none
How to properly configure NLB cluster in Windows 2008

    Pregunta

  • Hi,
     
    I have just tried to configure 2 node Windows 2008 NLB cluster and I run into problem.
    Until now I have successfully installed Windows Server 2003 NLB clusters. I used 2 nic per node and unicast mode.

    For example

        Node1                                                        Node2
                    Pub Interface (default)                                Pub Interface (default)
                            IP:192.168.1.11/24                                    IP:192.168.1.12/24
                            GW: 192.168.1.1                                        GW: 192.168.1.1


                    NLB Interface*                                                 NLB Interface*
                            IP:192.168.1.12/24                                    IP: 192.168.1.13/24
                            GW:-                                                           GW:-

    *DNS registration, File Share client and server, NetBIOS over TCP/IP disabled on this interface.

    After configuring IP addresses I would run NLB manager and configure cluster in unicast mode.


    When I tried this on Windows Server 2008, I could not access NLB address outside local subnet. Only when I configure DEFAULT GATEWAY on both NIC's, NLB started working.

    When I run network monitor I notices that in this configuration, Windows 2003 would always respond using Public LAN (source MAC address would be from public NIC), no matter if i tried to connect to Public or NLB IP address.

    In Windows 2008 if I tried to connect to Public IP, response packet would had source MAC address from Public NIC and when I accessed NLB address then source MAC would be from NLB NIC. For me this looks like change from 2003.

    So how do we correctly configure unicast NLB cluster with 2 NIC's in Windows Server 2008? Do we just add default gateway to NLB NIC?


    Krunoslav

    P.S.
    When I tried to search for solution I found that other people had this issue.

     

    jueves, 14 de agosto de 2008 21:41

Respuestas

  • Hi Guys,

    After some research on the Internet, reading, thinking and long hours of playing with settings, I found only ONE configuration that works for me!

    Actually, we faced two troubles with NLB since the beginning of testing:
    1) "could not access NLB address outside local subnet"
    2) could not access NLB at all when two nodes were off and then we enable one on windows 2008

    Key points of working configuration:

    • Specify gateway on the dedicated network interface for NLB on Windows Server 2008 node
    • When using Hyper-V and Windows Server 2003 as a Child Partition, use Legacy Network Adapter with static MAC address of NLB Virtual IP

     

    If you are interested in our setup, please find all details below.


    In terms of hardware, we use two HP Proliant DL 380 G5 with two E5310 CPU and 4GB each. These boxes have 2 network adapters on board (NIC1, NIC2 for the first box and NIC3, NIC4 for the second one).

    As for software, we installed Windows Server 2008 Standard 64 bit with Hyper-V role on both machines. Now in Microsoft (MS) terminology we should refer to Windows Server 2008 instances as to Parent Partitions (PP1 for the first box and PP2 for the second one). We created a Virtual Machine (VM) with Windows Server 2003 R2 Standard 32 bit and run it as a Child Partition on every server (CP1 on PP1 and CP2 on PP2). In total, there are two Windows Server 2008 PP and two Windows Server 2003 R2 CP.

    We configured CP with 4 virtual CPU and 2 GB of RAM. All latest MS updates are installed. HP teaming is not present on PP.  

    Final working network configuration is as follows (network part of IPv4 addresses. IPv6 and MAC address except last digits were removed):

    xx  - single Class C subnet

    DIP – Dedicated IP for NLB NIC

    VIP – Virtual IP of NLB cluster

    >ipconfig /all on PP1


    Ethernet adapter Virtual LAN-V and LAN (xx.103 and xx.107):

     

       Connection-specific DNS Suffix  . :

       Description . . . . . . . . . . . : HP NC373i Multifunction Gigabit Server Adapter #2 - Virtual Network

       Physical Address. . . . . . . . . : xx-F6

       DHCP Enabled. . . . . . . . . . . : No

       Autoconfiguration Enabled . . . . : Yes

       Link-local IPv6 Address . . . . . : xx::xx(Preferred)

       IPv4 Address. . . . . . . . . . . : xx.103(Preferred)

       Subnet Mask . . . . . . . . . . . : 255.255.255.0

       IPv4 Address. . . . . . . . . . . : xx.107(Preferred)

