Microsoft NLB

Status
Not open for further replies.
G

Gandalf 2010

Hi,

I am looking at using Microsoft NLB to load balance 2 Exchange 2010 Client Access servers.

The servers are physical and the network is cisco based.

Should we use Multicast or Unicast?
Is there a Microsoft best practice?
Please try to explain advantages and disadvantages using the one or other.

Thanks,

/Daniel
 
B

Busbar [MVP]

you can use multicast , but keep in mind that the MAC given by multicast NLB to CAS server is multicast MAC so it is not routable, so if you have VLANs or clients accessing from the interanet directly without firewall NATing then they won't be able to access it.

I prefer using Unicast which is Microsoft recommended approach.

Regards, Mahmoud Magdy Watch Arabic Level 300 Videos about Exchange 2010 here: http://vimeo.com/user3271816 Read pretty advanced Exchange stuff I post here: http://www.enowconsulting.com/ese/blog.asp, follow my blog: http://autodiscover.wordpress.com , corp blog: http://ingazat.wordpress.com, Follow me on twitter http://www.twitter.com/_busbar and if you Liked my post please mark it as helpful and accept it as an answer
 
B

Brian Desmond -MVP-

you can use multicast , but keep in mind that the MAC given by multicast NLB to CAS server is multicast MAC so it is not routable, so if you have VLANs or clients accessing from the interanet directly without firewall NATing then they won't be able to access it.

I prefer using Unicast which is Microsoft recommended approach.
Regards, Mahmoud Magdy Watch Arabic Level 300 Videos about Exchange 2010 here: http://vimeo.com/user3271816 Read pretty advanced Exchange stuff I post here: http://www.enowconsulting.com/ese/blog.asp, follow my blog: http://autodiscover.wordpress.com , corp blog: http://ingazat.wordpress.com, Follow me on twitter http://www.twitter.com/_busbar and if you Liked my post please mark it as helpful and accept it as an answer
Hi-

No MAC address is routable. MAC addresses are a layer 2 function. IP Routing is a layer 3 function - they're completely seperate. It's entirely irrelevant where clients are accessing the NLB VIP from.

Using Unicast mode actually tends to make a mess most of the time as it causes every packet to the VIP and/or cluster nodes to be blasted out every switch port on the VLAN. I'm not sure why you'd want this or where you've found docs that say it's best practice.

My Book - Active Directory, 4th Edition
My Blog - www.briandesmond.com
 
J

Justin.King

Brian,

I beleive what he is refering to is the the fact that Cisco switches refuse to learn the ARP of a multicast port, which while not quite routing at the layer 3 _does_ cause a similar issue meaning you usally have to get your network team involved in creating some static ARP and sometimes static CAM entries. In some cases I've seen people buy cheap hubs and put them in-path to get around the problem.

So yeah the litteral explination may be off but he's not completely off base.

Also, it _is_ best practice to run in Unicast mode when your machines are virtualized, at least in Vmware's world due to the RARP logic on the vswitches:

http://www.vmware.com/resources/techresources/1072
 
B

Brian Desmond -MVP-

I beleive what he is refering to is the the fact that Cisco switches refuse to learn the ARP of a multicast port, which while not quite routing at the layer 3 _does_ cause a similar issue meaning you usally have to get your network team involved in creating some static ARP and sometimes static CAM entries. In some cases I've seen people buy cheap hubs and put them in-path to get around the problem.

So yeah the litteral explination may be off but he's not completely off base.
Agreed there's an issue with Cisco and some other vendors that's well documented, but, it's an easy fix assuming the right people are cooperative.My Book - Active Directory, 4th Edition
My Blog - www.briandesmond.com
 
S

Steve Goodman

Actually as of last week, isn't using NLB no longer recommended at all? Check out this from UNC311 :

Yeah, I have used Multicast in the past and found it works well. VMware also recommend multicast for Windows NLB, however even with Unicast you can limit the issues by using a dedicated VLAN for the NLB cluster.

