Exchange/VMware servers. These are managed L2 switches. (STACK2 isn't related)
The symptom I'm seeing, is that any packet being sent from the clients to the exchange server, was being sent to each port on STACK1 (4*48 ports). So SSL traffic from another Outlook client was visible to my PC, if I ran up wireshark.
When we initially setup the CAS's with our 3rd party installers, we found an issue with a Draytek router, where it wouldn't pass traffic to/from the NLB. Draytek helped us uncover the fact that the NLB was switching the MAC constantly, and that the Draytek therefore didn't know which MAC was the correct one for the NLB IP. The fix in the Draytek was to hard-code the MAC of the NLB into it.
After checking with Netgear, it seems that this also is the fix for my seeming 'broadcast' issue there too. When I tried searching for the NLB MAC on STACK1, I actually couldn't find it there at all, which was the same symptom on the Draytek. As its all L2, it didn't make sense.
So I've now added a Permanent address linking the NLB MAC to LAG1.
This now seems to of solved my broadcasting issue, but what I'm still seeing, is two return packets from the NLB back to the clients on STACK1. Clients don't seem to mind this, but, for example if I ping the NLB from a Redhat server, it shows the double-reply (Windows doesn't).
I think this is because STACK3 is having the same problem. As the NLB is virtualised in VMWARE, it could appear on as many as 12 separate Host NIC ports, which means I can't bind the NLB MAC to one specific port on STACK3, as I did on STACK1.
So this whole thing now sounds quite wrong to me, and that there must be some fundamental issue that I'm missing.
Anyone else seen this? or got ideas on how it should be working?
STACK1 is an older Netgear set of switches, running the latest firmware they can. STACK3 is brand new Gigabit switches, also up-to-date.
All Replies
-
Thursday, December 01, 2011 2:44 PM
Hi,
I dont know if the links below will help you, but have a check at them
http://blogs.msdn.com/b/brad_hughes/archive/2008/05/05/how-not-to-deploy-client-access-servers.aspx
http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/0b84bf09-0570-4564-a438-ff7e5a56643d
http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/a20b2bd6-655c-4a16-a318-a62d0d4b4ddd
http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/888bf549-ab3d-4f02-98ac-945dce4340c1
http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/b6c7c0eb-ea44-4300-ad10-9e955a7213b4
http://social.technet.microsoft.com/Forums/en/exchangesvravailabilityandisasterrecovery/thread/6277b695-8f18-413d-9be0-deeba2d284ef
http://marksmith.netrends.com/Lists/Posts/Post.aspx?ID=71
http://blogs.kraftkennedy.com/index.php/2009/11/25/configuring-nlb-for-exchange-2010-cas-load-balancing/
http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/a7f1323a-f208-439a-9926-d8d1f98dbc11
http://blogs.technet.com/b/arturlr/archive/2010/06/07/load-balancing-deep-dive.aspx
Jonas Andersson | Microsoft Community Contributor Award 2011 | MCITP: EMA 2007/2010 | Blog: http://www.testlabs.se/blog | Follow me on twitter: jonand82 -
Tuesday, December 13, 2011 10:26 AMThanks I will do.
-
Thursday, December 15, 2011 8:56 AMThis request needs deeper understanding of the environment / troubleshooting, please create a service ticket with support to take it further.
-
Friday, April 27, 2012 10:04 AM
Hi Sureshbd,
I think I might need to create that ticket... its still affecting users and I can't see why.
Thanks
Adrian
.png)