       Subnet Mask . . . . . . . . . . . : 255.255.255.0

       Default Gateway . . . . . . . . . : xx.1

       DNS Servers . . . . . . . . . . . : xx.101

                                           xx.111

       NetBIOS over Tcpip. . . . . . . . : Enabled

     

    Ethernet adapter FE NLB1 LAN (DIP xx.127 and VIP xx.117 with gw): 

       Connection-specific DNS Suffix  . :

       Description . . . . . . . . . . . : HP NC373i Multifunction Gigabit Server Adapter

       Physical Address. . . . . . . . . : xx-75

       DHCP Enabled. . . . . . . . . . . : No

       Autoconfiguration Enabled . . . . : Yes

       IPv4 Address. . . . . . . . . . . : xx.127(Preferred)

       Subnet Mask . . . . . . . . . . . : 255.255.255.0

       IPv4 Address. . . . . . . . . . . : xx.117(Preferred)

       Subnet Mask . . . . . . . . . . . : 255.255.255.0

       Default Gateway . . . . . . . . . : xx.1

       NetBIOS over Tcpip. . . . . . . . : Disabled

     

    Note: The second hardware NIC HP NC373i Multifunction Gigabit Server Adapter #2 was used to create a bridge for virtual NIC HP NC373i Multifunction Gigabit Server Adapter #2 - Virtual Network to run CP1 (external connection type in Virtual Network Manager). Because we dedicated the first hardware NIC to NLB Unicast, we decided to share second hardware NIC for PP1 communications inside LAN and CP1 virtual network - that’s why we called it like Virtual LAN-V and LAN (xx.103 and xx.107). This trick is done by enabling only one bidding on the second hardware NIC – Microsoft Virtual Switch Protocol and configuring normal IPv4 bidding on NIC HP NC373i Multifunction Gigabit Server Adapter #2 - Virtual Network that is used as external connection type in Virtual Network Manager for CP1 as well. Legacy Network Adapter was used for CP1.

     

    >ipconfig /all  on PP2

    Ethernet adapter LAN 10.110.62.101: 
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : HP NC373i Multifunction Gigabit Server Adapter
       Physical Address. . . . . . . . . : xx-56
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : xx::xx(Preferred) 
       IPv4 Address. . . . . . . . . . . : xx.101(Preferred) 
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : xx.1
       DNS Servers . . . . . . . . . . . : ::1
                                           127.0.0.1
                                           xx.10
                                           xx.123
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Note: The second hardware NIC HP NC373i Multifunction Gigabit Server Adapter #2 is dedicated to CP2 and used as a bridge (we call it LAN-V Bridge) for virtual NIC HP NC373i Multifunction Gigabit Server Adapter #2 - Virtual Network (external connection type in Virtual Network Manager). So, only one bidding is configured on this hardware NIC – Microsoft Virtual Switch Protocol. To create dedicated virtual NIC, we un-ticked all bindings on NIC HP NC373i Multifunction Gigabit Server Adapter #2 - Virtual Network – so it can’t be used by host PP2! Legacy Network Adapter was used for CP2, as well.

     
    FYI Please find good explanation of virtual networking with Hyper-V here - http://blogs.technet.com/jhoward/archive/2008/06/17/hyper-v-what-are-the-uses-for-different-types-of-virtual-networks.aspx

    >ipconfig /all on CP2

    Ethernet adapter LAN xx.105:
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft Virtual Machine Bus Network Adapter
       Physical Address. . . . . . . . . : xx-03
       DHCP Enabled. . . . . . . . . . . : No
       IP Address. . . . . . . . . . . . : xx.105
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : xx.1
       DNS Servers . . . . . . . . . . . : xx.101
                                        xx.111

    Ethernet adapter FE NLB2 LAN (DIP xx.128 and VIP xx.117):


       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Intel 21140-Based PCI Fast Ethernet Adapter (Generic)
       Physical Address. . . . . . . . . : xx-75
       DHCP Enabled. . . . . . . . . . . : No
       IP Address. . . . . . . . . . . . : xx.117
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       IP Address. . . . . . . . . . . . : xx.128
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . :
      NetBIOS over Tcpip. . . . . . . . : Disabled

     

    We installed web server (IIS) on all server instances, but we have special design requirement regarding NLB: need to load balance IIS7 on PP1 with IIS6 on CP2.

