Solved

Unable to ping NLBS cluster IP from different subnet

Posted on 2014-11-05
17
301 Views
Last Modified: 2014-12-19
I have a NLBS cluster setup on 2008 R2. I am able to ping the two physical IP addresses, but not the two virtual IP's or the single cluster IP address.

I need to be able to reach these IP addresses from my 192.168.1.0 network. The unreachable IP addresses are 10.100.1.98 - Single, virtual
10.100.1.99 - Single, virtual
10.100.1.100 - Cluster IP

It is my understanding that a static MAC addresses needs to be entered onto a switch, but I am not exactly sure which switch it needs setup on.

My NLBS servers are plugged into a switch in my DMZ, this DMZ switch resides on 172.20.1.0 network.

The DMZ switch then plugs into the DMZ interface on my firewall. Then LAN interface off the firewall that connects to a Cisco layer 3 switch on the 192.168.1.0 network.
0
Comment
Question by:Yeloball
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
  • 2
  • +1
17 Comments
 
LVL 121

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 500 total points
ID: 40423867
A few things when creating NLB on VMware.

1. You just use Multicast mode.

2. You must allocate Static ARP Entries on your Physical Switch for MAC addresses.

3. You must allocate Static ARP Entries on your Physical Switch for Cluster IP Address.

And switch configs must be updated in our experience, for every physical port of the ESXi host, and also ALL trunks and uplinks you would expect the traffic to be on.

see VMware Knowlege base for further details

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1006778

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1006580
0
 

Author Comment

by:Yeloball
ID: 40423879
Andrew, are you saying I should enter the static MAC address on ALL of my switches?
0
 
LVL 121
ID: 40423884
Correct, the Cluster MAC Adddress, and IP Address.... see the articles for configuration required on Cisco switch.
0
How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

 

Author Comment

by:Yeloball
ID: 40424038
Andrew, do you think I should just enter that information on the individual "uplink" interfaces or should I just add it to ALL interfaces on each switch to ensure that I am covered?
0
 
LVL 121
ID: 40424048
ALL interfaces and uplinks.

The switch need to know, where to expect the multicast, for the NLB cluster nodes to work, and converge correctly.
0
 

Author Comment

by:Yeloball
ID: 40424058
is there a way to do a interface range command within the static mac address command?
0
 
LVL 121
ID: 40424093
that depends on your physical switch config.
0
 

Author Comment

by:Yeloball
ID: 40424112
On all switches but one, everything is on VLAN 1
0
 
LVL 121
ID: 40424124
Does not matter about VLAN, you need to notify the switch, where the MAC address, should be observed.
0
 

Author Comment

by:Yeloball
ID: 40424128
Didn't you just tell me above that it needs to be on all interfaces, on all switches fa0/1 - fa0/24 ? Or am I getting confuses here?
0
 
LVL 121
ID: 40428247
If you have a physical switch.... switch A

and you have two ESXi Server, ESXi A and ESXi B connected to Switch A

if you are connecting four interfaces from each host server.

ALL those physical ports, need to be configured for Static ARP entries for IP address and Mac address, because the multicast packets could be entering any of those ports for the cluster IP Address.

If we take it a little further and switch A is connected to Switch B

both Switch A and Switch B, also need to be configured, e.g. trunking ports, to show that the multicast packets could also be on those trunks.

this is how we approach it.
0
 
LVL 27

Expert Comment

by:Steve
ID: 40428284
can you ping anything else on the 10.100.1.x range or is it just the NLBS IPs you cannot contact?
as your description suggests you are sending traffic through a firewall, have you configured it to allow traffic to these IPs without NATing?
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 40428999
I have setup WNLB under Hyper-V and it doesn't require any switch or router configuration. I use unicast mode which requires a second vNIC on each WNLB cluster member, and you have to tell the hypervisor to allow thone secondary vNICs to do MAC address spoofing. Not too complicated. Should be the same under VMware.
0
 

Author Comment

by:Yeloball
ID: 40434880
totallytonto, yes I can ping other nodes in the 10.100.1.x range

It is only the virtual custer IP and individual virtual IP's of the NLBS I am unable to ping. I can ping the physical addresses.
0
 
LVL 121
ID: 40434898
It's not the same under VMware vSphere as Hyper-V.

Multicast is recommended under VMware vSphere. and with multicast, you need to complete switch configuration. - simple!

If you do not configure your physical switches for multicast, multicast will not work.

you could always try a better Load Balancer, try the FREE

http://www.zenloadbalancer.com/
0
 
LVL 27

Expert Comment

by:Steve
ID: 40434930
well, as you can ping other IPs on the same subnet it confirms there's no routing/access issue.
I'm afraid it has to be the multicast issue mentioned above.
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If we need to check who deleted a Virtual Machine from our vCenter. Looking this task in logs can be painful and spend lot of time, so the best way to check this is in the vCenter DB. Just connect to vCenter DB(default DB should be VCDB and using…
Ransomware is a malware that is again in the list of security  concerns. Not only for companies, but also for Government security and  even at personal use. IT departments should be aware and have the right  knowledge to how to fight it.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question