Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
96503
Views
13
Helpful
15
Replies

Microsoft NLB multicast not working well with Nexus 5k and 7k..NEED HELP!!!!

Go to solution
dannyngo99
Level 1
Level 1

‎08-19-2011 06:02 AM

Question: Hi all,
We need your expertise to help us clarify the NLB configuration on our 5k or 7k switches. We are in the process of migration our email exchange servers from 2003 to 2010. We are implementing Microsoft NLB (network load balancing) on our CAS servers (Client Access servers). These two server are VM guest machines .Their physical VMware hosts are directly connected to 2k switches on port eth101/1/33-36.
Our exchange consultant insisted us to add the following command into either 5k or 7k to allow NLB multicast traffic passing through to all end users hosts.

here is the command requested by our consultant.

Arp 10.156.2.132 03bf.0a9c.0284 ARPA
Mac-address-table static 03bf.0a9c.0284 Vlan 10 interface Ethernet101/1/33-36

I tried to add the above commands into either 5k and 7k . it bounced back with "unrecognized command error".

Note: Many users out there are experiencing the same issue we are having now.

Below are some links regarding configuring NLB on Cisco switch with Microsoft and VMware:

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1006525
https://supportforums.cisco.com/thread/2091841?decorator=print&displayFullThread=true
http://arstechnica.com/civis/viewtopic.php?f=10&t=1150623
http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/unicast/configuration/guide/l3_ip.html#wp1196870
https://communities.cisco.com/thread/16234
http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_example09186a0080a07203.shtml


Question#1
Am I missing anything here that is stopping me from entering these commands?

Question#2:
Since my computer is connected via a static ip address and via Vlan1 port. I am able to ping NBL cluster host Ip address 10.156.2.132 but nobody else who are on other  VLANs (subnets) 101,102,103,104,105 and vlan 50 (wireless subnet).

I am about to add the following command to 5k switch, but want to know if these commands might make it work.

switchport trunk allowed vlan 1,3,5,10-11,15,50,52

interface Ethernet101/1/33
  description Link to ESX # 1
  switchport mode trunk
switchport trunk allowed vlan 1,3,5,10-11,15,50,52

interface Ethernet101/1/34
  description Link to ESX # 1
  switchport mode trunk
switchport trunk allowed vlan 1,3,5,10-11,15,50,52

interface Ethernet101/1/35
  description Link to ESX # 2
  switchport mode trunk
switchport trunk allowed vlan 1,3,5,10-11,15,50,52

interface Ethernet101/1/36
  description Link to ESX # 2
  switchport mode trunk
switchport trunk allowed vlan 1,3,5,10-11,15,50,52

Any help are greatly appreciated.!!!
Thanks,
Danny.
2 people had this problem
Labels:
15 Replies 15

Go to solution
Lawrence Searcy
Cisco Employee
Cisco Employee
In response to dan.y

‎04-05-2012 05:36 PM

We have to separate what the switch has to do for packets to reach 10.0.36.28 and what the switch has to do for packets from incoming ports.

For packets coming into the switch, a mac address will flap if the switch sees this source mac address coming in on 2 different ports. Typically a server with 2 NICs plugged into the same switch will be misconfigured to send packets using the same source mac address on both NICs. This will cause the switch to update its mac address table with each new packet on each port coming from the server.

The configuration we discussed does nothing for mac flapping on 2 different ports. MLB does not use this to transmit packets only to receive them.

For packets trying to reach the destination IP address 10.0.36.28, the switch first needs an ARP entry. This bridges Layer 3 (IP header) to Layer 2 (ethernet header) and allows a hardware forwarding entry to be created. That's what the static ARP entry is for since it will not learn a multicast mac address with a unicast ip address dynamically. Without this ARP entry, the switch would not forward a packet with a destination IP address 10.0.36.28 from another subnet and the switch would not be able to reach it itself.

For the most part, what we are trying to do is limit the nasty habit of flooding multicast packets out all ports.The IGMP snooping command limits it to an interface (or 2 if configured that way) and the configured multicast ip address is installed into the table as a multicast mac address. We want to look up this entry using the mac address and not the multicast ip address because the actual packet has an IP address 10.0.36.28 which is not a multicast IP address. But it does have a multicast mac address. So we tell the switch to use the mac address instead of the ip address in the packet for lookup and forwarding.

So now let me take a shot at your questions.

1. If we don't change the mutlicast lookup mode to mac, and don't config ip igmp snooping static-group, the packet with destination mac: 0100.5e7f.241c still flapping to other ports with the same vlan on N7K, right?

Flapping is caused by incoming packets to the switch. MLB uses this vitual ip address/multicast mac address to receive packets only. Flapping is a different issue. If you don't configure the lookup mode to mac, it uses the ip address. And since there is no multicast ip address as a destination IP, it skips this part. The multicast mac address will cause the packet to flood out all ports.

2. If we don't change the mutlicast lookup mode to mac, and config ip igmp snooping static-group, the packet with destination mac: 0100.5e7f.241c still flapping to other ports with the same vlan on N7K, right?

It does you no good since the destination IP address is not multicast. It skips over the IGMP part and floods out all ports as above.

3. We have to change the mutlicast lookup mode to mac, and config ip igmp snooping static-group, the packet with destination mac: 0100.5e7f.241c won't be flapping to other ports with the same vlan on N7K, right?

The IGMP snooping statement limits the flooding to specific ports. The multicast lookup mode allows it to use the destination mac address for the lookup.

Flapping is caused by incoming packets.

Remember, it is other hosts trying to reach this ip address from other subnets and the fact that at layer 2 multicast mac addresses flood by default. We are trying to prevent flooding out all switch ports when the unicast IP address is using a multicast mac address.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents