Solved

exchange 2010 cas nlb nic and dynamic mac spoofing

Posted on 2012-04-10
2
838 Views
Last Modified: 2012-06-21
Hi Experts,

I am preparing my exchange network environment and one of the requirement for the NICs we use for the NLB network mush support dynamic MAC spoofing, i am wondering what a dynamic MAC spoofing is and how do i know if my server's NICs support this?  The NLB we use is MS NLB and the OS is windows 2008 R2

The NICs on the server are:-
Broadcom NetXtreme II Gigabit Ethernet (2 ports, on board)
Intel Gigabit ET Quad Port Server Adapter

thanks.
0
Comment
Question by:nokyplease
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 58

Accepted Solution

by:
tigermatt earned 500 total points
ID: 37827259
MAC spoofing is just the modification of the actual MAC address embedded in the NIC so that it claims to be a different MAC address when presented to the network. This is crucial to the operation of NLB. In Unicast mode, the MAC address of the NIC is essentially replaced with a "virtual" MAC - the same virtual MAC is used for the NIC of every NLB node in the cluster. In multicast mode, a NIC needs is given two MAC addresses and must be able to purport to be both MAC addresses on the network.

The vast majority of NICs, especially in server-grade hardware, support MAC address spoofing. I would be surprised if you found one which did not; it is a fairly basic feature these days. Those NICs are from top manufacturers (Intel & Broadcom) so you will have no issues.

Note that if your NLB cluster is inside a Hyper-V virtual machine and you intend to use NLB in unicast mode, you need to explicitly enable MAC spoofing in the properties of the Virtual Machine. Hyper-V does not automatically present this functionality to a VM for security reasons. The same may be true for other hypervisors.

-Matt
0
 

Author Comment

by:nokyplease
ID: 37829224
I have been told that there was an issue with the Intel Gigabit ET Quad Port Server Adapter when our colleague tried to enable dynamic mac spoofing on one of the NIC in this card and this is the reason i asked this question.

we will run the NLB in unicast mode and thus we need this feature.

I checked the manual of the Broadcom card and I cannot find any word about dynamic mac spoofing.

However, I found the 'Locally Administered Address' in the device manage's broadcom card advanced properties, is that this is the one i need?

From the manual:
Locally Administered Address. The Locally Administered Address is a user-defined MAC address that is used in place of the MAC address originally assigned to the network adapter.

As I found similar setting in Intel NICs (Locally Administered Address) and because of the previous report that there was a problem with the Intel Gigabit ET Quad Port Server Adapter, I am not sure if the Locally Administered Address is what I need.  


thanks!
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question