locked
TMG with NLB drops packets intermittently (ICMP Drops intermittent while testing) RRS feed

  • Question

  • Hi,

    We have TMG with NLB on 2 nodes for connecting our DC network and branch offices/departments connected via network cloud or point-to-point links. Refer below network topo.

    With TMG and NLB integrated on unicast mode, it is mis-behaving by dropping the packets intermittently passing thru them.

    NLB is configured thru tmg console with no advanced config. Simply configured by enabling LB on network (Internal and Branch) and giving a VIP to it.

    NLB is enabled in both internal and branch networks.

    Branch network is a newly created network comprising of all our branch network IDs.

    Test was conducted by pinging from the mgmt station to Layer-3 Switch (Src-172.16.10.11, Dst-192.168.1.1). Ping was intermittently getting dropped with request timed out messages. If i bring down any 1 node, there is no drop/mis-behaving. Hence I suppose that I need to do something with my config (precisely NLB).

    Help me to analyse and troubleshoot the issue.

    Thanks - DJ

    Monday, September 16, 2013 7:56 AM

Answers

  • Hi,

    Is there any error information? Please try to find some error information or error code through the steps below:

    1. Since Unicast mode may result in “Broadcast Storm”, please check if your switch or hub is experiencing storm. (Check CPU, port traffic, etc.)
    2. To check if the traffic is blocked by Forefront TMG:
      1. In the Forefront TMG Management console, in the tree, click the Troubleshooting  node
      2. Click the Traffic Simulator tab
      3. Run the Web access and Non-Web access simulation scenarios. If required update the policy rule
      4. Check the logs
    3. When the issue occurs, please collect TMG live log or you can refer to the link to collect the continue log:

    http://technet.microsoft.com/en-us/library/bb794937.aspx

    Please feel free to contact me, if you need further help.

    Best Regards

    Quan  Gu

    Tuesday, September 17, 2013 3:28 AM
    Moderator

All replies

  • Hi,

    We have TMG with NLB on 2 nodes for connecting our DC network and branch offices/departments connected via network cloud or point-to-point links. Refer below network topo.

    With TMG and NLB integrated on unicast mode, it is mis-behaving by dropping the packets intermittently passing thru them.

    NLB is configured thru tmg console with no advanced config. Simply configured by enabling LB on network (Internal and Branch) and giving a VIP to it.

    NLB is enabled in both internal and branch networks.

    Branch network is a newly created network comprising of all our branch network IDs.

    Test was conducted by pinging from the mgmt station to Layer-3 Switch (Src-172.16.10.11, Dst-192.168.1.1). Ping was intermittently getting dropped with request timed out messages. If i bring down any 1 node, there is no drop/mis-behaving. Hence I suppose that I need to do something with my config (precisely NLB).

    Help me to analyse and troubleshoot the issue.

    Thanks - DJ

    Sorry could'nt upload the topology diagram due to some verification on my account with MS.

    Monday, September 16, 2013 8:00 AM
  • Hi,

    Is there any error information? Please try to find some error information or error code through the steps below:

    1. Since Unicast mode may result in “Broadcast Storm”, please check if your switch or hub is experiencing storm. (Check CPU, port traffic, etc.)
    2. To check if the traffic is blocked by Forefront TMG:
      1. In the Forefront TMG Management console, in the tree, click the Troubleshooting  node
      2. Click the Traffic Simulator tab
      3. Run the Web access and Non-Web access simulation scenarios. If required update the policy rule
      4. Check the logs
    3. When the issue occurs, please collect TMG live log or you can refer to the link to collect the continue log:

    http://technet.microsoft.com/en-us/library/bb794937.aspx

    Please feel free to contact me, if you need further help.

    Best Regards

    Quan  Gu

    Tuesday, September 17, 2013 3:28 AM
    Moderator
  • Hi,

    How about the problem you encountered before?

    If need further help, please feel free to contact me.

    Best regards

    Quan Gu

    Tuesday, September 24, 2013 8:33 AM
    Moderator