Steve

Steve Goodman
Check out my Blog for more Exchange info or find me on Twitter
 
B

Brian Desmond -MVP-

Yup all those are key issues with it, but, it's still officially supported. If none of the problems highlighted are going to cause you an issue and you don't have a more intelligent device then go for it. It's not my default with any customer but it does the job.

My Book - Active Directory, 4th Edition
My Blog - www.briandesmond.com
 
B

Busbar [MVP]

some more insights.

http://blogs.kraftkennedy.com/index.php/2009/11/25/configuring-nlb-for-exchange-2010-cas-load-balancing/

the MAC is not routable what is routable is the IP, Cisco and any other vendor doesn't respond to Multicast MACs, i have blogged about it awhile ago:

http://autodiscover.wordpress.com/2010/05/12/how-to-configure-the-wnlb-multicast-ip-to-be-routable/

more information

http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_example09186a0080a07203.shtml

from The above link:

However, since the incoming packets have a unicast destination IP address and multicast destination MAC the Cisco device ignores this entry and process-switches each cluster-bound packets. In order to avoid this process switching, insert a static mac-address-table entry as given below in order to switch cluster-bound packets in hardware.

Regards, Mahmoud Magdy Watch Arabic Level 300 Videos about Exchange 2010 here: http://vimeo.com/user3271816 Read pretty advanced Exchange stuff I post here: http://www.enowconsulting.com/ese/blog.asp, follow my blog: http://autodiscover.wordpress.com , corp blog: http://ingazat.wordpress.com, Follow me on twitter http://www.twitter.com/_busbar and if you Liked my post please mark it as helpful and accept it as an answer
 
D

Dman2k1

Hi, quick question then regarding those slides....

This may explain part of the problem I'm seeing. Because we run an WNLB for our CASHT servers (no edge transpo yet) the servers are going outbound via the NAT pool of our org instead of the network load balanced IP that we have provided for them. (is there a way to do that?)

Is this essentially resolved by having an Edge Transport Server?

This seems to create problems for SPF and reverse lookups because the NAT pool is not assigned as an MX of course.

Thanks for your help.

-Darryl
 
B

Busbar [MVP]

This may explain part of the problem I'm seeing. Because we run an WNLB for our CASHT servers (no edge transpo yet) the servers are going outbound via the NAT pool of our org instead of the network load balanced IP that we have provided for them. (is there a way to do that?)

this is done by the firewall by assigning the same public IP assigned from the VIP, so you will do NAT for a pool not for a source of IP, since WNLB doesn't do outbound NAT.
Regards, Mahmoud Magdy Watch Arabic Level 300 Videos about Exchange 2010 here: http://vimeo.com/user3271816 Read pretty advanced Exchange stuff I post here: http://www.enowconsulting.com/ese/blog.asp, follow my blog: http://autodiscover.wordpress.com , corp blog: http://ingazat.wordpress.com, Follow me on twitter http://www.twitter.com/_busbar and if you Liked my post please mark it as helpful and accept it as an answer
 
B

Brian Desmond -MVP-

Hi, quick question then regarding those slides....

This may explain part of the problem I'm seeing. Because we run an WNLB for our CASHT servers (no edge transpo yet) the servers are going outbound via the NAT pool of our org instead of the network load balanced IP that we have provided for them. (is there a way to do that?)

Is this essentially resolved by having an Edge Transport Server?

This seems to create problems for SPF and reverse lookups because the NAT pool is not assigned as an MX of course.

Thanks for your help.

-Darryl
The NAT issue mentioned is specific to source NAT. NLB provides affinity via source IP. If you have a whole pile of clients which all appear to be coming from one IP, NLB can't distribute the load evenly - it all goes to one node.

