[isalist] Re: Network Load Balancing And Network Hardware Recomendations
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Thu, 18 Jan 2007 12:22:45 -0600
The problem with multicast and ISA is that ISA EE doesn't support multicast in
its integrated support for NLB. Only unicast is supported with ISA EE. I
definitely don't recommend using multicast with ISA EE, because of the lack of
service awareness.
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- Microsoft Firewalls (ISA)
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Dave May
Sent: Thursday, January 18, 2007 12:12 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Network Load Balancing And Network Hardware
Recomendations
FYI, the key to making multicast work well is to a) enable IGMP
multicast in NLB b) either enable IGMP snooping on your switch(es) or set a
static entry. Note that if your switches do not allow a unicast IP to ARP to a
multicast MAC (if I remember correctly) it isn't going to work right and the
traffic will flood across all ports. That last part caused me a major
headache, which was only resolved with a great deal of traffic sniffing via
WireShark. Turned out to be a bug in the switch firmware...
YMMV,
Dave.
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Gerald G. Young
Sent: Thursday, January 18, 2007 9:58 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Network Load Balancing And Network Hardware
Recomendations
Hmmm... I had no problem with ISA-integrated NLB with two VIPs (OWA)
running connected to a layer 3 switch (Cisco 6509). The SMTP Gateways (ISA on
top of IIS SMTP) in the same network segment and connected to the same layer 3
switch also utilized ISA-integrated NLB and handled around 200K messages a day
just fine. But, we had front-end and back-end NICs on these boxes with both
sides connected to separate VLANs.
Interestingly enough, we had more problems with the setup when NLB was
configured for Multicast (each port sees two MAC addresses - physical/virtual)
and the MAC addresses were hardcoded into the network fabric.
Cordially yours,
Jerry G. Young II
Product Engineer - Senior
Platform Engineering, Enterprise Hosting
NTT America, an NTT Communications Company
22451 Shaw Rd.
Sterling, VA 20166
Office: 571-434-1319
Fax: 703-333-6749
Email: g.young@xxxxxxxx
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of D PIETRUSZKA USWRN INTERLINK
INFRA ASST MGR
Sent: Thursday, January 18, 2007 7:19 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Network Load Balancing And Network Hardware
Recomendations
NLB doesn't work fine with Layer 3 switches and that is known since a
bunch of years ago.
The only thing you need is a plain layer 2 switch and your ISAs
connected to it, if you don't want to spend a lot of money, go for the Netgear
GS605 which is a $30 gigabit layer 2 switch.
Now, of course most (if not all of them) layer 3 switches are managed
switches so you can play with them and forward the traffic to all the ports on
it.
But again, if budget is a concern then go for the Netgear I have some
and work great.
Regards
Diego R. Pietruszka
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of William Holmes
Sent: Wednesday, January 17, 2007 7:12 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Network Load Balancing And Network Hardware
Recomendations
Hello,
The switch that I am currently using is an HP ProCurve Switch Model
2824. The issue that I have had previously was one of the switch shutting down
the ports due to the NLB Mac Address "jumping around" between different ports
on the switch. That problem occurred on a CISCO switch (don't remember the
exact model gbb something or other). If I understand things correctly (Note
that I did say IF) there are switch configuration issues that have to be
addressed. KB 193602 (posted incorrect number last time sorry) mentions one of
them which is issue with port flooding and suppressing this with VLANs.
My past experience using Switches with NLB on Windows NT and Windows
2000 was a train wreck. The path of least resistance was a dumb hub between
the nodes and the switch that gave the switch a consistent view of the NLB
cluster. That is why I am currently using Unicast With a Hub as KB193602
indicates.
If I understand correctly I should be able to Mask the NLB Mac Address
and after doing so connect directly to a switch as a side effect of this any
request to the NLB cluster will be sent to all ports of the switch (port
flood). Thus traffic will be sent to any and all machines on the switch unless
you define VLANS.
As another option could use another L2 switch that only deals with my
NLB and have a single uplink just like my current hub has thus gaining gigabit
full duplex connections or would the port flooding also affect the upstream
switch. It doesn't seem like it should. The upstream switch would see something
answering on the NLB switch's port.
Will something like a Netgear GS105 work in this instance for testing
purposes?
It's the Switch getting to smart for MY own good that I worry about
which is why I am asking these questions.
Thanks
Bill
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
Sent: Wednesday, January 17, 2007 4:07 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Network Load Balancing And Network Hardware
Recomendations
"HP Procurve" - what?
That's a product line, not a switch model.
Also, you don't need to use a hub; a L2 switch generally works just
fine.
The problem is when the switch tries to be too smart about L3 and ends
up being too smart for its own good.
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of William Holmes
Sent: Wednesday, January 17, 2007 11:55 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Network Load Balancing And Network Hardware
Recomendations
Hello,
This is possible a little off topic.
We currently use Windows Network Load Balancing for our Exchange and
ISA servers. Right now to avoid problems with our network switches I have a hub
between the NLB hosts and our Network Switches. This connection is therefore
limited to 100MB ½ duplex connections.
I have new hardware coming in that I need to use NLB on and I would
like to have an optimal configuration. I have taken a look at Microsoft KB
192602 and am looking for further recommendations. Our network switches are HP
Procurve.
Thanks
Bill
All mail to and from this domain is GFI-scanned.
Other related posts:
