1

I'm running into an issue when setting up NLB for three virtual servers on vSphere. Each server is running Windows Server 2012 and has a single static IP address. One of the servers has a second NIC with an external-facing IP address. Windows NLB is installed on each server.

I have added the IP address for the cluster in DNS as an A record. It's mapped to a cluster name we made up. Each server has an A record mapping the server name to its static IP address.

When creating a new cluster in NLB Manager, the first server adds smoothly and I can connect to both the cluster IP and the server. After adding the second server to the cluster, we can no longer ping the cluster IP OR the server IP addresses. We are also unable to connect to either server using Remote Desktop, until the VM admin goes in and removes the cluster IP address from the advanced properties of the NIC.

I've tried both unicast and multicast when setting up the cluster, and I've also waited until the first server is completely converged before adding the second. The servers are on a different subnet than my desktop, but I get the same results when pinging from the servers themselves.

One server in the NLB cluster works fine, but two or more seems to result in IP conflict.

Can anyone tell me what I'm doing wrong?

Omegacron
  • 113
  • 1
  • 6
  • 1
    Are those physical or virtual servers? If virtual, which hypervisor? NLB needs some special configurations to work in virtual environments. – Massimo Jun 16 '16 at 17:50
  • 1
    Also, please add some details about your network. Some switches really *hate* Windows NLB and need ad hoc configs too. – Massimo Jun 16 '16 at 17:52
  • Servers are on vSphere. Not sure about the switch config, though - most of that is handled by our parent company. If I need something specific added to the routing, I can forward it to one of their network admins. – Omegacron Jun 16 '16 at 18:45

1 Answers1

2

There are multiple known issues with NLB when using virtual machines; these links should help you:

https://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=1006580
https://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=1006558
https://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=1006778
https://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=1556

Also, if you choose to use Unicast mode, you'll need two NICs on each server, otherwise they will not be able to talk with each other, because they will be effectively using the same MAC address. Multicast is a lot easier to manage, but it might require specific configurations on your switch:

https://kb.vmware.com/selfservice/search.do?cmd=displayKC&externalId=1006525

This article also contains a nice summary.

Massimo
  • 70,200
  • 57
  • 200
  • 323
  • Sounds like I may need a manual ARP resolve on the switch. Would that also explain why I'm unable to connect to the servers after adding a second one to the cluster? It seems related to the cluster IP being added to the NIC addresses. – Omegacron Jun 17 '16 at 14:06
  • That would be needed in order for *routing* to work. But your *general* issues with NLB not working are probably related to VMware's quirks, or something not being correctly set up in the windows VMs. Please have a read at all the articles I linked, and also Microsoft's documentation about NLB. While it might seem quite simple on the surface, it often can and will easily get a lot more complex than expected. – Massimo Jun 17 '16 at 14:16
  • 1
    I'm fairly certain that you need to enable "MAC Address Changes" on your vswitch(es) in order for NLB to work. – joeqwerty Jun 17 '16 at 14:22
  • I would think this would only affect Unicast mode. If you have the same problem in Multicast mode then I have no idea. - https://pubs.vmware.com/vsphere-4-esx-vcenter/index.jsp?topic=/com.vmware.vsphere.server_configclassic.doc_40/esx_server_config/securing_an_esx_configuration/c_mac_address_changes.html – joeqwerty Jun 17 '16 at 14:32
  • Also "Forged transmits" might play a role. Windows NLB does *quite* strange things with MAC addresses, both in unicast and multicast mode. There *is* a reason many network admins really don't like it (nor do their network devices). – Massimo Jun 17 '16 at 14:43
  • 1
    As a first step, we had a network admin add a multicast-routing entry for the new cluster's IP & network address. That seems to have done the trick, though. Thanks! – Omegacron Jun 17 '16 at 19:27