97608-MS_NLB_PPT1 - Cisco Support Community
Transcription
97608-MS_NLB_PPT1 - Cisco Support Community
Microsoft Network Load Balancing Support Vivek V vivev@cisco.com © 2006 Cisco Systems, Inc. All rights reserved. 1 Agenda • MS NLB Overview • MS NLB Unicast mode • MS NLB Multicast mode • Catalyst switches and NLB • Limitations and Restrictions • Known Bugs • References © 2006 Cisco Systems, Inc. All rights reserved. 2 MS NLB Overview • Provides scalability and high availability to enterprise-wide TCP/IP services, such as Web Servers. • Network Load Balancing servers (also called hosts) in a cluster communicate among themselves to provide key benefits, including: • Scalability: up to 32 servers. • High availability. automatically detects failure of a server. • Distributes IP traffic to multiple copies (or instances) of a TCP/IP service, such as a Web server, each running on a host within the cluster. • Transparently partitions the client requests among the hosts and lets the clients access the cluster using one or more "virtual" IP addresses. © 2006 Cisco Systems, Inc. All rights reserved. 3 MS NLB Overview (cont’d) Looks like a single-host/IP server to outside world/clients. All of the hosts must recv all incoming requests. Then, NLB infra distributes load between the servers © 2006 Cisco Systems, Inc. All rights reserved. 4 MS NLB Unicast mode • Default mode • Works seamlessly on physical environments, based on flooding • User specifies a shared IP for all hosts in the cluster • A shared MAC is autogenerated and set on Host/VM interfaces: • A:B:C:D -> 02:BF:A:B:C:D © 2006 Cisco Systems, Inc. All rights reserved. 5 MS NLB Unicast mode (cont’d) • How is the shared IP/MAC used? Incoming Packets: Outgoing Packets: Sent to shared MAC (02:BF:A:B:C:D) Sent using a different src-MAC (02:01:A:B:C:D), so the shared MAC won’t be learned This MAC is not learned anywhere -> FLOOD Host-1 Host-2 Host-3 • ARPing of the shared IP: • ARP reply will have the shared-MAC in ARP header, but not in the ethernet header © 2006 Cisco Systems, Inc. All rights reserved. 6 MS NLB Multicast Mode • How is the shared IP/MAC used? Incoming Packets: Outgoing Packets: Sent to shared MAC (03:00:5e:B:C:D) Sent using a different src-MAC (02:01:A:B:C:D), so the shared MAC won’t be learned This MAC needs to be put into the mac address table via IGMP snooping Host-1 Host-2 Host-3 • In multicast mode: The cluster members respond to ARPs for their virtual address using a multicast MAC address for example 0300.5e11.1111 and to send IGMP Membership Report packets. If IGMP snooping is enabled on the local switch, it snoops the IGMP packets that pass through it. This prevents flooding. © 2006 Cisco Systems, Inc. All rights reserved. 7 NLB Multicast Mode (cont’d) Issues with using IGMP snooping: -- The mac address will be present in the IGMP snooping database and will e mapped to the ports to which the servers are connected. HOWEVER: -- The servers will respond to arps for the VIP with a multicast mac address. -- The switch will not accept this and will drop the response and the VIP will lose connectivity. -- Hence we need to disable IGMP snooping. © 2006 Cisco Systems, Inc. All rights reserved. 8 MS NLB Multicast mode cont’d - Disabling snooping leads to flooding . - Arp will still be incomplete. SOLUTION: -STATIC ARP arp 172.16.63.241 0300.5e11.1111 -STATIC MAC mac−address−table static 0300.5e11.1111 vlan 200 interface fa2/3, fa2/4 NOTE: mac−address−table static 0300.5e11.1111 vlan 200 interface fa2/3, fa2/4 disablesnooping In the platform catalyst 6500 © 2006 Cisco Systems, Inc. All rights reserved. 9 MS NLB Multicast mode cont’d Note: Statically mapping MAC to multiple ports is supported only in software on the Catalyst 4500 switch. Using this configuration on Catalyst 4500 switch may cause high CPU Solution: add the servers to a separate VLAN and allow flooding in the vlan (prune the vlan from trunks that do not need them) © 2006 Cisco Systems, Inc. All rights reserved. 10 Problems with NLB Multicast mode -- On The cat6k later IOS , it will not show the disable snooping option even though the servers are in multicast mode Solution: -- This is because the switch does not recognize the macs that conform to IGMP multicast i.e 0100.5exx.xxxx , 0300.5exx.xxxx -- Check the IGMP checkbox on the server to generate an IGMP compliant mac address. © 2006 Cisco Systems, Inc. All rights reserved. 11 Example setup and configuration Example setup © 2006 Cisco Systems, Inc. All rights reserved. 12 Configuration Cat6K#show running-config Building configuration... ! ! interface FastEthernet2/1 description "Uplink to the Default Gateway" no ip address switchport switchport access vlan 100 ! ! interface FastEthernet2/3 description "Connection to Microsoft server" no ip address switchport switchport access vlan 200 ! interface FastEthernet2/4 description "Connection to Microsoft server" no ip address switchport switchport access vlan 200 ! ! mac-address-table static 0300.5e11.1111 vlan 200 interface fa2/3 fa2/4 disable-snooping ! --- Creating a static entry in the switch for the multicast virtual mac. ! --- fa2/3 & fa2/4 are the ports connected to server. !--- The disable-snooping is applicable only for Cisco Catalyst 6000/6500 series switches arp 172.16.63.241 0300.5e11.1111 ! --- 172.16.63.241 is the Virtual IP of 2 servers © 2006 Cisco Systems, Inc. All rights reserved. 13 Verification show mac-address-table - Displays a specific MAC address table static and dynamic entry or the MAC address table static and dynamic entries on a specific interface or VLAN. Cat6K#show mac-address-table 0300.5e11.1111 Mac Address Table ------------------------------------------Vlan Mac Address vType Ports ---- ------------------ ----200 0300.5e11.1111 STATIC Fa2/3 Fa2/4 show ip arp - Displays the Address Resolution Protocol (ARP) cache. Cat6K#show ip arp Protocol Address Internet 172.16.1.1 © 2006 Cisco Systems, Inc. All rights reserved. Age (min) Hardware Addr Type Interface - 0300.5e11.1111 ARPA Vlan200 14 Known Bugs CSCsw72680 IP - Packets loop if running Microsoft NLB in presence of PIM CSCtx95441 Destination MAC 0000.0000.0000 on mapping unicast IP to multicast MAC CSCsu84397 Sup6E Static ARP to multicast mac address may cause routing loop CSCug49149 PFC3B/DFC3B - Routed Microsoft NLB traffic black-holed across a DEC CSCsy62709 MLS CEF - Packets loop if running Microsoft NLB in presence of PIM CSCuh08087 Microsoft NLB multicast mode broken on 3850 © 2006 Cisco Systems, Inc. All rights reserved. 15 References Microsoft Technical Overview: http://technet.microsoft.com/en-us/library/bb742455.aspx Cat6k Config Example: http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_example09186a0080a07203.shtml Vmware + Ucast mode Workaround: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1556 © 2006 Cisco Systems, Inc. All rights reserved. 16 Limitations and Restrictions • not supported on PVLAN ports. • not supported on the ports configured with UUFB (unknown unicast flood blocking). • not supported on the ports configured with “switchport port-security mac-address sticky”. © 2006 Cisco Systems, Inc. All rights reserved. 17 © 2006 Cisco Systems, Inc. All rights reserved. 18