Posted  by 

Microsoft Nlb Mac Address

Introduction

This document describes how to configure the Cisco Catalyst switches in order to interact with Microsoft Network Load Balancing (NLB).

Prerequisites

When using a Microsoft NLB (Network Load Balancing Manager) Cluster behind a Palo Alto Networks device, it is often necessary to add a static ARP entry for the MAC address of the clusters. 2012-5-15  Whilst studying for a MS exam and reading up on NLB clustering I came across the following statement about unicast mode in an NLB cluster with one nic: The MAC address created for the virtual network adapter is shared among the participants within the cluster. On single-homed servers (servers. When running Microsoft Network.

Requirements

There are no specific requirements for this document.

Components Used

The information in this document is based on these software and hardware versions:

  • Cisco Catalyst 6500 Series switches with Supervisor Engine 2T (Sup2T) that run Cisco IOS Software Version 15.1(1)SY1
  • Cisco Catalyst 4948 Series switches that run Cisco IOS Software Version 15.0(2)SG7
  • Microsoft Windows Servers

Note: Consult the appropriate configuration guide for the commands that are used in order to enable these features on other Cisco platforms.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Background Information

The NLB technology can be used in order to distribute client requests across a set of servers. In order to ensure that clients always experience acceptable performance levels, Microsoft Windows NLB provides the ability to add additional servers so that you can scale out stateless applications, such as IIS-based web servers, as client load increases. In addition, it reduces downtime that is caused by servers that malfunction.

Microsoft Windows NLB is a clustering technology that is offered as a part of all Windows 2000 Server and Windows 2003 Server family operating systems. It provides a single virtual IP address for all clients as the destination IP address for the entire cluster.

You can configure NLB to work in one of these three modes:

  • Unicast mode
  • Multicast mode
  • Internet Group Management Protocol (IGMP) mode

Unicast Mode

Here are some notes about the use of NLB in Unicast mode:

  • In Unicast mode, NLB replaces the actual Media Access Control (MAC) address of each server in the cluster with a common NLB MAC address. When all of the servers in the cluster have the same MAC address, all of the packets that are forwarded to that address are sent to all of the members in the cluster. The NLB creates a fictitious MAC address and assigns it to each server in the NLB cluster. The NLB assigns each NLB server a different fictitious MAC address, based on the host ID of the member. This address appears in the Ethernet frame header.
  • The MAC address is used in the Address Resolution Protocol (ARP) header, not the Ethernet header. The switch uses the MAC address in the Ethernet header, not the ARP header. This causes an issue when a packet is sent to the NLB cluster with the destination MAC address as the cluster MAC address 00-bf-ac-10-00-01. The switch views the Content Addressable Memory (CAM) table for the MAC address 00-bf-ac-10-00-01, and since there is no port registered with the NLB cluster MAC address 00-bf-ac-10-00-01, the frame is delivered to all of the switch ports. This introduces unicast flooding. In order to avoid flooding, Cisco recommends that you use a dedicated VLAN for NLB so that the flooding is constrained.

Multicast Mode

Here are some notes about the use of NLB in Multicast mode:

  • In Multicast mode, the system administrator clicks the Multicast button in the Microsoft NLB configuration GUI. This choice instructs the cluster members to respond to the ARPs for their virtual address with the use of a multicast MAC address, such as 0300.5e01.0101.
  • The ARP process does not complete for multicast MAC addresses (this breaks RFC 1812). A static MAC address is required in order to reach the cluster outside of the local subnet.
  • The virtual IP address is 10.100.1.99 and the multicast MAC address is 0300.5e01.0101. Enter this command in order to populate the ARP table statically:

  • Since the inbound packets have a unicast destination IP address and a multicast destination MAC address, the Cisco device ignores this entry and the unicast floods each cluster-bound packet. In order to avoid this flooding, insert a static mac-address-table entry in order to switch the cluster-bound packets in the hardware:

Note: When you statically map a MAC address to multiple ports, it is only supported by the software on the Cisco Catalyst 4500 Series switch. Also, the use of this configuration on the Catalyst 4500 Series switch might cause high CPU. In order to avoid this problem, you can isolate the NLB to a specific VLAN, add only the static ARP entries, and allow flooding on that VLAN.

IGMP Mode

Here are some notes about the use of NLB in IGMP mode:

  • The use of NLB in IGMP mode requires the least amount of manual configuration. The virtual MAC address falls within the Internet Assigned Numbers Authority (IANA) range and starts with 0100.5exx.xxxx. Since the MAC address now conforms to IANA specifications, the Cisco switches can dynamically program the MAC address with the use of IGMP snooping. This removes the need to manually program the MAC address to the port maps that are required in Multicast mode in order to prevent flooding to the VLAN.
  • The IGMP snooping programs the virtual MAC address for you once the switch receives a membership report from a member in the cluster. An Mrouter port must also be programmed for the NLB VLAN with the use of either Protocol Independent Multicast (PIM) or the IGMP querier feature.
  • Since the virtual IP address uses a multicast MAC address, it is unreachable outside of the local subnet. In order to address this, you must configure a static ARP entry on each device with a Layer 3 (L3) interface in the cluster VLAN. Complete this in the same fashion as with Multicast mode. For example, if the virtual IP address is 10.100.1.99 and the multicast MAC address is 0100.5e01.0101, use this command in order to populate the ARP table statically:

Caveats

Here are important notes to keep in mind when you use NLB in IGMP mode:

  • As tracked in Cisco bug ID CSCsw72680, you cannot use PIM on the NLB VLAN Switch Virtual Interface (SVI) with certain versions of code. View the bug details for the code releases that address this issue or use the IGMP snooping querier feature.
  • As tracked in Cisco bug IDCSCsy62709, packets are duplicated for all of the traffic that is routed to the NLB servers in IGMP mode. View the bug details for the affected code versions.
  • Due to a hardware limitation that is tracked by Cisco bug ID CSCug49149, the NLB traffic cannot be sent across a distributed Etherchannel on the same 6708 linecard when the switch runs in either PFC3B or PFC3C mode. The port-channel must be cabled so that all of the member links are on the same forwarding engine.

Configure

This section describes how to configure NLB for the Cisco Catalyst 6500 and 4948 Series platforms that run in Multicast or IGMP mode.

Network Diagram

Configuration for Multicast Mode

This section describes how to configure NLB for the Cisco Catalyst 6500 and 4948 Series platforms that run in Multicast mode:

Here are some important notes about this configuration:

Mac microsoft office dark mode. Microsoft Office product manager Akshay Bakshi revealed the new option on Twitter this week, hinting that Office testers will get access to this as soon as next week.

Multicast
  • The interface Vlan100 ip address value configures the user VLAN.
  • The interface Vlan200 ip address value configures the NLB cluster VLAN. It is important that you configure the default gateway of the Microsoft Server to this address.
  • The arp 10.100.1.88 0300.5e01.0101 ARPA includes all of the L3 interfaces in the VLAN and is the virtual IP address of the NLB cluster servers.
  • The mac address-table static 0300.5e01.0101 vlan 200 interface creates a static MAC entry to port mapping in the switch for the multicast virtual MAC address.

Note: Ensure that you use Multicast mode on the NLB cluster. Cisco recommends that you do not use multicast MAC addresses that begin with 01 because they are known to have a conflict with the IGMP setup.

Note: The mac address-table static 0300.5e01.0101 vlan 200 interface creates a static entry in the switch for the multicast virtual MAC address. It is important to remember that all of the trunk interfaces that carry NLB traffic between the switches must be added. Once a static MAC address is defined, flooding is constrained. If you forget to include an interface, the NLB cluster breaks.

Configuration for IGMP Mode

Microsoft Nlb Change Mac Address

Mac address lookup

This section describes how to configure NLB for the Cisco Catalyst 6500 and 4948 Series platforms that run in IGMP mode:

Here are some important notes about this configuration:

  • The ip igmp snooping querier enables the snooping querier feature.
  • The ip igmp snooping querier address 10.200.1.1 configures the snooping querier for the NLB VLAN.
  • The user VLAN is interface Vlan100.
  • The NLB cluster VLAN is interface Vlan200. It is important that you configure the default gateway of the Microsoft Server to this address (ip address 10.200.1.1 255.255.255.0).
  • The arp 10.100.1.99 0100.5e01.0101 ARPA is the virtual IP address of the NLB cluster servers. The static ARP must be on all of the L3 interfaces in the VLAN.