My Book - Active Directory, 4th Edition
My Blog - www.briandesmond.com
 
Status
Not open for further replies.
Thread starter Similar threads Forum Replies Date
M Microsoft 365 Outlook keeps requesting password on Local Account Using Outlook 1
A calendar invites sent from Microsoft Outlook to Mac Outlook is not working Calendar Printing Assistant 3
N .pst archive from work will not open/import on Microsoft 365 Exchange Server Administration 0
A Microsoft Personal vs Work Accounts in Outlook Using Outlook.com accounts in Outlook 7
DariTrevino MIcrosoft Outlook PST file cannot repair Using Outlook 1
S Adding new Exchange (2016) rule very slow down Microsoft Outlook Exchange Server Administration 0
P Microsoft Outlook is requesting data from the server Using Outlook 2
Commodore Microsoft Exchange Add-in Using Outlook 2
C Copy Task to Non-Microsoft PIM "Rainlendar" Using Outlook 0
J Unable to link email messages in BCM using a single microsoft office 365 account in outlook 2013 BCM (Business Contact Manager) 1
Diane Poremsky Cannot start Microsoft Office Outlook Error Message New Slipstick.com Articles 0
J Microsoft Exchange Emails - Shared Accounts Exchange Server Administration 3
R Microsoft Outlook can't translate this document. Using Outlook 1
tswatek Microsoft Outlook has stopped working Using Outlook 13
I Microsoft Security Update KB3097877 Using Outlook 14
R Microsoft Outlook 2010 - Non Cached Mode Using Outlook 0
padubajacket Microsoft Outlook has stopped working Using Outlook 2
E Microsoft Office Outlook 2007 Send Error Using Outlook 11
TotallyConfused Godaddy Microsoft exchange 2007 stopped updating Exchange Server Administration 1
S Outlook 2013 not fixed correctly by Microsoft!! Using Outlook 3
THOMAS BRAXTON Microsoft Office 2010 problems Using Outlook 1
Angger Microsoft Outlook 2010 Automatically Restarting Using Outlook 2
S Microsoft office Cannot complete operation error Outlook VBA and Custom Forms 1
Glyn Outlook Microsoft on a Sony Android Using Outlook 4
R The action cannot be completed. The connection to Microsoft Exchange is unavailable. outlook must be Using Outlook 1
K Outlook keeps prompting for Microsoft username and password for share calendar Using Outlook 0
M connection to the microsoft exchange server has been lost. outlook 2007 Exchange Server Administration 0
D Microsoft Outlook Not Responding Using Outlook 0
G Microsoft Outlook 2010 Add-On Using Outlook 2
J Microsoft Outlook 2007 Font Size Too Small Using Outlook 1
G Cannot start Microsoft Outlook Using Outlook 1
P BCM 2013, Microsoft SQL Server 2008 R2 (SP2), attachment issue n database size BCM (Business Contact Manager) 2
J archiving deleted e-mails on Microsoft Exchange Exchange Server Administration 7
M I cannot start Microsoft Outlook 2013 directly opening a .eml message Using Outlook 1
A "Microsoft Exchange Add-In" (UmOutlookAddin.dll) + Outlook Security Form ... Using Outlook 4
D Zoom in Microsoft Outlook Views? (Not Messages) Using Outlook 2
W Microsoft Mail & 2010 Outlook Using Outlook 1
M Microsoft Outlook Hotmail Connector Error: The text exceeds the limit of 1024 Using Outlook.com accounts in Outlook 1
M Anyone with this Microsoft Outlook issue can help? Using Outlook 1
A Outlook for smartphone with non-microsoft email address Using Outlook 1
B Microsoft office outlook 2007 showing configuring outlook accounts for hours Using Outlook 6
R microsoft outlook 2007 error Using Outlook 1
J Error: 0X8004010F - Microsoft Exchange offline address book Exchange Server Administration 9
D How to escalate issue with Microsoft? Using Outlook 2
H Microsoft outlook security notice Using Outlook 2
H Converting an old Microsoft Outlook PST to a new Unicode PST Using Outlook 0
I Send Secure Email Through Microsoft Outlook 2007 and 2010 (32 bit) Using Outlook 0
I Send Secure Email Through Microsoft Outlook 2007 and 2010 (32 bit) Using Outlook 0
D Outlook 2010 won't launch after installin Microsoft office 2010 service pack 1 Using Outlook 1
Z All of a sudden Microsoft outlook 2007 lost its profile Using Outlook 18
Similar threads


















































Top