Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2236
Views
0
Helpful
10
Replies

Microsoft NLB and Cisco 4500 VSS

rick505d3
Level 1
Level 1

‎07-09-2013 02:18 PM - edited ‎03-07-2019 02:19 PM

Hi,

I have a pair of Cisco 4507 switches in VSS mode. An server (10.4.1.166)  using Microsoft NLB MAC address (03bf.0a04.01a6) is connected to VSS Node 1 on port Gi1/6/43. The following is configured on the switch.

arp 10.4.1.166 03bf.0a04.01a6 ARPA

mac address-table static 03bf.0a04.01a6 vlan 31 interface Gi1/6/43

The second command appears differently in running-config but looks good in mac-address-table:

# show running-config | inc mac address

mac address-table static 03bf.0a04.01a6 vlan 31 interface Gi6/43

# show mac address static | inc 01a6

  31      03bf.0a04.01a6   static Gi1/6/43

Now, from a PC I can ping the VIP address 10.4.1.166 when connected to VSS Node 1 or any other switch connecting to VSS Node1. If the PC attachment is to VSS Node 2 directly or indirectly, then the ping times out. Doing the same for all the rest of servers not using Microsoft NLB  but connected to Node 1 only, is successful from anywhere.

Why is the traffic not traversing the the VSL link i.e. PC -> VSS Node 2 -> VSL -> VSS Node1 -> Server.

Thanks,

Rick.

1 person had this problem
Labels:
0 Helpful
10 Replies 10

Reza Sharifi
Hall of Fame
Hall of Fame

‎07-09-2013 02:39 PM

Hi,

From the VSS pair what is the output of "sh switch virtual"

Are the VSL links configured correctly?

Also, can you post "sh run"

HTH

0 Helpful

rick505d3
Level 1
Level 1
In response to Reza Sharifi

‎07-09-2013 03:53 PM

Thanks Reza, Please find the output of the commands below. The VSS switch looks to be good and working for all other services.

#show switch virtual
Executing the command on VSS member switch role = VSS Active, id = 1
Switch mode                  : Virtual Switch
Virtual switch domain number : 1
Local switch number          : 1
Local switch operational role: Virtual Switch Active
Peer switch number           : 2
Peer switch operational role : Virtual Switch Standby
Executing the command on VSS member switch role = VSS Standby, id = 2
Switch mode                  : Virtual Switch
Virtual switch domain number : 1
Local switch number          : 2
Local switch operational role: Virtual Switch Standby
Peer switch number           : 1
Peer switch operational role : Virtual Switch Active
# show switch virtual redundancy
Executing the command on VSS member switch role = VSS Active, id = 1
                  My Switch Id = 1
                Peer Switch Id = 2
        Last switchover reason = none
    Configured Redundancy Mode = Stateful Switchover
     Operating Redundancy Mode = Stateful Switchover
Switch 1 Slot 3 Processor Information :
-----------------------------------------------
        Current Software state = ACTIVE
                 Image Version = Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSALK9-M), Version 15.1(2)SG, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Wed 05-Dec-12 04:38 by prod_rel_team
                          BOOT = bootflash:cat4500e-universalk9.SPA.03.04.00.SG.151-2.SG.bin,1;
        Configuration register = 0x102
                  Fabric State = ACTIVE
           Control Plane State = ACTIVE
Switch 2 Slot 3 Processor Information :
-----------------------------------------------
        Current Software state = STANDBY HOT (switchover target)
                 Image Version = Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSALK9-M), Version 15.1(2)SG, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Wed 05-Dec-12 04:38 by pro
                          BOOT = bootflash:cat4500e-universalk9.SPA.03.04.00.SG.151-2.SG.bin,1;
        Configuration register = 0x102
                  Fabric State = ACTIVE
           Control Plane State = STANDBY
Executing the command on VSS member switch role = VSS Standby, id = 2
show virtual switch redundancy is not supported on the standby
SKR_4507_01#show switch virtual link port-channel
Executing the command on VSS member switch role = VSS Active, id = 1
Flags:  D - down        P - bundled in port-channel
        I - stand-alone s - suspended
        H - Hot-standby (LACP only)
        R - Layer3      S - Layer2
        U - in use      N - not in use, no aggregation
        f - failed to allocate aggregator
        M - not in use, no aggregation due to minimum links not met
        m - not in use, port not aggregated due to minimum links not met
        u - unsuitable for bundling
        d - default port
        w - waiting to be aggregated
Group  Port-channel  Protocol    Ports
------+-------------+-----------+-------------------
15     Po15(SU)         -        Te1/3/1(P)  Te1/4/1(P)
16     Po16(SU)         -        Te2/3/1(P)  Te2/4/1(P)
Executing the command on VSS member switch role = VSS Standby, id = 2
Flags:  D - down        P - bundled in port-channel
        I - stand-alone s - suspended
        H - Hot-standby (LACP only)
        R - Layer3      S - Layer2
        U - in use      N - not in use, no aggregation
        f - failed to allocate aggregator
        M - not in use, no aggregation due to minimum links not met
        m - not in use, port not aggregated due to minimum links not met
        u - unsuitable for bundling
        d - default port
        w - waiting to be aggregated
Group  Port-channel  Protocol    Ports
------+-------------+-----------+-------------------
15     Po15(SU)         -        Te1/3/1(P)  Te1/4/1(P)
16     Po16(SU)         -        Te2/3/1(P)  Te2/4/1(P)
#show run int gi1/6/43
interface GigabitEthernet1/6/43
 switchport access vlan 31
 switchport mode access
 spanning-tree portfast
 spanning-tree guard root