    To sum up, we are configuring 2-nodes unicast NLB cluster with 2 NIC's on each server instance. One node is Windows Server 2008 Standard 64 bit Parent Partition (PP1) with Hyper-V role installed, another one - Windows Server 2003 Standard 32 bit running as a Child Partition (CP2) on another Windows Server 2008 Standard 64 bit Parent Partition (PP2) with Hyper-V box. We installed NLB feature on PP1 and NLB component on CP2.

    Procedure of creating working NLB for thus particular scenario is as follows:

    Using NLB Manager on PP1 we create standard unicast NLB with cluster Virtual IP - VIP xx.117. Take a note of the network address (MAC) of the cluster (xx-75) – we will use it to configure Legacy NIC for CP2. Then we connect to the 1st master node (PP1), select Ethernet adapter FE NLB1 LAN (DIP xx.127 and VIP xx.117 with gw) for NLB, then assign 1st host priority and dedicated IP - DIP xx.127. When the host is converged, we go to the properties of FE NLB1 LAN (DIP xx.127 and VIP xx.117 with gw) on PP1 and change them manually in the following way:

    • Un-tick all bindings, leave only NLB and TCP/IPv4
    • Specify gateway on the TCP/IPv4 properties (xx.1)
    • On Advanced Settings, IP Settings tab un-tick Automatic metric and assign 20 as Interface metric
    • On Advanced Settings, WINS tab Disable NETBIOS over TCP-IP

    Go to TCP/IPv4 properties of the Ethernet adapter Virtual LAN-V and LAN (xx.103 and xx.107) on PP1 and un-tick
    Automatic metric as well - assign 1 as Interface metric.

    Shut down CP2 and go to settings of this VM on PP2. Go to Legacy Network Adaptor settings and change MAC address
    from Dynamic to Static – specify it as network address (MAC) of the NLB cluster. Start CP2.

    Then in NLB  Manager on PP1 we add the second node – CP2. 
    Select Add Host to the cluster and connect to the CP2, select Ethernet adapter FE NLB2 LAN (DIP xx.128 and VIP xx.117)
    for NLB, assign 2nd host priority and dedicated IP - DIP xx.128. When the host is converged, we go to the properties of
    FE NLB2 LAN (DIP xx.128 and VIP xx.117) on CP2 and change them manually in the following way:
     
    • Un-tick all bindings, leave only NLB and TCP/IP
    • On Advanced Settings, IP Settings tab un-tick Automatic metric and assign 20 as Interface metric
    • On Advanced Settings, WINS tab Disable NETBIOS over TCP-IP

    Go to TCP/IPv4 properties of the Ethernet adapter LAN xx.105 on CP2 and un-tick Automatic metric as well - assign 1 as Interface metric.

     

    OK, it’s done now!

    I tested connectivity using simple ping command from workstation on the same and different subnets – everything worked.

    Testing – my scenario:

    • disable NLB NIC on PP1 or CP2, and still can ping VIP (active node replies)
    • disable remaining NLB NIC , and cannot ping VIP (both nodes are down)
    • enable PP1 or CP2 (test both), starts pinging VIP (active node replies)

    Hope my post could help someone with NLB on Windows Server 2008 and beyond :-)

     

    viernes, 19 de septiembre de 2008 7:22

Todas las respuestas

  • This is from http://technet.microsoft.com/en-us/library/cc771300.aspx so you might need to edit the port rules since I don't know what you're clustering.
     

    To create an NLB cluster
    1. To open Network Load Balancing Manager, click Start, click Administrative Tools, and then click Network Load Balancing Manager. You can also open Network Load Balancing Manager by typing Nlbmgr from a command prompt.

    2. Right-click Network Load Balancing Clusters, and then click New Cluster.

    3. Connect to the host that is to be a part of the new cluster. In Host, enter the name of the host, and then click Connect.

    4. Select the interface that you want to use with the cluster, and then click Next. (The interface hosts the virtual IP address and receives the client traffic to load balance.)

    5. In Host Parameters, select a value in Priority (Unique host identifier). This parameter specifies a unique ID for each host. The host with the lowest numerical priority among the current members of the cluster handles all of the cluster's network traffic that is not covered by a port rule. You can override these priorities or provide load balancing for specific ranges of ports by specifying rules on the Port rules tab of the Network Load Balancing Properties dialog box. Click Next to continue.