Note: There is no need to configure static entries, as IGMP snooping does this dynamically in this mode. Also, no special configuration for this mode is required on the downstream Layer 2 (L2) switches.

Verify

Use this section to confirm that your configuration works properly.

Note: The Output Interpreter Tool (registered customers only) (OIT) supports certain show commands. Use the OIT to view an analysis of show command output.

Multicast Mode Verification

Enter the show ip arp command in order to view the ARP cache:

Enter the show mac address-table static command in order to view a specific MAC address table static and dynamic entry or the MAC address table static and dynamic entries on a specific interface or VLAN:

IGMP Mode Verification

Enter the show ip arp command in order to view the ARP cache:

Enter the show ip igmp snooping mrouter in order to view the Mrouter port that is programmed by the queries received from the upstream snooping querier:

Enter the show mac address-table multicast igmp-snooping in order to view the dynamically-added MAC address that is learned from IGMP snooping and the member ports:

Enter the show ip igmp snooping groups in order to view the port list of cluster members that joined the multicast group: Mac to mac remote access.

Troubleshoot

There is currently no specific troubleshooting information available for this configuration.

Contents

Introduction

This document describes how to configure Microsoft Network Load Balancing (NLB) on Nexus 7000.

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

The information in this document is based on Cisco NX-OS Software, Release 5.2(x) or later.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Configure

Note: Use the Command Lookup Tool (registered customers only) in order to obtain more information on the commands used in this section.

Overview of NLB

Network Load Balancing (NLB) technology is used to distribute client requests across a set of servers.

There are three primary modes of NLB: unicast, multicast, and Internet Group Management Protocol (IGMP) multicast:

  • Unicast mode assigns the cluster a virtual IP and virtual MAC address. This method relies on unknown unicast flooding. Because the virtual MAC address is not learned on any switchports, traffic destined to the virtual MAC address is flooded within the VLAN. This means that all clustered servers receive traffic destined to the virtual MAC address. One downside to this method is that all devices in the VLAN receive this traffic. The only way to mitigate this behavior is to limit the NLB VLAN to only the NLB server interfaces in order to avoid flooding to interfaces that should receive the traffic.
  • Multicast mode assigns a unicast IP address to a non-Internet Assigned Numbers Authority (IANA) multicast MAC address (03xx.xxxx.xxxx). IGMP snooping does not dynamically program this address, which results in flooding of the NLB traffic in the VLAN. Refer to Option 2A for an example of how to configure for this mode.
  • IGMP multicastmode assigns the cluster a virtual unicast IP address and a virtual multicast MAC address within the IANA range (01:00:5E:XX:XX:XX). The clustered servers send IGMP joins for the configured multicast group, and thus the switch dynamically populates its IGMP snooping table to point towards the clustered servers, which prevents unicast flooding. Refer to Option 1, Option 1A, and Option 2 for examples of how to configure for this mode.

This document covers how to configure Nexus 7000 series switches for multicast and IGMP multicast mode NLB. As previously referenced, multicast NLB requires that you have a unicast IP address mapped to a multicast MAC address. If you have a Catalyst switch, you can follow the configuration in Catalyst Switches for Microsoft Network Load Balancing Configuration Example. The Nexus 7000 follows the same concept, but the configurations are different.

The Nexus 7000 needs to be able to run Release 5.2(x) or later in order to perform these configurations:

  • In NX-OS Release 4.2 and later, you can map a static Address Resolution Protocol (ARP) multicast MAC address to a unicast IP address, but the traffic to that IP address floods the VLAN.
  • In NX-OS Release 5.2 and later, you can configure the system to constrain these packets to only those interfaces that require them. You can use several methods to configure the system, each with pros and cons.

Note: Release 6.2(2) or later is required for unicast mode NLB to exist at multiple sites across an Overlay Transport Virtualization (OTV) overlay. See the Unicast Mode NLB and OTV Configuration Consideration section for further information.

