Solved

Unable to ping NLBS cluster IP from different subnet

Posted on 2014-11-05
17
277 Views
Last Modified: 2014-12-19
I have a NLBS cluster setup on 2008 R2. I am able to ping the two physical IP addresses, but not the two virtual IP's or the single cluster IP address.

I need to be able to reach these IP addresses from my 192.168.1.0 network. The unreachable IP addresses are 10.100.1.98 - Single, virtual
10.100.1.99 - Single, virtual
10.100.1.100 - Cluster IP

It is my understanding that a static MAC addresses needs to be entered onto a switch, but I am not exactly sure which switch it needs setup on.

My NLBS servers are plugged into a switch in my DMZ, this DMZ switch resides on 172.20.1.0 network.

The DMZ switch then plugs into the DMZ interface on my firewall. Then LAN interface off the firewall that connects to a Cisco layer 3 switch on the 192.168.1.0 network.
0
Comment
Question by:Yeloball
  • 7
  • 6
  • 2
  • +1
17 Comments
 
LVL 118

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE) earned 500 total points
ID: 40423867
A few things when creating NLB on VMware.

1. You just use Multicast mode.

2. You must allocate Static ARP Entries on your Physical Switch for MAC addresses.

3. You must allocate Static ARP Entries on your Physical Switch for Cluster IP Address.

And switch configs must be updated in our experience, for every physical port of the ESXi host, and also ALL trunks and uplinks you would expect the traffic to be on.

see VMware Knowlege base for further details

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1006778

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1006580
0
 

Author Comment

by:Yeloball
ID: 40423879
Andrew, are you saying I should enter the static MAC address on ALL of my switches?
0
 
LVL 118
ID: 40423884
Correct, the Cluster MAC Adddress, and IP Address.... see the articles for configuration required on Cisco switch.
0
 

Author Comment

by:Yeloball
ID: 40424038
Andrew, do you think I should just enter that information on the individual "uplink" interfaces or should I just add it to ALL interfaces on each switch to ensure that I am covered?
0
 
LVL 118
ID: 40424048
ALL interfaces and uplinks.

The switch need to know, where to expect the multicast, for the NLB cluster nodes to work, and converge correctly.
0
 

Author Comment

by:Yeloball
ID: 40424058
is there a way to do a interface range command within the static mac address command?
0
 
LVL 118
ID: 40424093
that depends on your physical switch config.
0
 

Author Comment

by:Yeloball
ID: 40424112
On all switches but one, everything is on VLAN 1
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 118
ID: 40424124
Does not matter about VLAN, you need to notify the switch, where the MAC address, should be observed.
0
 

Author Comment

by:Yeloball
ID: 40424128
Didn't you just tell me above that it needs to be on all interfaces, on all switches fa0/1 - fa0/24 ? Or am I getting confuses here?
0
 
LVL 118
ID: 40428247
If you have a physical switch.... switch A

and you have two ESXi Server, ESXi A and ESXi B connected to Switch A

if you are connecting four interfaces from each host server.

ALL those physical ports, need to be configured for Static ARP entries for IP address and Mac address, because the multicast packets could be entering any of those ports for the cluster IP Address.

If we take it a little further and switch A is connected to Switch B

both Switch A and Switch B, also need to be configured, e.g. trunking ports, to show that the multicast packets could also be on those trunks.

this is how we approach it.
0
 
LVL 27

Expert Comment

by:Steve
ID: 40428284
can you ping anything else on the 10.100.1.x range or is it just the NLBS IPs you cannot contact?
as your description suggests you are sending traffic through a firewall, have you configured it to allow traffic to these IPs without NATing?
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 40428999
I have setup WNLB under Hyper-V and it doesn't require any switch or router configuration. I use unicast mode which requires a second vNIC on each WNLB cluster member, and you have to tell the hypervisor to allow thone secondary vNICs to do MAC address spoofing. Not too complicated. Should be the same under VMware.
0
 

Author Comment

by:Yeloball
ID: 40434880
totallytonto, yes I can ping other nodes in the 10.100.1.x range

It is only the virtual custer IP and individual virtual IP's of the NLBS I am unable to ping. I can ping the physical addresses.
0
 
LVL 118
ID: 40434898
It's not the same under VMware vSphere as Hyper-V.

Multicast is recommended under VMware vSphere. and with multicast, you need to complete switch configuration. - simple!

If you do not configure your physical switches for multicast, multicast will not work.

you could always try a better Load Balancer, try the FREE

http://www.zenloadbalancer.com/
0
 
LVL 27

Expert Comment

by:Steve
ID: 40434930
well, as you can ping other IPs on the same subnet it confirms there's no routing/access issue.
I'm afraid it has to be the multicast issue mentioned above.
0

Featured Post

Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Join & Write a Comment

This article will show you how to create an ISO CD-ROM/DVD-ROM image (*.iso), and MD5 checksum signature, for use with VMware vSphere Hypervisor 6.5 (ESXi 6.5). It's a good idea to compare checksums, because many installations fail because of a corr…
In this article, I will show you HOW TO: Install VMware Tools for Windows on a VMware Windows virtual machine on a VMware vSphere Hypervisor 6.5 (ESXi 6.5) Host Server, using the VMware Host Client. The virtual machine has Windows Server 2016 instal…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now