    6. In Cluster IP Addresses, click Add to enter the cluster IP address that is shared by every host in the cluster. NLB adds this IP address to the TCP/IP stack on the selected interface of all hosts chosen to be part of the cluster. NLB doesn't support Dynamic Host Configuration Protocol (DHCP). NLB disables DHCP on each interface it configures, so the IP addresses must be static. Click Next to continue.

    7. In Cluster Parameters, type values in IP Address and Subnet mask (for IPv6 addresses, subnet mask is not needed). A full Internet name is not needed when using NLB with Terminal Services.

    8. In Cluster operation mode, click Unicast to specify that a unicast media access control (MAC) address should be used for cluster operations. In unicast mode, the MAC address of the cluster is assigned to the network adapter of the computer, and the built-in MAC address of the network adapter is not used. It is recommended that you accept the unicast default settings. Click Next to continue.

    9. In Port Rules, click Edit to modify the default port rules. Configure the rules as follows:

      In Port Range, specify a range of 3389 to 3389 so that the new rule applies only to RDP traffic.

      In Protocols, select TCP as the specific TCP/IP protocol that a port rule should cover. Only the network traffic for the specified protocol is affected by the rule. Traffic not affected by the port rule is handled by the default host.

      In Filtering mode, select Multiple host, which specifies that multiple hosts in the cluster handle network traffic for this port rule.

      In Affinity (which applies only for the Multiple host filtering mode), select None if you are planning to use TS Session Broker. Select Single if you are not planning to use TS Session Broker.

    10. Click Finish to create the cluster.


    Technet Forums Moderator | Solution Specialist | Ask The Experts IT-forum
    martes, 19 de agosto de 2008 7:09
  • Hi Joachim,

    Nice cut & paste you done here. This doesn't explain how to configure the cluster network but the client network. The question said that he is using 2 NIC's per node. How do you congure the "NLB Interface"?
    Thanks
    TMT.
    asc
    jueves, 28 de agosto de 2008 8:06
  • Hi Guys,

    Just let you know, that we faced the same trouble, i.e. "could not access NLB address outside local subnet".

    We configured 2-nodes unicast NLB cluster with 2 NIC's on each server instance. But unlike pure Windows Server 2008 NLB cluster from the first post, one of our nodes is Windows Server 2008 parent partition with Hyper-V role installed, another one - Windows Server 2003 running as a child partition on another Windows Server 2008 Hyper-V box. Do not ask me, why we use this Hyper-V virtual thingy ;-) mostly to save money on hardware and to utilize existing Windows Server 2003 licenses.

    In addition, we played with 2-nodes unicast NLB setup using only Windows Server 2008, but - same trouble. Hyper-V was used in this scenario as well: 1st node - Windows Server 2008 parent partition with Hyper-V role installed, another one - Windows Server 2008 running as a child partition on another Windows Server 2008 Hyper-V box.

    BTW, to add Windows Server 2008 child partition to NLB cluster, HotFix from Microsoft should be applied and virtual network card (NIC) has to be manually configured using Virtual Network Manager tool with MAC address of Virtual NLB interface (more details in KB 953828)... A lot of 'virtual', hah?!

    To recap, it seems like using default settings for NLB with Windows 2008 is not a good idea. And I could not find any kind of best practices for proper NLB setup for different scenarios so far. Any help?

    Cheers, Vic

    P.S. Discussion related to running NLB with Hyper-V - http://social.technet.microsoft.com/forums/en-US/winserverhyperv/thread/dcda9a2c-a0a9-4fb6-86eb-a2e86ea9f745/
    • Editado vicavr miércoles, 10 de septiembre de 2008 6:51
    miércoles, 10 de septiembre de 2008 6:30
  • Hi Guys,

    After some research on the Internet, reading, thinking and long hours of playing with settings, I found only ONE configuration that works for me!

    Actually, we faced two troubles with NLB since the beginning of testing:
    1) "could not access NLB address outside local subnet"
    2) could not access NLB at all when two nodes were off and then we enable one on windows 2008

    Key points of working configuration:

    • Specify gateway on the dedicated network interface for NLB on Windows Server 2008 node
    • When using Hyper-V and Windows Server 2003 as a Child Partition, use Legacy Network Adapter with static MAC address of NLB Virtual IP

     

    If you are interested in our setup, please find all details below.


    In terms of hardware, we use two HP Proliant DL 380 G5 with two E5310 CPU and 4GB each. These boxes have 2 network adapters on board (NIC1, NIC2 for the first box and NIC3, NIC4 for the second one).

    As for software, we installed Windows Server 2008 Standard 64 bit with Hyper-V role on both machines. Now in Microsoft (MS) terminology we should refer to Windows Server 2008 instances as to Parent Partitions (PP1 for the first box and PP2 for the second one). We created a Virtual Machine (VM) with Windows Server 2003 R2 Standard 32 bit and run it as a Child Partition on every server (CP1 on PP1 and CP2 on PP2). In total, there are two Windows Server 2008 PP and two Windows Server 2003 R2 CP.

    We configured CP with 4 virtual CPU and 2 GB of RAM. All latest MS updates are installed. HP teaming is not present on PP.  

    Final working network configuration is as follows (network part of IPv4 addresses. IPv6 and MAC address except last digits were removed):

    xx  - single Class C subnet

    DIP – Dedicated IP for NLB NIC

    VIP – Virtual IP of NLB cluster

    >ipconfig /all on PP1


    Ethernet adapter Virtual LAN-V and LAN (xx.103 and xx.107):

     

       Connection-specific DNS Suffix  . :

       Description . . . . . . . . . . . : HP NC373i Multifunction Gigabit Server Adapter #2 - Virtual Network

       Physical Address. . . . . . . . . : xx-F6

       DHCP Enabled. . . . . . . . . . . : No

       Autoconfiguration Enabled . . . . : Yes

       Link-local IPv6 Address . . . . . : xx::xx(Preferred)

       IPv4 Address. . . . . . . . . . . : xx.103(Preferred)

       Subnet Mask . . . . . . . . . . . : 255.255.255.0

       IPv4 Address. . . . . . . . . . . : xx.107(Preferred)

       Subnet Mask . . . . . . . . . . . : 255.255.255.0

       Default Gateway . . . . . . . . . : xx.1

       DNS Servers . . . . . . . . . . . : xx.101

                                           xx.111

       NetBIOS over Tcpip. . . . . . . . : Enabled

     

    Ethernet adapter FE NLB1 LAN (DIP xx.127 and VIP xx.117 with gw): 

       Connection-specific DNS Suffix  . :

       Description . . . . . . . . . . . : HP NC373i Multifunction Gigabit Server Adapter

       Physical Address. . . . . . . . . : xx-75

       DHCP Enabled. . . . . . . . . . . : No

       Autoconfiguration Enabled . . . . : Yes

       IPv4 Address. . . . . . . . . . . : xx.127(Preferred)

       Subnet Mask . . . . . . . . . . . : 255.255.255.0

       IPv4 Address. . . . . . . . . . . : xx.117(Preferred)

       Subnet Mask . . . . . . . . . . . : 255.255.255.0

       Default Gateway . . . . . . . . . : xx.1

       NetBIOS over Tcpip. . . . . . . . : Disabled

     

    Note: The second hardware NIC HP NC373i Multifunction Gigabit Server Adapter #2 was used to create a bridge for virtual NIC HP NC373i Multifunction Gigabit Server Adapter #2 - Virtual Network to run CP1 (external connection type in Virtual Network Manager). Because we dedicated the first hardware NIC to NLB Unicast, we decided to share second hardware NIC for PP1 communications inside LAN and CP1 virtual network - that’s why we called it like Virtual LAN-V and LAN (xx.103 and xx.107). This trick is done by enabling only one bidding on the second hardware NIC – Microsoft Virtual Switch Protocol and configuring normal IPv4 bidding on NIC HP NC373i Multifunction Gigabit Server Adapter #2 - Virtual Network that is used as external connection type in Virtual Network Manager for CP1 as well. Legacy Network Adapter was used for CP1.

