Why Unicast NLB server needs to have 2 NIC connected to different IP VLAN ?

Hi All,

Is there any reason as to why Windows Server 2003 Unicast NLB clustered server (running Terminal Server 2003) is configured with 2x vNIC and each of them connected to two different IP address class or VLANs ?

The server is deployed as Vmware Virtual Machine and I wonder if the IP address can be on the same VLAN for the simplicity of migration sake ?

Any thoughts and comments would be greatly appreciated,

Thanks
LVL 13
Senior IT System EngineerSenior Systems EngineerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Andrew Hancock (VMware vExpert / EE Fellow)VMware and Virtualization ConsultantCommented:
It's recommend to deploy virtual machines with NLB using Multicast using VMware vSphere.
Brett DanneyIT ArchitectCommented:
The two NIC requirement is when the servers are physical and the idea is if there is a network failure on the LAN the nodes should be able to communicate. In addition you would want to isolate the heartbeat from the general network traffic. I doubt it would make any difference having the two on the same network.
Senior IT System EngineerSenior Systems EngineerAuthor Commented:
That's what confused me here. This is an old legacy windows server 2003 terminal server 2 nodes. It is already deployed as Unicast in two different ESX host.

I can understand the configuration of IGMP multicast NLB for exchange server 2007 Hub Transport server on Windows Server 2008, but I don't know if this can be applied to the Terminal Server 2003.
Get Blueprints for Increased Customer Retention

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

Brett DanneyIT ArchitectCommented:
I agree with you it makes no sense in a VMware environment
MaheshArchitectCommented:
Since unicast NLB overwrite actual physical MAC address with virtual MAC on network cards that participating the unicast NLB and doing so actually \ technically stop node to node communication due to same MAC address on NICs.

In that case other servers \ devices can communicate with VIP of NLB and subsequently queries are redirected to NLB NICs
But In order to communicate between two nodes you must have another network card on those nodes so that node can communicate with each other

In case of multicast NLB, virtual MAC is appended to physical MAC of NICs that are part of NLB so that node can communicate with each other and same time can communicate with external network.

But above scenario is changed when virtualization is came to picture as weather you do unicast with one NIC, those are fake \ virtual network cards only and hyper-v \ VMware will manage to work with them somehow

Now if you put two network cards on server with same IP segment it will work. That's how  MS Exchange administrators configures NLB with one exception.

They simply add two network cards on exchange server (physical \ virtual)
provide same IP segment to both NICs
On one network card, they simply remove gateway
Another network card have gateway
they configure NLB on network card that don't have gateway and accept external inbound traffic on that NIC through VIP
For outbound traffic they do IP forwarding on your NLB LAN NIC by running
"netsh interface ipv4 set int “NLB LAN” forwarding=enabled" from a command prompt

Hence I would prefer hardware load balancing (HLB) devices to do network load balancing and its more smarter than NLB in terms of failure detection and quick switchover and also can offload ssl if required

Mahesh
Senior IT System EngineerSenior Systems EngineerAuthor Commented:
Yes, you are right guys.

the current configuration is as follows:


VM1 - vNIC1
IP: 192.168.1.14
VLAN 1

VM1 - vNIC2
IP1: 10.1.1.10
IP2: 10.1.1.100 --> The Virtual IP of Clustered Terminal Server Service
VLAN: 5

VM2 - vNIC1
IP: 192.168.1.15
VLAN 1

VM2 - vNIC2
IP1: 10.1.1.11
IP2: 10.1.1.100 --> The Virtual IP of Clustered Terminal Server Service
VLAN 5

So is it possible to maintain it as Unicast NLB and change all of the IP address VLAN into the same VLAN 5 just for the sake of migrating it into the different data center with different IP address class ?
MaheshArchitectCommented:
Yes, you can configure that way also.
Check below post for better clarity specifically wrt terminal servers

http://www.brianmadden.com/blogs/brianmadden/archive/2004/11/29/how-to-configure-windows-network-load-balancing-for-pure-terminal-server-environments.aspx

Mahesh
Senior IT System EngineerSenior Systems EngineerAuthor Commented:
ok, so in this case both of the NIC can still be used with the same VLAN for the Unicast NLB to work successfully ?



Proposed changes to IP address

VM1 - vNIC1
IP: 192.168.1.14
VLAN 1

VM1 - vNIC2
IP1: 192.168.1.50
IP2: 192.168.1.100 --> The Virtual IP of Clustered Terminal Server Service
VLAN: 1

VM2 - vNIC1
IP: 192.168.1.15
VLAN 1

VM2 - vNIC2
IP1: 192.168.1.51
IP2: 192.168.1.100 --> The Virtual IP of Clustered Terminal Server Service
VLAN 1


I'm not in the position to change the mode from Unicast into Multicast since I don't know the behaviour and how it is going to work with the Clustered Terminal Server.
MaheshArchitectCommented:
Yes, you can use it.
Remove gateway from NLB NIC and do IP forwarding or setup route by command line (Route add command) on NLB interface as setting up default gateway on both NICs will produce waring message.

Mahesh
Senior IT System EngineerSenior Systems EngineerAuthor Commented:
my understanding is that both vNIC will have the same default gateway because the IP address are in the same IP class / VLAN. Do I still need to add the static route ?

Do you mean by using the "route add –p ...."
MaheshArchitectCommented:
yes, you are right, you can use "route add ... -p its persistent route
and its need to add for the NLB interface NIC, because normally we do not set \ have gateway  through tcp/ip setings on NLB NIC since you are using two NICs

Alternatively you can set IP forwarding as mentioned in my 1st comment.

I suggest you to test it in lab setup to get comfort \ familarity with that prior to deploy in production.

Mahesh

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Senior IT System EngineerSenior Systems EngineerAuthor Commented:
Thanks !
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.