Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4735
Views
0
Helpful
7
Replies

Unicast NLB and distributed routing and switching

Go to solution
thomas.wendler
Level 1
Level 1

‎02-04-2011 08:31 AM - edited ‎03-04-2019 11:19 AM

Hi,

I was wondering if the following scenario would work:

2 Microsoft TMG servers (could be any W2K8 R2 based server, e.g. UAG, Exchange etc.) configured for Unicast NLB. The servers are connected to separate L2 switches which are connected to a highly available central L3 switch (see attached drawing).

Unicast NLB works in such a way that it uses a shared virtual IP and a virtual MAC addres which is not used as  Source MAC address when the TMG servers are respondign to requests. Basically it relies onto the fact that the switch does not learn the virtual MAC address and floods all packets destined to the virtual MAC on all ports. The L3 switch would learn the MAC through ARP. The question now is, what the L3 switch would do, if it receives a packet destined for the NLB VIP. It should do an ARP request in order to receive the virtual MAC. How would he decide on which port(s) to forward the packet as he does not know on which port the MAC is found. Can he make a decision based on Layer 3 (IP/VLAN based) therefore he knows that the VLAN for the TMGs is connected on those two uplink ports?


Best regards

Thomas

Labels:
Preview file
40 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Olivier Jessel
Level 1
Level 1
In response to thomas.wendler

‎02-08-2011 08:43 AM

If you configure NLB in Unicast mode, you will get flapping error in Catalyst logs, because the virtual MAC address will be seen once on port#1, then port#2, then port#1 and so on....

I have always configured NLB in multicast mode (multicast is only used with MAC adress in this case, you can't configure a multicast IP address for the VIP... Microsoft made here a mistake...)

Then you can configure in catalyst an ARP entry like:

static arp 0000.0e00.1111 gi0/1 Gi0/2 Po1 ...

(command line is not the exact syntax)

Every traffic destinated to  0000.0e00.1111  will be switched to ports gi0/1 Gi0/2 Po1 and so on...

(With a unicast Mac address, you can ONLY specify ONE port.)

No more flooding, or flapping.

Well that's how I installed TMG, or MS clusters...

HTH

Olivier

CCIE #44658

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Olivier Jessel
Level 1
Level 1

‎02-08-2011 03:54 AM

Hi,

I would recommend you to read this :

http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_example09186a0080a07203.shtml

But basically, the best way is to buy an hardware Load balancer or to statically configure the Virtual Mac Adress on Catalyst. (don't forget the the trunk ports. NLB should run in multicalt mode for this setup).

HTH

Regards,

Olivier

CCIE #44658
0 Helpful

Go to solution
thomas.wendler
Level 1
Level 1
In response to Olivier Jessel

‎02-08-2011 07:33 AM

Hi Olivier,

well, Multicast should work in any case. I want understand if unicast will work too in such a scenario (two access switches connected to the core). So the main thing I want to understand on which criteria the L3 core switch will forward the packets destined to the virtual MAC address for the VIP.

Best regards

Thomas

0 Helpful

Go to solution
Olivier Jessel
Level 1
Level 1
In response to thomas.wendler

‎02-08-2011 07:40 AM

The Core switch will use L3 Unicast IP address (VIP) but get a mulsticast MAC Adress from the ARP request.

If you configure NLB with unicast mode, you can't configure static ARP entries with more than one port on the Cisco switch, and so you can not forward your packets through other ports...

With NLB in Multicast mode, you get a Multicast Cluster MAC adress. Then you can configure a static ARP entry on your Catalyst but you can also specify more than one outgoing interface... That's the key ! ;-)

CCIE #44658
0 Helpful

Go to solution
thomas.wendler
Level 1
Level 1
In response to thomas.wendler

‎02-08-2011 07:51 AM

Hi Olivier,

but do I need to specify a static ARP entry? ARP resolution should work with Unicast NLB because the MAC address is a unicast MAC address.

Best regards

Thomas

0 Helpful

Go to solution
Olivier Jessel
Level 1
Level 1
In response to thomas.wendler

‎02-08-2011 08:43 AM

If you configure NLB in Unicast mode, you will get flapping error in Catalyst logs, because the virtual MAC address will be seen once on port#1, then port#2, then port#1 and so on....

I have always configured NLB in multicast mode (multicast is only used with MAC adress in this case, you can't configure a multicast IP address for the VIP... Microsoft made here a mistake...)

Then you can configure in catalyst an ARP entry like:

static arp 0000.0e00.1111 gi0/1 Gi0/2 Po1 ...

(command line is not the exact syntax)

Every traffic destinated to  0000.0e00.1111  will be switched to ports gi0/1 Gi0/2 Po1 and so on...

(With a unicast Mac address, you can ONLY specify ONE port.)

No more flooding, or flapping.

Well that's how I installed TMG, or MS clusters...

HTH

Olivier

CCIE #44658
0 Helpful

Go to solution
thomas.wendler
Level 1
Level 1
In response to Olivier Jessel

‎02-08-2011 08:47 AM

Hi Olivier,

thanks. That was exactly the explanation I was looking for.

Cheers

Thomas

0 Helpful

Go to solution
Olivier Jessel
Level 1
Level 1
In response to thomas.wendler

‎02-08-2011 09:06 AM

Great, You're welcome ;-)

Have a nice day !!

Cheers,

Olivier

CCIE #44658
0 Helpful
Customers Also Viewed These Support Documents