     

    >ipconfig /all  on PP2

    Ethernet adapter LAN 10.110.62.101: 
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : HP NC373i Multifunction Gigabit Server Adapter
       Physical Address. . . . . . . . . : xx-56
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : xx::xx(Preferred) 
       IPv4 Address. . . . . . . . . . . : xx.101(Preferred) 
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : xx.1
       DNS Servers . . . . . . . . . . . : ::1
                                           127.0.0.1
                                           xx.10
                                           xx.123
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Note: The second hardware NIC HP NC373i Multifunction Gigabit Server Adapter #2 is dedicated to CP2 and used as a bridge (we call it LAN-V Bridge) for virtual NIC HP NC373i Multifunction Gigabit Server Adapter #2 - Virtual Network (external connection type in Virtual Network Manager). So, only one bidding is configured on this hardware NIC – Microsoft Virtual Switch Protocol. To create dedicated virtual NIC, we un-ticked all bindings on NIC HP NC373i Multifunction Gigabit Server Adapter #2 - Virtual Network – so it can’t be used by host PP2! Legacy Network Adapter was used for CP2, as well.

     
    FYI Please find good explanation of virtual networking with Hyper-V here - http://blogs.technet.com/jhoward/archive/2008/06/17/hyper-v-what-are-the-uses-for-different-types-of-virtual-networks.aspx

    >ipconfig /all on CP2

    Ethernet adapter LAN xx.105:
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft Virtual Machine Bus Network Adapter
       Physical Address. . . . . . . . . : xx-03
       DHCP Enabled. . . . . . . . . . . : No
       IP Address. . . . . . . . . . . . : xx.105
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : xx.1
       DNS Servers . . . . . . . . . . . : xx.101
                                        xx.111

    Ethernet adapter FE NLB2 LAN (DIP xx.128 and VIP xx.117):


       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Intel 21140-Based PCI Fast Ethernet Adapter (Generic)
       Physical Address. . . . . . . . . : xx-75
       DHCP Enabled. . . . . . . . . . . : No
       IP Address. . . . . . . . . . . . : xx.117
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       IP Address. . . . . . . . . . . . : xx.128
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . :
      NetBIOS over Tcpip. . . . . . . . : Disabled

     

    We installed web server (IIS) on all server instances, but we have special design requirement regarding NLB: need to load balance IIS7 on PP1 with IIS6 on CP2.

    To sum up, we are configuring 2-nodes unicast NLB cluster with 2 NIC's on each server instance. One node is Windows Server 2008 Standard 64 bit Parent Partition (PP1) with Hyper-V role installed, another one - Windows Server 2003 Standard 32 bit running as a Child Partition (CP2) on another Windows Server 2008 Standard 64 bit Parent Partition (PP2) with Hyper-V box. We installed NLB feature on PP1 and NLB component on CP2.

    Procedure of creating working NLB for thus particular scenario is as follows:

    Using NLB Manager on PP1 we create standard unicast NLB with cluster Virtual IP - VIP xx.117. Take a note of the network address (MAC) of the cluster (xx-75) – we will use it to configure Legacy NIC for CP2. Then we connect to the 1st master node (PP1), select Ethernet adapter FE NLB1 LAN (DIP xx.127 and VIP xx.117 with gw) for NLB, then assign 1st host priority and dedicated IP - DIP xx.127. When the host is converged, we go to the properties of FE NLB1 LAN (DIP xx.127 and VIP xx.117 with gw) on PP1 and change them manually in the following way:

    • Un-tick all bindings, leave only NLB and TCP/IPv4
    • Specify gateway on the TCP/IPv4 properties (xx.1)
    • On Advanced Settings, IP Settings tab un-tick Automatic metric and assign 20 as Interface metric
    • On Advanced Settings, WINS tab Disable NETBIOS over TCP-IP

    Go to TCP/IPv4 properties of the Ethernet adapter Virtual LAN-V and LAN (xx.103 and xx.107) on PP1 and un-tick
    Automatic metric as well - assign 1 as Interface metric.

    Shut down CP2 and go to settings of this VM on PP2. Go to Legacy Network Adaptor settings and change MAC address
    from Dynamic to Static – specify it as network address (MAC) of the NLB cluster. Start CP2.

    Then in NLB  Manager on PP1 we add the second node – CP2. 
    Select Add Host to the cluster and connect to the CP2, select Ethernet adapter FE NLB2 LAN (DIP xx.128 and VIP xx.117)
    for NLB, assign 2nd host priority and dedicated IP - DIP xx.128. When the host is converged, we go to the properties of
    FE NLB2 LAN (DIP xx.128 and VIP xx.117) on CP2 and change them manually in the following way:
     
    • Un-tick all bindings, leave only NLB and TCP/IP
    • On Advanced Settings, IP Settings tab un-tick Automatic metric and assign 20 as Interface metric
    • On Advanced Settings, WINS tab Disable NETBIOS over TCP-IP

    Go to TCP/IPv4 properties of the Ethernet adapter LAN xx.105 on CP2 and un-tick Automatic metric as well - assign 1 as Interface metric.

