We help IT Professionals succeed at work.

Windows 2008 R2 MultiCast NLB Configurations

ITdesk
ITdesk used Ask the Experts™
on
Hello,

I have a problem accessing the NLB VIP from outside my network.

The configuration is as follows:

2 Windows 2008 R2 Virtual VMWARE Servers configured with windows NLB between them.
Each has 2 NIC's:

VM1:
LAN NIC IP: 172.20.1.231
LAN NIC SUBNET: 255.255.0.0
LAN NIC GATEWAY: 172.20.1.1 (Checkpoint FW)

NLB NIC IP: 172.20.1.241 & 172.20.1.230
NLB NIC SUBNET 255.255.0.0
NLB NIC GATEWAY: None

VM2:
LAN NIC IP: 172.20.1.232
LAN NIC SUBNET: 255.255.0.0
LAN NIC GATEWAY: 172.20.1.1 (Checkpoint FW)

NLB NIC IP: 172.20.1.242 & 172.20.1.230
NLB NIC SUBNET 255.255.0.0
NLB NIC GATEWAY: None


The NLB is configured as multicast.
I can access the NLB from within my lan but not from outside.

I understand after reading thousands of articles that i need to enter some STATIC ARP record directing some ip to some mac in some device.

My question is WHERE exactly i need to input this ARP record?
In the Firewall?
In the NLB Nodes?

And what exactly do i need to write in the arp record?
The FW IP and FW MAC?
The FW IP and NLB MAC?
The Node IP and NLB MAC?
The Node IP and FW MAC?
Something else?


are there any other configurations needed in order for this to work?

Thanks ahead,
Shahar
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Andrew Hancock (VMware vExpert / EE Fellow)VMware and Virtualization Consultant
Fellow 2018
Expert of the Year 2017

Commented:
you need to configure your switches with static arp entries for the multicast mac address and IP address ON all switches in your network infrastructure.

this is how we have been configuring for many years on our Cisco switches, and the many clients we visit to fix and configure their NLB on physical and virtual installations

Use the IP Address and MAC Address of the Cluster IP Address (not the nodes), and the Multicast MAC addresses the IP address relates to

e.g.

arp 192.168.1.11 03bf.c0a8.0170 ARPA
arp 172.16.241.10 03bf.ac10.f110 ARPA

we also configure the virtual switch, eg the vSwitch to handle Forged Mac Adresses, Transmits
kevinhsiehNetwork Engineer

Commented:
You look like you have everything in place for unicast, in which case you should only need to set the NLB for unicast. If VMware requires you to make special configurations for multiple MAC addresses on a VM interface, you will need to set that too. Might be easier than setting static ARP in your network.
Andrew Hancock (VMware vExpert / EE Fellow)VMware and Virtualization Consultant
Fellow 2018
Expert of the Year 2017

Commented:
Multicast is the recommend solution for VMware, not Unicast.
Commented:
Solved by running the following netsh on each NLB node:

netsh interface ipv4 set interface "Cluster NIC" forwarding=enabled

Author

Commented:
It solved the problem perfectly