Solved

Traffic in Microsoft Network Load Balance

Posted on 2010-11-29
8
607 Views
Last Modified: 2012-05-10
Hello.

I just implemented a NLB for Terminal Services in 3 Windows 2003 Standard Servers. Connection distribution looks working fine, but if I have one active connection and I take a look at the network card's traffic in any other computer in the network, I can see the traffic from the client to the NLB cluster. So, looks like my network switch is doing a broadcast for traffic destinated do the cluster's IP address.

The NLB is configured with only one network card in each server and running in multicast mode.

Why is this happening and how can I resolve this?

Regards.
0
Comment
Question by:Abilis
  • 4
  • 4
8 Comments
 
LVL 57

Expert Comment

by:giltjr
ID: 34277588
What type of switches do you have?  Does it support IGMP snooping?

What is the MAC address for the traffic going to the cluster?

You do realize that multicast is a "special" type of broadcast.
0
 
LVL 2

Author Comment

by:Abilis
ID: 34336711
It is a 3Com Baseline 2848-SFP Plus. I'm not sure if it supports IGMP snooping, but for what I saw on the web, it does.
The MAC address I see in the dumps is the same as the one configured in the cluster.
The one in the cluster properties is 03:bf:c0:a8:00:18. In the dump is the same. Take a look the attached image.

Yeah, I know it works different from a normal unicast packet, but I'm not very familiar with multicast. I wonder if this is a normal condition.

Thanks
dump.jpg
0
 
LVL 57

Accepted Solution

by:
giltjr earned 250 total points
ID: 34336959
0
 
LVL 2

Author Comment

by:Abilis
ID: 34346645
So, if I understand right, with the IGMP snooping my problems would be solved.
If my switch doesn't have it and if it doesn't allow to add static arp entries, I'm lost.

Is that correct?
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 57

Expert Comment

by:giltjr
ID: 34346721
0
 
LVL 2

Author Comment

by:Abilis
ID: 34346767
My switch is the 2848, not the 2948.
http://www.3com.com/products/en_US/detail.jsp?tab=features&sku=3C16486&pathtype=purchase

So I guess I'll have to change to another switch?
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 250 total points
ID: 34346840
Well that is one option.

Do you happen to have a router or another L3 switch in the network?

If so, you could create a VLAN for the Windows server and isolate it at the VLAN level.

The only issue with doing this is that you need to have router to route between the two IP subnets.
0
 
LVL 2

Author Comment

by:Abilis
ID: 34374632
I don't have layer 3 switch yet. I'm going to monitor de traffic and see if it is a problem for now.
Maybe I'll use our internal router and use the VLAN schema. Probably it is better then having this "broadcast" all the time for every terminal connection.

Thanks for your help.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now