Solved

How to implement a network fault tolerance on a Windows Server 2008 R2, Single Server - Dual NIC? Only Windows Services like DNS, DHCP, File Server, IIS, FTP, Proxy

Posted on 2014-10-03
15
623 Views
Last Modified: 2014-10-24
Hello There!

We have an IBM x3650 M3, Dual NIC. We have Windows Server 2008 R2. In this Window we will have services like:

Proxy: using ForeFront 2010
FTP: Using IIS
IIS
DHCP
DNS
Active Directory
Any other Windows based service

Please, see the attached diagram. The server will have a VIP (Virtual Provate Address) IP of 172.16.0.10/24. All remote clients will point to this VIP IP Address. We will have two switches from Alcate which models can be OS6450 or OS6850. We will have an UPLINK between them as they will be two separate modules (although if you recommend we can setup a stack as well). So if Switch 1 dies all traffic will continue via Switch2 and vice versa. "Simple" fault tolerance.

We will focus only on one server and one service for now (e.g: Proxy or FTP). How can we implement fault tolerance here? What configuration should I use?

I have done some research and came to two solutions:
(1) NIC TEAMING
(2) Windows NLB

I understand that with (1) NIC Teaming you can setup a nic team using nic vendor drivers. As I understand we will have 1 IP Address and 1 MAC Address. Am I right? The next step is t configure LACP on Switches, right? The problem with this LACP is that the only situation  found is when both Server's NIC are connected directly to only ONE switch. On CISCO, we would have something like this:

source: http://serverfault.com/questions/46755/how-to-properly-setup-a-server-teaming-across-multiple-nics-in-windows-server

If your NIC driver supports LACP, use is on the switch aswell. Otherwise, you'll have to stick with a static trunk on the switch. Here is a config example for Cisco:


Switch# conf t

Switch(config)# int g0/1

Switch(config-if)# channel-group 1 mode on

Switch(config-if)# exit

Switch(config)# int g0/2

Switch(config-if)# channel-group 1 mode on

Switch(config-if)# end

For LACP, you would do something like this:


Switch# conf t

Switch(config)# int g0/1

Switch(config-if)# channel-proto lacp

Switch(config-if)# channel-group 1 mode act

Switch(config-if)# exit

Switch(config)# int g0/2

Switch(config-if)# channel-proto lacp

Switch(config-if)# channel-group 1 mode act

Switch(config-if)# end

Open in new window


The proble is we will have two *SEPARATE* switches and with an UPLINK between them. That is a very different situation. What can I setup here?



With (2) Windows NLB I understand that is a very complicated Issue. For example:

http://www.remotextensions.com/how-to-configure-network-load-balancing-nlb-in-multicast-mode/

The first problem is with switch flooding: we have to setup a NLB in Multicast and we have to fix an ARP IP entry and the MAC Address on the interfaces where the server will be connecting to.

E.g.:

STATIC ARP RESOLUTION Cisco Global command mode:
arp [ip] [cluster multicast mac] ARPA
arp 192.168.1.100 03bf.c0a8.0164 ARPA    

STATIC MAC RESOLUTION Cisco Global command mode
For example:
mac-address-table static [cluster multicast mac] [vlan id] [interface]
mac-address-table static 03bf.c0a8.0164 vlan 1 interface GigabitEthernet1/1 GigabitEthernet1/2 GigabitEthernet1/15 GigabitEthernet1/16


So. What can I use here in my situation?I would like to go simple with NIC Teaming. Is it possible? How can I do that?


