locked
UAG and Multisite NLB RRS feed

  • General discussion

  • has anyone tried the following as i am trying to set it up.

    Two separate physical sites

    Two VMs with UAG configured with Applications and in an Array

    VIP configured

    The front end access would be covered by a DNS round robin and the address always NAT's through to the same internal DMZ address that is VIP for the NLB.

    With only 1 external IP configured and the corresponding site's VM running in the NLB it doesn't work - traffic is getting through and sometime you get the home page and the log in page but there are time outs which stop it working.

    The TMG log shows that there is traffic out of sequence which it doesn't like.

     

    any one have any idea if this is actually possible?

     

    cheers

    chris

     

     

    Wednesday, September 7, 2011 11:15 AM

All replies

  • Hi

     

    With NLB, your VIP address must belong to the same subnet as DIP addresses. If you have multiple sites and Internet Access, you might not be able to acheive this requirement. Hardwoard load balancing may be the only solution.

     

     


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx
    Wednesday, September 7, 2011 11:46 AM
  • Have you considered using a stretched VLAN (trunk) across both physcial sites to satify the single subnet requirement of NLB?
    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Thursday, September 8, 2011 12:24 AM
  • switching from multicast to unicast sorted this out.

    I think the VLAN is stretched. The source is NAT'd so that the return path is set.

     


    it's hard to convey five-dimensional ideas in a language evolved to scream defiance at the monkey in the next tree
    Thursday, September 8, 2011 10:55 AM
  • When in multicast mode, had you defined appropriate static ARP entries for your VIPs?


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Thursday, September 8, 2011 11:09 AM
  • yes the static arps were in place on the core switches
    Friday, September 9, 2011 2:35 PM
  • Ok, I have a couple of customers with stretched VLANs with TMG/UAG running NLB multicast, so it should work...
    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Friday, September 9, 2011 3:21 PM