Solved

WLAN Microsoft NLB Conundrum

Posted on 2014-02-03
7
248 Views
Last Modified: 2016-11-23
Good afternoon All

Situation:
I have 2 subnets x.x.32.x and x.x.35.x with a wlan in between, on the 35.x end I have a Dell 6224 and on the 32.x end I have a HP 3400cl.  I have a web host on the 35.x and a 2 x wcf apps server on the 32.x with MS load balancing - the web host needs to connect to the 32.x wcf servers.  Both ends are VMs on VMware hosts.

Problem:
The web host can connect to the wcf if it used the NIC IP but is unable to connect to the NLB IP.  

On the Dell switch I can add static ARP entries but on the HP switch I only have the option of Proxy-ARP (unless someone knows different).
I cam across an option of adding a second NIC to the pair of WCF servers and altering the vSwitch but that will only work if I keep both servers on a single host, which sort of negates the reason for having them on separate hosts.

Could anyone give me a suggestion on how to achieve this connection without compromising my network or breaking anything else.?

Many thanks
0
Comment
Question by:Eric
  • 4
  • 3
7 Comments
 
LVL 28

Expert Comment

by:asavener
ID: 39829566
What's the network topology at the 32.x site?  It's the layer 3 device that I'm concerned about.
0
 

Author Comment

by:Eric
ID: 39829652
Hi Asavener

The layer 3 device we use for routing is the HP3400cl - it routes the traffic through the Huawei to the 35.x site.

Thanks
0
 
LVL 28

Expert Comment

by:asavener
ID: 39829804
So that's the device that won't let you add a static ARP entry for the NLB address?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 28

Expert Comment

by:asavener
ID: 39829827
OK, according to the documentation for that model switch, it should support static ARP entries, but they only get added to the ARP table when the interface comes up:


ftp://ftp.hp.com/pub/networking/software/6400-5300-4200-3400-AdvTrafficMgmt-Oct2006-59906051-Chap11.pdf

A static entry enters the ARP cache from the static ARP table (which is a separate table) when the interface for the entry comes up
0
 

Author Comment

by:Eric
ID: 39829882
Hi Asavener

There is no way to add static entries, and the dynamic entry only seems to pick up the host IP and mac not the load balancing IP and mac - in IPConfig it shows the nic as having 2 IP addresses not a real card and a NLB virtual card.  The wcf apps servers are virtual machines so they are not connected directly to the HP3400.
0
 
LVL 28

Accepted Solution

by:
asavener earned 500 total points
ID: 39829943
I suggest you contact the vendor, because the documentation indicates that static ARP entries are possible.

This is a "normal error" for layer three devices.  Cisco has an article on why their devices reject dynamic ARP replies from NLB clusters.  (Basically, it's a mis-match between multicast MAC address in the ARP reply and the unicast IP address of the NLB cluster address.)

Unless you're able to add a static ARP entry on your router/layer3 switch, only local hosts will be able to communicate with the NLB cluster.



Here's a good article describing the problem:  http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1006525
0
 

Author Closing Comment

by:Eric
ID: 40292041
Many thanks for you help with this asavener, the links you supplied were very useful.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
Resolve DNS query failed errors for Exchange
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question