     

    OK, it’s done now!

    I tested connectivity using simple ping command from workstation on the same and different subnets – everything worked.

    Testing – my scenario:

    • disable NLB NIC on PP1 or CP2, and still can ping VIP (active node replies)
    • disable remaining NLB NIC , and cannot ping VIP (both nodes are down)
    • enable PP1 or CP2 (test both), starts pinging VIP (active node replies)

    Hope my post could help someone with NLB on Windows Server 2008 and beyond :-)

     

    viernes, 19 de septiembre de 2008 7:22
  • We had a Similar issue with a 2008 cluster, which turned out to be a problem with both Unicast and Multicast IGMP.  We contacted premier support and worked with them for quite a bit, to discover (or bet told that)  this is a "feature" in 2008.  By default, IP forwarding is disabled.  A cluster with multiple NICs will not respond without a default gateway enabled.  This can be worked around by entering the following command from a command prompt:

    replace the section in quotes with the name of the cluster NIC.
    --netsh interface ipv4 set int "Front-end" forwarding=enabled 
    martes, 28 de octubre de 2008 19:28
  • Hi,

    I am also facing a similar issue with Windows 2008 NLB when configured in unicat mode is not accessible from other subnet.

    I have two NIC cards.

    One nic card of both hosts is connected to nortel switch and assigned IP address 10.X.X.X with NLB enabled (local Area Connection).

    Another NIC of both hosts is connected via crossover cable and assigned IP address 192.168.X.X (heartbeat).

    It works fine when changed to multicast mode. However, I want itto run in Unicast mode.

    I run the command you mentioned that is

    --netsh interface ipv4 set int "Local Area Connection" forwarding=enabled 

    Still, i am not able to acess the cluster across the subnet. Running abve command created some issue with server accessing the DC/DNS servers. So, I had to revert it.

    Any suggestions. Thanks!
    lunes, 02 de febrero de 2009 18:05
  • A little something to share... to get the NLB traffic issues resolved in this scenario I entered persistent routes on the two nodes of the array.  This is due to traffic coming in via the NLB has no return route due to having no default gateway set on the NLB NICs.  We tried adding the gateway, but this usually causes a slew of other headaches on the servers.  So we removed the gateway and entered the route configs.

    We did this by doing a ROUTE PRINT in a command prompt to get the interface number of the NLB NIC.  Then run the ROUTE ADD command to add a persistent route for the applicable segments outside of the local network via the same DG value of the non-NLB NIC.  The trade off with this option is the manual entry of the applicable subnets and if you have dozens or hundreds of networks, that could be painful unless you can script the commands.  However, it is just a one time entry :)

    SAMPLE:
    route add 172.16.0.0 mask 255.240.0.0  172.20.1.2 if 11 -p
    route add 192.168.0.0 mask 255.255.0.0  172.20.1.2 if 11 -p
    viernes, 13 de marzo de 2009 1:55

  • another alternative to setting the default gateway on the NLB NIC is to disable the strong host model.


    check the posting by bill grant on this thread
    http://social.technet.microsoft.com/Forums/en-US/winserverPN/thread/1369b2cf-627e-4eab-bbf2-c02f4a0e0650/

    quoted here again

    Quote:

    I figured out with a call to Microsoft Tech support.

    Windows 2008 introduces a "strong host model" that doesn't allow the
    different NICs to talk to each other.  For example, if a request comes in on
    the 2nd NIC and there's no default gateway setup, then the NIC will not use
    the 1st NIC to reply to the requests.  (even though there's a default gateway
    setup on that 1st NIC). 

