Saturday, January 03, 2009 2:09 AM
A server has 2 NICs for Load Balancing.
THE PROBLEM: replies come back from NIC1 using IP of NIC2, which is on a different subnet with the gateway, so the gateway drops the packet. A packet capture on the router looks like this:
src=[user ip], dest=[wan ip], port-src=4568, port-dest=80, action=forward to 192.168.2.5 (to NLB IP by NAT rule)
src=[192.168.2.5], dest=[192.168.1.1], port-src=80, port-dest=4568, action=drop (diff. subnet)
How can I force NIC1 to forward the packet using its own IP (192.168.1.2)?
Any better ideas?
NIC1 is the primary NIC
NIC2 used for NLB
IP: 192.168.2.2(dedicated), 192.168.2.5 (NLB)
Packet forwarding: enabled
Both sit behind a firewall with 2 LAN interfaces: IntA (192.168.1.1) and IntB (192.168.2.1).
All port 80 traffic goes like this:
User IP -> WAN -> IntB ->SwitchB-> [NIC2 -> NIC1] ->SwitchA -> IntA -> WAN -> User IP
The reason it's split into 2 segments is because of the flooding NLB creates. To minimise the load all replies are sent back via a different switch.
Wednesday, January 07, 2009 4:17 PMHi,
let me see if I have understood your packet flow correctly.
NAT - Firewall
User IP --> WanIP:80 | Internal-IP (192.168.2.5:80)
Here the incoming flow ends. Your packet is than replied using its default gateway (192.168.1.1) but from (192.168.2.5) that is correct, because it is the adressed IP->wrong Subnet-> packet dropped.
You are saying you have flooding problems, so I guess you are using unicast mode. You will reduce your flooding by using multicast and if your switches are capable, you can additionally activate IGMP.
You can modify your gateway to 192.168.2.5 and team your second nic, if possible.
Hope this helps.
Tuesday, January 13, 2009 2:12 AMxminet,
Here is a posting from the server.networking ng about a similar problem which may help you.
I figured out with a call to Microsoft Tech support.
Windows 2008 introduces a "strong host model" that doesn't allow the
different NICs to talk to each other. For example, if a request comes in on
the 2nd NIC and there's no default gateway setup, then the NIC will not use
the 1st NIC to reply to the requests. (even though there's a default gateway
setup on that 1st NIC).
In order to change that behaviour and go back to a 2003 model, you go to the
command prompt and then you type:
netsh interface ipv4 set interface NLB weakhostreceive=enable
netsh interface ipv4 set interface NLB weakhostsend=enable
(where NLB is the name of the network interface... default is Local Area
As an alternative, you can set a default gateway on the 2nd NIC but that can
introduce more problems where the system doesn't know which way to send
traffic. MS said that I could set the metric to 2 on the 2nd NIC and that
way it will only be used if the 1st NIC is unavailable.