03.10.2014 11:43 UPDATE: I added a second diagram: 2014.10.03_10.36_HOW_TO_IMPLEMENT_NETWORK_FAULT_TOLERANCE_ONE_SERVER_TWO_NICS_NIC_TEAMING_POSSIBLE_SETUP.png
2014.10.03-10.36-HOW-TO-IMPLEMENT-NETWOR
2014.10.03-10.36-HOW-TO-IMPLEMENT-NETWOR
0
Comment
Question by:sparskter
  • 9
  • 4
  • 2
15 Comments
 
LVL 38

Assisted Solution

by:Aaron Tomosky
Aaron Tomosky earned 166 total points
ID: 40360869
May I propose you install free vmware esxi on the bare metal and make your server a vm? Esxi load balances across switches really easily.
0
 
LVL 42

Assisted Solution

by:kevinhsieh
kevinhsieh earned 334 total points
ID: 40360904
WNLB only works with multiple servers, doing it doesn't help you at all. It is used if you have two or more serivers, then you can use WNLB to provide redundancy at the server level.

What you need to do is use the NIC vendor drivers to create what is generically known as a failover NIC team. It doesn't require any switch configuration, and only 1 NIC will be active at a time.
0
 
LVL 42

Accepted Solution

by:
kevinhsieh earned 334 total points
ID: 40360906
If you use Windows 2012 or higher you can use the native Microsoft NIC teaming that is vendor independent.
0
 

Author Comment

by:sparskter
ID: 40361184
Aaron Tomosky 2014-10-03 at 20:13:45 ID: 40360869
May I propose you install free vmware esxi on the bare metal and make your server a vm? Esxi load balances across switches really easily.

Aaron,

The problem is that VMWare ESXi 5.5 is not really *free* anymore. See this:

"ESXi 5.5 Free Hypervisor: Will Home Labs Survive?"
http://thehomeserverblog.com/home-servers/esxi-5-5-free-hypervisor-will-home-labs-survive/

Nevertheless: thanks for your suggestion! I did not know that VMWare ESXi could handle NIC Load Balance across two different switches!
0
 

Author Comment

by:sparskter
ID: 40361187
kevinhsieh2014-10-03 at 21:44:00ID: 40360904
WNLB only works with multiple servers, doing it doesn't help you at all. It is used if you have two or more serivers, then you can use WNLB to provide redundancy at the server level.
ANSWER: That is quite right: we will be using only one server for now. So I think Windows NLB must no be used as you have described.

What you need to do is use the NIC vendor drivers to create what is generically known as a failover NIC team. It doesn't require any switch configuration, and only 1 NIC will be active at a time.
ANSWER: Thanks! We will try that! But I have one more question about NIC TEAMING. Is it possible to have both NICs UP at the same time? Something like CISCO ETHERCHANNEL where you have multiple links active at the same time? If it is possible, how should I configure my servers and my switches?
0
 

Author Comment

by:sparskter
ID: 40361189
kevinhsieh2014-10-03 at 21:45:38ID: 40360906
If you use Windows 2012 or higher you can use the native Microsoft NIC teaming that is vendor independent.
ANSWER: I think our client has only Windows Server 2008 R2 right now. Nevertheless I will suggest if they can upgrade to Windows Server 2012. As it is "vendor independent" I assume I will have to do nothing at switch side, am I right? Even if we have two separate switches with an uplink between them? What about Switch Stacking/Fabric ?
0
 
LVL 38

Assisted Solution

by:Aaron Tomosky
Aaron Tomosky earned 166 total points
ID: 40361348
Esxi works just fine with vm versions 9 and below without v center server, and additionally they recently updated 5.5 to allow management of most features of v10 vms
https://communities.vmware.com/thread/490147
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 42

Assisted Solution

by:kevinhsieh
kevinhsieh earned 334 total points
ID: 40361350
Vendor independent means independent of the NIC vendors. I believe you can use multiple active NICs if you stack your switches and you use Either channel or LACP. This of course requires proper configuration of the server and switches, so it is a more fragile configuration. Any single TCP stream is limited to the bandwidth of a single NIC. I wouldn't recommend it unless there was a demonstrated need that justifies the additional complexity.
0
 
LVL 42

Assisted Solution

by:kevinhsieh
kevinhsieh earned 334 total points
ID: 40361389
Even if you had two servers, WNLB is not appropriate for various services such as file server, print server, SQL server, possibly FTP (depending on how you need to use it), and others. For those services you should use Windows failover clustering if supported. Microsoft doesn't support fail over clustering of the print services role in Windows 2012; their recommendation is to run the print server as a highly available VM in a clustered hypervisor environment.
0
 