    In order to change that behaviour and go back to a 2003 model, you go to the
    command prompt and then you type:

    netsh interface ipv4 set interface NLB weakhostreceive=enable
    netsh interface ipv4 set interface NLB weakhostsend=enable

    (where NLB is the name of the network interface... default is Local Area
    Connection)

    As an alternative, you can set a default gateway on the 2nd NIC but that can
    introduce more problems where the system doesn't know which way to send
    traffic.  MS said that I could set the metric to 2 on the 2nd NIC and that
    way it will only be used if the 1st NIC is unavailable.

    http://technet.microsoft.com/en-us/magazine/2007.09.cableguy.aspx

    Unquote:

    lunes, 02 de noviembre de 2009 19:25
  • ok here is a new problem for you all i am running a 2 node nlbc for vpn access. however on node one i am also trying to use it as my default gateway using nat for my internal clients. this was working ok unlill i configured nlb and still forks fine if i stop node 2. here is my setup



    router-
    ip-xxx.xxx.150.1
    static for node 1- xxx.xxx.150.3
    static for node 2- xxx.xxx.150.4

    node1-
    private ip- xx.xx.0.2
    running-
    dns,dhcp,ad,routting and remote access, file and print
    standard config for vpn access pick the public address and select the private for dhcp

    node 2-
    private ip- xx.xx.0.10
    running iis, and vpn
    standard config for vpn access pick the public address and select the private for dhcp

    nlb ip
    xxx.xxx.150.2
    problem is when i config the nlb i can access vpn just fine but my internal computers are unable to access the internet

    what am i doing wrong

    sábado, 13 de febrero de 2010 21:03
  • hi,

    we have two web servers, each one has the same contents and services (IIS and  MS-SQL), now we want to deploy them in HA mode. i read about NLB and I thing its the best way to achieve this purpose, we are planning to setup the following scenario:

    Node1 and node2 are windows 2008 64 standard edition servers

    both nodes have Two NIC's : nlb nic and public nic

    we have made new cluster and we added node1 and node2 to this cluster and we choose the NLB NIC IP to be the dedicated ip and we use unicast and set the filtering to single (because we dont want to use load balance, we want only active/passive) and we added the Virtual IP as second ip on both nlb nic's on node1 and node2 and we enabled the ip forwarding for nlb nic's,

    the Virtual IP is Real IP and it has dns record (it was the ip used to access our web from the public,the Virtual ip refers to  www.xxxx.com)

    When I test the above settings, Unfortunatly , I could ping on the Virtual IP from any subnet but I couldnt access the site through Virtual IP from internet explorer

    is the above configuration is correct? should we have to make any settings on the IIS?

     

    martes, 22 de junio de 2010 5:32
  • Dear Joachim,

    Thank you for the provided information which is availble in MCTS Training Kit 70-643 Configuring Windows Server 2008  Applicatioin Infrustructure.

    People recommened to read in details not a copy paste only.

     

    Do we have to configure 2 ranges of IPs for example:

    For NLB: 10.X.X.X

    For LAN to communicate with Clients 192.168.1.X

    Or both should be from the same range?

    In No 4 and 5 do we have to select the same NIC?

    IN No 5 +6 + 7 which IP shoudl be selected

    Do we have to put the Virtual IP address in for each Phisical NIC?

     

    I wish to read this details from you soon

    jueves, 24 de junio de 2010 8:01
  • When I changed the NLB CLuster nodes to Weakhost model, noticed that NLB Cluster is failing to converge the nodes .  Then I had to rebuild my NLB Cluster by configuring default gateway on both nics including NLB Nic. Any idea what validations to be performed after enabling Weak host model . Not sure if anyone had such experice.

     


    Thanks Sreekanth
    sábado, 30 de octubre de 2010 23:36
  • To solve problem in our scenario we run:

     

    netsh interface ipv4 set interface "NLB" forwarding=enabled

     

     

    martes, 23 de noviembre de 2010 19:12
  • Thanks Mario for a reply. This means , with weak host model we should also enable forwarding for both NIC's right?
    Thanks Sreekanth
    sábado, 27 de noviembre de 2010 11:27
  • Hi boogieshafer,

    your 2 commend make my NLB working fine. Thanks.

    netsh interface ipv4 set interface NLB weakhostreceive=enable
    netsh interface ipv4 set interface NLB weakhostsend=enable

    Regards,

    Sambath

    • Propuesto como respuesta Sambath CHHENG miércoles, 26 de septiembre de 2012 6:33
    miércoles, 26 de septiembre de 2012 6:09
  • Hi,

    I have nlb that its work fine.

    Can i give to my nlb cluster more ip address that he 2 ip address can its possible ? 

    lunes, 25 de febrero de 2013 7:19