Regards,

Rick.

0 Helpful

Reza Sharifi
Hall of Fame
Hall of Fame

‎07-09-2013 05:12 PM

Rick
VSS seems to be ok

Did you also configured port 2/6/43 from sw2 for vlan 31?

interface GigabitEthernet1/6/43
switchport access vlan 31
switchport mode access
spanning-tree portfast
spanning-tree guard root

Sent from Cisco Technical Support iPhone App

0 Helpful

Rolf Fischer
Level 9
Level 9
In response to Reza Sharifi

‎07-10-2013 02:48 AM

Hi Rick,

 

unfortunately I'm not familiar with VSS so far but I've some (mostly bad) experience with MS NLB and I'm always interested in this topic.

The MAC-Address has an IANA assigned OUI, so your're using NLB in Multicast mode with the IGMP option.

I think the problem could be related to IGMP snooping, but as stated above I don't know the interal logic of VSS.

Anyway, the static port-mapping  for the multicast MAC-Address is just one possible solution, there are some alternatives described in this document: http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a008059a9df.shtml

Maybe it's possible to try another approach, e.g. disabling IGMP snooping?

Correction: I don't know where I believed to have seen an IANA-assigned OUI (01:00:5E) when I wrote this - actually it's a locally administered Multicast MAC, which is used by NLB in Multicast mode without the IGMP option. IGMP snooping does not affect locally administered addresses.

Sorry for the confusion.

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to Rolf Fischer

‎07-10-2013 02:48 AM 

unfortunately I'm not familiar with VSS so far but I've some (mostly bad) experience with MS NLB and I'm always interested in this topic.

Hi Rolf,

Have you seen this document:  Microsoft Unified Communications Load Balancer Deployment

Basically, this document is the "best practice" in using MS NLB solution:  DON'T.

0 Helpful

Rolf Fischer
Level 9
Level 9
In response to Leo Laohoo

‎07-10-2013 03:45 AM

Hi Leo,

I read a bunch of documents about NLB but didn't know this one. Thanks!

 Basically, this document is the "best practice" in using MS NLB solution:  DON'T.

I fully agree; unfortunately they forced us to interconnect this junk because there was no budget for a real load balancer.

That why my personal translation for the "LB"-part is "low budget" ;-)

Best regards

Rolf

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to Rolf Fischer

‎07-10-2013 03:49 AM

Hi Rolf,

Now you got one that's "officially" released by MS. 

0 Helpful

art-barrera
Level 1
Level 1

‎04-12-2014 10:21 PM

Hi Rick,

I know this post is dated but I ran into this exact same issue yesterday and I've hit a wall with troubleshooting.  Did you ever get this resolved?

Thx in advance

//art

 

0 Helpful

art-barrera
Level 1
Level 1
In response to art-barrera

‎04-14-2014 08:37 PM

Found that I was hitting bug CSCuf69779  

Upgraded and problem went away.

Thx //art

0 Helpful

Fellmerex3
Level 1
Level 1

‎07-17-2017 12:05 AM

Good afternoon !
I ran into the same problem as you. I have a VSS with two 4500x, 2 stacks of Cisco 2960x (2 nodes, LACP) are connected to it.
After setting up the VSS, he noticed that the user's mailbox did not open the mail, on a closer look saw that some users had access to the NLB address and some did not.
I connected the switch to the standby 4500x and saw that the no pings to the NLB address.

Did you manage to solve this problem?

Version 03.09.02.E RELEASE SOFTWARE (fc4)

ROM: 15.0(1r)SG11

on standby

Version 03.09.02.E RELEASE SOFTWARE (fc4)

ROM: 15.0(1r)SG12

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card