Wednesday, April 15, 2009

NLB in VMware

There's a lot of posts in the forums about Microsoft NLB (Network Load Balancing), and it can be quite confusing to figure out what's what. We had problems with it for months before we got it fixed. One of the reasons that it took so long is that there are two ways to go about it and one way is to tweak ESX vSwitch in an ugly way an the other is nice and neat but involves the involvment of the network department - I'll describe the latter solution.

First of let me state: NLB works just fine in VMware. It is not necessary to make any changes on the ESX server or in the vSwitch.

The following steps should be in place:

1. Install and configure NLB on your Windows server like you would in a physical setup.
2. NLB should be configured for multicast
3. A static arp entry needs to be added to the physical layer 3 switch or router that acts as default gateway (note the default gateway from within Windows) for the NLB nodes. If it's a Cisco switch, then the command will be like this (if it's not Cisco, then it may work without adding the arp entry...):

arp <ip of nlb cluster> <mac of nlb cluster> arpa

Adding a static ARP entry to the ARP table means that you're associating a specific IP address with a given multicast mac address. This is not automatically allowed in the Cisco switch/router and therefore such requests are dropped unless manually added.

If the default gateway happen to be a firewall and not a router or layer 3 switch (of the type Cisco PIX or Cisco ASA. Update 2010.10.28: It has been observed that ASA OS version 8.23 requires a static ARP entry. Use command: ”arp <interface> <Multicast IP> <Multicast MAC addr.> alias” Eksempel: arp dmz2 03bf.c0a8.831d alias ) then it is not necessary to add the static entry as these firewalls allow adding multicast addresses to the ARP table. If you're not sure weather default gateway device allows adding multicast addresses to the ARP table (meaning that it allows traffic to a specific IP address to be broadcasted to multiple ports on the switch/router), then log into the device and list the ARP table with the following command:

show ip arp

If the multicast mac address exists in the table, then you don't have to make any changes.

The configuration is done directly in Cisco’s ”privileged” mode. See screendumps below (thanks to Kim Rubeck for lending me the dumps):

A good resource on Vmware's site: Link to KB article

Thanks to Kim Rubeck for input!

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.