Reset Search
 

 

Article

How to configure Extreme switches to handle Microsoft Network Load Balance (MS NLB) traffic and route it properly

« Go Back

Information

 
TitleHow to configure Extreme switches to handle Microsoft Network Load Balance (MS NLB) traffic and route it properly
Objective
How to configure Extreme switches to handle Microsoft Network Load Balance (MS NLB) traffic and route it properly via static ARP, static multicast FDB, and Policy Based Routing (PBR).
Environment
  • Summit
  • BlackDiamond
  • EXOS
Procedure
For more background why this configuration is needed see this article link.
NLB solution for multi-port ARP in X450 and BD8800 series switches
Here is the sample configuration of how the L3 + L2 PBR works to acheive L3 routing to an NLB cluster.
  1. Create two VLANs.  v1 is 'Core VLAN' from where the traffic destined for the NLB is originating. v2 is the VLAN which has the NLB cluster attached to ports 22 and 25.
* X460-24x.44 # create vlan v1 tag 7
* X460-24x.45 # create vlan v2 tag 8
* X460-24x.46 # config v1 ipaddress 10.0.0.1/24
IP interface for VLAN v1 has been created.
* X460-24x.47 # config v2 ipaddress 11.0.0.1/24
IP interface for VLAN v2 has been created.
* X460-24x.48 # enable ipforwarding
* X460-24x.51 # config v1 add port 21
* X460-24x.52 # config v2 add port 22,25
  1. Set up a static ARP and static multicast FDB entries. Note that even though both ports 22 & 25 have been added to the static FDB, L3 traffic will only be forwarded to port 22 at this point. Any L2 traffic on v2 destined for the cluster will be correctly multi-casted on this FDB.
* X460-24x.53 # create fdb 03:bf:00:00:00:01 v2 port 22,25
* X460-24x.54 # config iparp add 11.0.0.7 03:bf:00:00:00:01
Warning: MAC (03:bf:00:00:00:01) is a multicast address
* X460-24x.55 # show iparp
VR            Destination      Mac                Age  Static  VLAN          VID   Port
VR-Default    11.0.0.7         03:bf:00:00:00:01    0     YES  v2            8     22
<snip>

 
             As mentioned above, at this point traffic is L3 routed only to port 22.
 
* X460-24x.83 # clear counters
* X460-24x.84 # show port 21,22,25 statistics no
Port      Link     Tx Pkt       Tx Byte       Rx Pkt       Rx Byte Rx Pkt Rx Pkt
          State    Count        Count         Count        Count    Bcast  Mcast
================================================================================
21        A             0            0       126947      8125760        0        0
22        A        126433      8091904            0            0        0        0
25        A             0            0            0            0        0        0
================================================================================
          > indicates Port Display Name truncated past 8 characters
          Link State: A-Active, R-Ready, NP-Port Not Present, L-Loopback
  1. Add the L2-PBR component to multicast forward the L3 routed packet to both ports (22 & 25).
* X460-24x.85 # create access-list nlbtest "destination-address 11.0.0.7/32" "count nlb_vip_count; redirect-port-list 22,25;"
* X460-24x.86 # config access-list add nlbtest first vlan v1
done!
  • Verify that the routed traffic is multi-casted to both NLB cluster ports.
* X460-24x.88 # clear counters
* X460-24x.89 # show port 21,22,25 statistics no
Port      Link     Tx Pkt       Tx Byte       Rx Pkt       Rx Byte Rx Pkt Rx Pkt
          State    Count        Count         Count        Count    Bcast  Mcast
================================================================================
21        A             1          136       439817     28149440        0        0
22        A        439224     28110536            0            0        0        0
25        A        437971     28030280            1          136        0        1
================================================================================
          > indicates Port Display Name truncated past 8 characters
          Link State: A-Active, R-Ready, NP-Port Not Present, L-Loopback
* X460-24x.90 #

 
From EXOS 15.6.3 there is a new ACL action, redirect-vlan which will flood the packets in the vlan. If you want to flood the packets to all ports in the vlan use that action.
Additional notes
In case you got the following error message right after creating the FDB entry (first command on item #2):
Error: Platform does not support multiple port FDB entries spanning slots for uni-cast MAC addresses
You'll get this message in case you've used a Unicast MAC address and choose 2 (or more) ports in different slots (chassis or stack).

As MS NLB has 02 operation modes Unicast and Multicast, consider use Multicast to save switch CPU resources:
  • Unicast modes induces switch flooding, where all switch ports are flooded with NLB traffic, even ports to which non-NLB servers are attached. (NOTE: This switch flooding increases BCMRX CPU utilization - and you should avoid that.)
  • Multicast allows inter-host communication because it adds a layer two multicast address to the cluster instead of changing it. This makes inter-host communication possible as the hosts retain their original unique MAC addresses and already have unique dedicated IP address.
    • Configs needed to set MS NLB to run into Multicast should be done directly in MS Servers.
    • Multicast mode will save CPU utilization because there's no flooding - instead of it, packets are sent directly to ports designated to receive that Multicast MAC address traffic.

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255