Author Comment

by:sparskter
ID: 40363834
Aaron Tomosky2014-10-04 at 09:12:08ID: 40361348
Esxi works just fine with vm versions 9 and below without v center server, and additionally they recently updated 5.5 to allow management of most features of v10 vms
https://communities.vmware.com/thread/490147

Glad to know that! Thanks for the link!
0
 

Author Comment

by:sparskter
ID: 40363840
kevinhsieh2014-10-04 at 09:13:00ID: 40361350
Vendor independent means independent of the NIC vendors. I believe you can use multiple active NICs if you stack your switches and you use Either channel or LACP. This of course requires proper configuration of the server and switches, so it is a more fragile configuration. Any single TCP stream is limited to the bandwidth of a single NIC. I wouldn't recommend it unless there was a demonstrated need that justifies the additional complexity.

We will try "NIC TEAMING" as per your suggestion and I will post it back when we have the results. That still will take one or two weeks in the schedule. We will not try LACP for now. Thanks for the tips
0
 

Author Comment

by:sparskter
ID: 40363845
kevinhsieh2014-10-04 at 09:57:42ID: 40361389
Even if you had two servers, WNLB is not appropriate for various services such as file server, print server, SQL server, possibly FTP (depending on how you need to use it), and others. For those services you should use Windows failover clustering if supported. Microsoft doesn't support fail over clustering of the print services role in Windows 2012; their recommendation is to run the print server as a highly available VM in a clustered hypervisor environment.

Thanks again for the tips. Gladly we will not have to use Windows NLB for our case. As I said the tests will still require one or two weeks to be made. As soon as possible I will post it back our results. Thanks!
0
 

Author Closing Comment

by:sparskter
ID: 40363908
I will await two or more weeks until I can test this in production! Then I will come back here and provide the feedbacks! Thanks for the experts help!
0
 

Author Comment

by:sparskter
ID: 40401851
Hello!

We have tried the bridge mode! Unfortunately the server we tried nics does not support NIC Teaming so we tried the bridge between both NICS. Please, see the attached diagram. If I am correct, the server behaves like a "switch". The redundancy worked because the Spanning Tree on the real switch blocked one of the ports: you can see in the switch output that port 1/1 is on "BLK" state. We then performed a simple test:

(1) With both cables connected, port 1/1 is blocked by STP and port 1/2 is in FORWARD state;
(2) Disconnected cable on port 1/1 and watched. The ping continued as expected because port 1/1 was already blocked;
(3) Plug the cable back on port 1/1. After some seconds the ping returned (the Spanning tree took some seconds to became stable again);
(4) Unplug cable on port 1/2. Again, after some seconds the ping returned (the Spanning tree took some seconds to became stable again);
(5) Plug back the cable on port 1/2.Again, after some seconds the ping returned (the Spanning tree took some seconds to became stable again) and we are back to initial state: port 1/1 blocked and port 1/2 in forward state.

So what do yo think of the bridge mode with redundancy provided bu the STP on the real switch?

ps: we will try a redundancy with VMWare on another server as suggested by Aaron Tomosky. I will post it back when we have the results.

Redundancy in bridge mode
0
 

Author Comment

by:sparskter
ID: 40402129
I found good info on this blog also:

Part 1: Network Redundancy for Windows Servers: NIC Teaming
http://networkerslog.blogspot.com.br/2011/04/network-redundancy-for-windows-servers.html?m=1

Part 2: Network Redundancy for Windows Server: Dynamic IP Routing
http://networkerslog.blogspot.com.br/2011/04/network-redundancy-for-windows-server.html?m=1

Part 3: Configuring RIP routing on Windows Server 2008
http://networkerslog.blogspot.com.br/2011/04/part-3-configuring-rip-routing-on.html?m=1
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Join & Write a Comment

Suggested Solutions

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now