none
NLB Multiple Cluster IP Issue

    Question

  • Hi,

    My NLB setup is as follows:

    Each server has 1 NIC hosting the server local IP and an NLB with 2 Cluster IPs in Multicast mode.
    Our network engineers added a static arp entry for each of the 2 cluster IPs with their corresponding NLB mac addresses.

    The problem is only the 1st cluster IP configured responds to ping, the additional cluster IP does not.
    If I remove the cluster IPs in NLB and add them in the other way around i.e. the additional IP is now the 1st IP and the 1st IP is now the additional IP, then the (now) first IP responds to ping but the additional IP does not.

    Our network engineer traced the traffic and both cluster IPs are responding on the 1st cluster IPs mac address instead of on their own mac address. One workaround is to have both arp entries on the switch have the same mac address.

    My question is should we be doing this or is something not working as it should?

    Many thanks in advance,
    Ross

    • Moved by Tiger Li Thursday, August 09, 2012 7:01 AM (From:Platform Networking)
    Tuesday, August 07, 2012 5:13 PM

All replies

  • Hi Ross,

    Thanks for posting here.

    > Each server has 1 NIC hosting the server local IP and an NLB with 2 Cluster IPs in Multicast mode.

    May I know any particular reason we assigned multiple addresses to NLB dedicate interface on these nodes ? which IP address were we specified  when creating cluster ?

    Specifying the Cluster Host Parameters

    http://technet.microsoft.com/en-us/library/cc759273(WS.10).aspx

    >Our network engineers added a static arp entry for each of the 2 cluster IPs with their corresponding NLB mac addresses.

    Perhaps we need to verify the entries in ARP table on switch :

    Multicast

    You can also opt to deploy NLB using multicast.  With multicast, each NLB node effectively has two MAC addresses: a physical MAC and a multicast MAC.  Switches typically do not associate ports with a multicast MAC address, so the traffic will be flooded out all ports.  The flooding of the multicast traffic may cause unintended network performance issues.  To resolve these issues, you can configure the switch with static mappings of the multicast MAC and the ports that the NLB nodes are connected to.

    Preparing the Network for NLB 2008

    http://blogs.technet.com/b/networking/archive/2008/05/15/preparing-the-network-for-nlb-2008.aspx

    Thanks.

    Tiger Li


    Tiger Li

    TechNet Community Support

    Thursday, August 09, 2012 7:36 AM
  • Hi Tiger,

    Thanks for your reply.
    The reason we are using multiple cluster IPs is to dedicate each IP to a website. If we add another website in IIS, will we bind it to a new cluster IP. We then set the port rules to listen on port 80 for each IP in NLB.
    That way we can drainstop any one of the port rules - hence drain a website without affecting the other websites.
    It's a slightly unusual setup but it should work just fine provided we can get around this issue.

    A simple test to tell that it's not working as it should..
    If I ping the additional cluster IP from another server in the same subnet and then do "arp -a" from the command line, I can see an entry of the additional cluster IP with the mac address of the first cluster IP which is incorrect.
    This is why the static arp entry on the Cisco switch doesn't work because the wrong mac address is being used.

    I hope this helps describe the issue we are having.

    Thanks

    Ross

    Thursday, August 09, 2012 12:12 PM
  • Hi Ross,

    Thanks for posting here.

    The workaround in the post below may will be helpful for you:

    http://forums.iis.net/t/1170052.aspx

    Thanks.

    Tiger Li


    Tiger Li

    TechNet Community Support

    Friday, August 10, 2012 5:46 AM
  • Hi Tiger,

    Thanks for coming back to me again.
    I've read this article already. It is just asking how to set it up but I've gotten past that already.
    I've set it up but am having a technical issue where the NLB is not returning the correct mac address for each cluster IP. Pinging either of the 2 cluster IPs creates an arp entry for each IP with the same mac address.

    A workaround is to create static arp entries on the switch for each of the 2 cluster IPs with the same mac address (mac of cluster IP 1). Is this expected behaviour?

    Many thanks,
    Ross

    Friday, August 10, 2012 12:23 PM
  • Did you ever get anywhere with this? I am having the same issue with NLB on our SharePoint Servers. I'm trying to tie multiple SSL certs to the server for each site, so I have setup multiple NLB IPs to bind the sites to, but when I bind it and change dns, I can't connect anymore.

    Lazer Systems Admin

    Friday, September 21, 2012 12:19 PM
  • Hi,

    I ended up logging a call with Microsoft for this issue. Here is their response:

    PROBLEM:
    While adding multiple VIPs to the NLB cluster, the cluster was using the MAC derived from the first virtual IP (VIP) for communication.

    CAUSE:
    This is expected behavior.

    RESOLUTION:
    The placeholder for the cluster IP can just hold one IP address and thus the MAC corresponding to first VIP added to the cluster will be used by the cluster.
    The static ARP entries have to be added pointing all the VIPs to the MAC derived from the first VIP.

    Friday, September 21, 2012 3:45 PM
  • We figured this out for our system as well. We had to setup ARP entried in the Cisco Switch for the VIPs to the first NLB MAC. Now we can ping the VIPs all day long!

    Lazer Systems Admin

    Tuesday, January 29, 2013 3:03 PM