none
Network Issues - Hyper-V Virtual Machine with Unicast NLB

    Question

  • Hi Everyone,

     

    Here is what my environment looks like:

    • 4 Dell r810 servers running Windows 2008 r2 core (broadcom nics)
    • I am running SCVMM 2008 R2
    • I have two VM's running Windows 2008 R2 x64 standard
    • On each VM I have two virtual synthetic NICs. Both nics "allow MAC spoofing"

    Problem: When I build a NLB cluster I am able to get convergence. I can still get to the box via the management NIC. Both Cluster IP and static IP on the NLB are not able to respond to PINGs. The Windows firewall is also disabled. I checked the properties on the virtual NIC inside the VM and I can see that the nic has a new virtual MAC address, assigned to it by NLB.

    Not sure how to solve this one. Every article I have read says to simply enable mac spoofing. Thanks for your help!

     


    -Robert
    Friday, February 04, 2011 11:19 PM

Answers

  • Hi Everyone,

     

    I finally resolved this issue. I wanted to post what I did in case others have the same problem.

    I found a Cisco article about Microsoft NLB here.

    According to this article using Unicast can cause flooding, and they recommend using IGMP multicast mode. The issue with the multicast mode is the virtual IP address (NLB address) becomes unreachable when accessed from outside the local subnet because Cisco devices do not accept an arp reply for a unicast IP address that contains a multicast MAC address. So the MAC portion of the ARP entry shows as incomplete.

    To resolve this I simply added a static ARP entry on my hardware cisco switches.

     

    Thanks Again for everyones help.


    -Robert
    Monday, February 07, 2011 8:45 PM

All replies

  • Are you pinging them from the same subnet or from a diffrent one? and if you ping them on the local subnet do you get an ARP entry in your cache? You can check by writing arp -a | find "<ip adress you pinged>".

    And lastly are there any VLANs involved?

    Friday, February 04, 2011 11:48 PM
  • The NLB is 192.168.100.96 (local is 192.168.100.99)

     

    I tried to ping both IP addresses from another host on the same subnet. I got a Destination host unreachable. However the address that I was pinging from, 192.168.100.17 did appear in the ARP table.

     


    -Robert
    Saturday, February 05, 2011 12:45 AM
  • Have you enabled MAC Spoofing on the vNICs?

    --
    Hope this helps...
     
    Kurt Roggen [BE] - MVP
    Blog: http://trycatch.be/blogs/roggenk
     
     
    "Robert.Marshall" wrote in message news:e7e9e835-514e-4331-bf36-7b7595daf055...

    Hi Everyone,

     

    Here is what my environment looks like:

    • 4 Dell r810 servers running Windows 2008 r2 core (broadcom nics)
    • I am running SCVMM 2008 R2
    • I have two VM's running Windows 2008 R2 x64 standard
    • On each VM I have two virtual synthetic NICs. Both nics "allow MAC spoofing"

    Problem: When I build a NLB cluster I am able to get convergence. I can still get to the box via the management NIC. Both Cluster IP and static IP on the NLB are not able to respond to PINGs. The Windows firewall is also disabled. I checked the properties on the virtual NIC inside the VM and I can see that the nic has a new virtual MAC address, assigned to it by NLB.

    Not sure how to solve this one. Every article I have read says to simply enable mac spoofing. Thanks for your help!

     


    -Robert
    Sunday, February 06, 2011 1:25 AM
    Moderator
  • Hi kurt, Yes I have. I also checked my arp table on the cisco swotches attached to my hyper-v hosts, the arp tables do not contain the nlb mac.
    -Robert
    Sunday, February 06, 2011 6:04 PM
  • Have you tried with both Unicast and multicast mode NLB? Multicast NLB is more forgiving of short commings in the infrastructure, but does cause some extra network traffic.
    Sunday, February 06, 2011 11:51 PM
  • Yes I have. When I enabled multicast I was able to ping other VMs, but I could not ping any physical infrastructure.
    -Robert
    Monday, February 07, 2011 4:06 PM
  • What mode are you in (unicast or multicast).
    Could you provide the mac addresses for all vNICs
     
     
     
    Kurt Roggen [BE] - MVP
    Blog: http://trycatch.be/blogs/roggenk
     
     
    "Robert.Marshall" wrote in message news:a6c84ce1-978c-41e0-8636-0cc097e8b6b3...
    Yes I have. When I enabled multicast I was able to ping other VMs, but I could not ping any physical infrastructure.
    -Robert
    Monday, February 07, 2011 8:00 PM
    Moderator
  • Hi Everyone,

     

    I finally resolved this issue. I wanted to post what I did in case others have the same problem.

    I found a Cisco article about Microsoft NLB here.

    According to this article using Unicast can cause flooding, and they recommend using IGMP multicast mode. The issue with the multicast mode is the virtual IP address (NLB address) becomes unreachable when accessed from outside the local subnet because Cisco devices do not accept an arp reply for a unicast IP address that contains a multicast MAC address. So the MAC portion of the ARP entry shows as incomplete.

    To resolve this I simply added a static ARP entry on my hardware cisco switches.

     

    Thanks Again for everyones help.


    -Robert
    Monday, February 07, 2011 8:45 PM
  • Thanks for posting back to the forums
    !
     
    Kurt Roggen [BE] - MVP
    Blog: http://trycatch.be/blogs/roggenk
     
     
    "Robert.Marshall" wrote in message news:68785a62-c20e-4737-a7e0-895185d9db04...

    Hi Everyone,

     

    I finally resolved this issue. I wanted to post what I did in case others have the same problem.

    I found a Cisco article about Microsoft NLB here.

    According to this article using Unicast can cause flooding, and they recommend using IGMP multicast mode. The issue with the multicast mode is the virtual IP address (NLB address) becomes unreachable when accessed from outside the local subnet because Cisco devices do not accept an arp reply for a unicast IP address that contains a multicast MAC address. So the MAC portion of the ARP entry shows as incomplete.

    To resolve this I simply added a static ARP entry on my hardware cisco switches.

     

    Thanks Again for everyones help.


    -Robert
    Monday, February 07, 2011 9:27 PM
    Moderator