?
Solved

Traffic in Microsoft Network Load Balance

Posted on 2010-11-29
8
Medium Priority
?
620 Views
Last Modified: 2012-05-10
Hello.

I just implemented a NLB for Terminal Services in 3 Windows 2003 Standard Servers. Connection distribution looks working fine, but if I have one active connection and I take a look at the network card's traffic in any other computer in the network, I can see the traffic from the client to the NLB cluster. So, looks like my network switch is doing a broadcast for traffic destinated do the cluster's IP address.

The NLB is configured with only one network card in each server and running in multicast mode.

Why is this happening and how can I resolve this?

Regards.
0
Comment
Question by:Abilis
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 57

Expert Comment

by:giltjr
ID: 34277588
What type of switches do you have?  Does it support IGMP snooping?

What is the MAC address for the traffic going to the cluster?

You do realize that multicast is a "special" type of broadcast.
0
 
LVL 2

Author Comment

by:Abilis
ID: 34336711
It is a 3Com Baseline 2848-SFP Plus. I'm not sure if it supports IGMP snooping, but for what I saw on the web, it does.
The MAC address I see in the dumps is the same as the one configured in the cluster.
The one in the cluster properties is 03:bf:c0:a8:00:18. In the dump is the same. Take a look the attached image.

Yeah, I know it works different from a normal unicast packet, but I'm not very familiar with multicast. I wonder if this is a normal condition.

Thanks
dump.jpg
0
 
LVL 57

Accepted Solution

by:
giltjr earned 1000 total points
ID: 34336959
0
Don't Cry: How Liquid Web is Ensuring Security

WannaCry is just the start. Read how Liquid Web is protecting itself and its customers against new threats.

 
LVL 2

Author Comment

by:Abilis
ID: 34346645
So, if I understand right, with the IGMP snooping my problems would be solved.
If my switch doesn't have it and if it doesn't allow to add static arp entries, I'm lost.

Is that correct?
0
 
LVL 57

Expert Comment

by:giltjr
ID: 34346721
0
 
LVL 2

Author Comment

by:Abilis
ID: 34346767
My switch is the 2848, not the 2948.
http://www.3com.com/products/en_US/detail.jsp?tab=features&sku=3C16486&pathtype=purchase

So I guess I'll have to change to another switch?
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 1000 total points
ID: 34346840
Well that is one option.

Do you happen to have a router or another L3 switch in the network?

If so, you could create a VLAN for the Windows server and isolate it at the VLAN level.

The only issue with doing this is that you need to have router to route between the two IP subnets.
0
 
LVL 2

Author Comment

by:Abilis
ID: 34374632
I don't have layer 3 switch yet. I'm going to monitor de traffic and see if it is a problem for now.
Maybe I'll use our internal router and use the VLAN schema. Probably it is better then having this "broadcast" all the time for every terminal connection.

Thanks for your help.
0

Featured Post

Learn how to optimize MySQL for your business need

With the increasing importance of apps & networks in both business & personal interconnections, perfor. has become one of the key metrics of successful communication. This ebook is a hands-on business-case-driven guide to understanding MySQL query parameter tuning & database perf

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question