97608-MS_NLB_PPT1 - Cisco Support Community

Transcription

97608-MS_NLB_PPT1 - Cisco Support Community
Microsoft
Network Load Balancing
Support
Vivek V
vivev@cisco.com
© 2006 Cisco Systems, Inc. All rights reserved.
1
Agenda
• MS NLB Overview
• MS NLB Unicast mode
• MS NLB Multicast mode
• Catalyst switches and NLB
• Limitations and Restrictions
• Known Bugs
• References
© 2006 Cisco Systems, Inc. All rights reserved.
2
MS NLB Overview
• Provides scalability and high availability to enterprise-wide TCP/IP
services, such as Web Servers.
• Network Load Balancing servers (also called hosts) in a cluster
communicate among themselves to provide key benefits, including:
• Scalability: up to 32 servers.
• High availability. automatically detects failure of a server.
• Distributes IP traffic to multiple copies (or instances) of a TCP/IP service,
such as a Web server, each running on a host within the cluster.
• Transparently partitions the client requests among the hosts and lets the
clients access the cluster using one or more "virtual" IP addresses.
© 2006 Cisco Systems, Inc. All rights reserved.
3
MS NLB Overview (cont’d)
Looks like a single-host/IP
server to outside
world/clients.
All of the hosts must recv
all incoming requests.
Then, NLB infra distributes
load between the servers
© 2006 Cisco Systems, Inc. All rights reserved.
4
MS NLB Unicast mode
• Default mode
• Works seamlessly on physical
environments, based on flooding
• User specifies a shared IP for
all hosts in the cluster
• A shared MAC is autogenerated and set on Host/VM
interfaces:
• A:B:C:D -> 02:BF:A:B:C:D
© 2006 Cisco Systems, Inc. All rights reserved.
5
MS NLB Unicast mode (cont’d)
• How is the shared IP/MAC used?
Incoming Packets:
Outgoing Packets:
Sent to shared MAC (02:BF:A:B:C:D)
Sent using a different src-MAC
(02:01:A:B:C:D), so the shared MAC won’t be
learned
This MAC is not learned anywhere -> FLOOD
Host-1
Host-2
Host-3
• ARPing of the shared IP:
• ARP reply will have the shared-MAC in ARP header, but not in the ethernet
header
© 2006 Cisco Systems, Inc. All rights reserved.
6
MS NLB Multicast Mode
• How is the shared IP/MAC used?
Incoming Packets:
Outgoing Packets:
Sent to shared MAC (03:00:5e:B:C:D)
Sent using a different src-MAC
(02:01:A:B:C:D), so the shared MAC won’t be
learned
This MAC needs to be put into the mac
address table via IGMP snooping
Host-1
Host-2
Host-3
• In multicast mode:
The cluster members respond to ARPs for their virtual address using a multicast MAC
address for example 0300.5e11.1111 and to send IGMP Membership Report packets. If IGMP snooping is
enabled on the local switch, it snoops the IGMP packets that pass through it. This prevents flooding.
© 2006 Cisco Systems, Inc. All rights reserved.
7
NLB Multicast Mode (cont’d)
Issues with using IGMP snooping:
-- The mac address will be present in the IGMP snooping database and will e mapped
to the ports to which the servers are connected.
HOWEVER:
-- The servers will respond to arps for the VIP with a multicast mac address.
-- The switch will not accept this and will drop the response and the VIP will lose
connectivity.
-- Hence we need to disable IGMP snooping.
© 2006 Cisco Systems, Inc. All rights reserved.
8
MS NLB Multicast mode cont’d
- Disabling snooping leads to flooding .
- Arp will still be incomplete.
SOLUTION:
-STATIC ARP
arp 172.16.63.241 0300.5e11.1111
-STATIC MAC
mac−address−table static 0300.5e11.1111 vlan 200 interface fa2/3, fa2/4
NOTE:
mac−address−table static 0300.5e11.1111 vlan 200 interface fa2/3, fa2/4 disablesnooping
In the platform catalyst 6500
© 2006 Cisco Systems, Inc. All rights reserved.
9
MS NLB Multicast mode cont’d
Note:
Statically mapping MAC to multiple ports is supported
only in software on the Catalyst 4500 switch.
Using this configuration on Catalyst 4500 switch may
cause high CPU
Solution: add the servers to a separate VLAN and allow
flooding in the vlan (prune the vlan from trunks that do
not need them)
© 2006 Cisco Systems, Inc. All rights reserved.
10
Problems with NLB Multicast mode
-- On The cat6k later IOS , it will not show the disable snooping
option even though the servers are in multicast mode
Solution:
-- This is because the switch does not recognize the macs that
conform to IGMP multicast i.e 0100.5exx.xxxx , 0300.5exx.xxxx
-- Check the IGMP checkbox on the server to generate an IGMP
compliant mac address.
© 2006 Cisco Systems, Inc. All rights reserved.
11
Example setup and configuration
Example setup
© 2006 Cisco Systems, Inc. All rights reserved.
12
Configuration
Cat6K#show running-config
Building configuration...
!
!
interface FastEthernet2/1
description "Uplink to the Default Gateway"
no ip address
switchport
switchport access vlan 100
!
!
interface FastEthernet2/3
description "Connection to Microsoft server"
no ip address
switchport
switchport access vlan 200
!
interface FastEthernet2/4
description "Connection to Microsoft server"
no ip address
switchport
switchport access vlan 200
!
!
mac-address-table static 0300.5e11.1111 vlan 200 interface fa2/3 fa2/4 disable-snooping
! --- Creating a static entry in the switch for the multicast virtual mac.
! --- fa2/3 & fa2/4 are the ports connected to server.
!--- The disable-snooping is applicable only for Cisco Catalyst 6000/6500 series switches
arp 172.16.63.241 0300.5e11.1111
! --- 172.16.63.241 is the Virtual IP of 2 servers
© 2006 Cisco Systems, Inc. All rights reserved.
13
Verification
show mac-address-table - Displays a specific MAC address table static and dynamic
entry or the MAC address table static and dynamic entries on a specific interface
or VLAN.
Cat6K#show mac-address-table 0300.5e11.1111
Mac Address Table
------------------------------------------Vlan Mac Address
vType
Ports
---- ------------------ ----200 0300.5e11.1111 STATIC Fa2/3 Fa2/4
show ip arp - Displays the Address Resolution Protocol (ARP) cache.
Cat6K#show ip arp
Protocol Address
Internet 172.16.1.1
© 2006 Cisco Systems, Inc. All rights reserved.
Age (min) Hardware Addr Type Interface
- 0300.5e11.1111 ARPA Vlan200
14
Known Bugs
CSCsw72680
IP - Packets loop if running Microsoft NLB in presence of PIM
CSCtx95441
Destination MAC 0000.0000.0000 on mapping unicast IP to multicast MAC
CSCsu84397
Sup6E Static ARP to multicast mac address may cause routing loop
CSCug49149
PFC3B/DFC3B - Routed Microsoft NLB traffic black-holed across a DEC
CSCsy62709
MLS CEF - Packets loop if running Microsoft NLB in presence of PIM
CSCuh08087
Microsoft NLB multicast mode broken on 3850
© 2006 Cisco Systems, Inc. All rights reserved.
15
References
Microsoft Technical Overview:
http://technet.microsoft.com/en-us/library/bb742455.aspx
Cat6k Config Example:
http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_example09186a0080a07203.shtml
Vmware + Ucast mode Workaround:
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1556
© 2006 Cisco Systems, Inc. All rights reserved.
16
Limitations and Restrictions
• not supported on PVLAN ports.
• not supported on the ports configured with UUFB (unknown unicast
flood blocking).
• not supported on the ports configured with “switchport port-security
mac-address sticky”.
© 2006 Cisco Systems, Inc. All rights reserved.
17
© 2006 Cisco Systems, Inc. All rights reserved.
18