Option 1: Static ARP + MAC-based L2 Multicast Lookups + Dynamic Joins

  1. Configure a static ARP entry that maps the unicast IP address to a multicast MAC address in the IP address multicast range on a Protocol Independent Multicast (PIM)-enabled interface:
  2. Enable MAC-based Layer 2 multicast lookups in the VLAN (by default, multicast lookups are based on the destination multicast IP address):

    You must use MAC-based lookups in VLANs where you want to constrain IP unicast packets with multicast MAC addresses.

    When hosts (load balancing [LB] servers or firewalls) join an IP address multicast group that corresponds to the MAC address of the ARP entry, the system installs a snooping entry that constrains traffic destined to that group's MAC address to only those ports where a join was received.

Pros of Option 1: allows servers/firewalls to dynamically join/leave the corresponding group; enables/disables reception of the target traffic (for example, maintenance mode).

Cons of Option 1: constraint can only occur if at least one server/firewall is joined to the group address; if the last device leaves the group, the traffic floods to all ports in the VLAN.

Option 1A: Static ARP + MAC-based L2 Multicast Lookups + Dynamic Joins with IGMP Snooping Querier

  1. Configure a static ARP entry like in Option 1, but do not enable PIM on the switch virtual interface (SVI):
  2. Enable MAC-based Layer 2 multicast lookups in the VLAN, and enable the Internet Group Management Protocol (IGMP) snooping querier:

Pros of Option 1A: does not require PIM-enabled SVI. Otherwise, the pros are the same as in Option 1.

Cons of Option 1A: same as in Option 1.

Option 2: Static ARP + MAC-based L2 Multicast Lookups + Static Joins + IP Multicast MAC

  1. In this option, you again configure a static ARP entry that maps the unicast IP address to a multicast MAC address in the IP address multicast range:
  2. Enable MAC-based Layer 2 multicast lookups in the VLAN (by default, multicast lookups are based on the destination multicast IP address):

    You must use MAC-based lookups in VLANs where you want to constrain IP address unicast packets with multicast MAC addresses.

  3. Configure static IGMP snooping group entries for the interfaces connected to the NLB server that needs the traffic:

Pros of Option 2: does not require a PIM-enabled SVI or the IGMP snooping querier.

Cons of Option 2: constraint can only occur if at least one server/firewall port is in the UP state (link up); if none of the ports in the static-group interface set is UP, the traffic floods to all ports in the VLAN. If servers/firewalls move, the administrator must update the static-group configuration.

Option 2A: Static ARP + MAC-based L2 Multicast Lookups + Static Joins + Non-IP Multicast MAC

  1. Configure a static ARP entry that maps the unicast IP address to a multicast MAC address, but this time in the non-IP address multicast range:
  2. Enable MAC-based Layer 2 multicast lookups in the VLAN (by default, multicast lookups are based on the destination multicast IP address):

    You must use MAC-based lookups in VLANs where you want to constrain IP address unicast packets with multicast MAC addresses.

  3. Configure static MAC address-table entries that point to the interfaces connected to the NLB server and any redundant interface:

Note: A static MAC entry should be applied on any device that shares the NLB VLAN that points to the server and redundant links. The specific configuration varies for each platform.

Pros of Option 2A: does not require a PIM-enabled SVI or the IGMP snooping querier; works with non-IP multicast applications (custom applications).

Cons of Option 2A: constraint can only occur if at least one server/firewall port is in the UP state (link up); if none of the ports in the interface set is UP, the traffic floods to all ports in the VLAN. If servers/firewalls move, the administrator must update the static multicast MAC table configuration.

Unicast Mode NLB and OTV Configuration Considerations

Note: Multicast and IGMP multicast mode are treated as broadcasts over the OTV overlay. They work across OTV without additional configuration.

OTV allows the advertising of MAC addresses between the OTV edge devices, as well as the mapping of MAC address destinations to IP next hops that are reachable through the network transport. The consequence is that the OTV edge device starts to behave like a router instead of a Layer 2 bridge, because it forwards Layer 2 traffic across the overlay if it has previously received information on how to reach that remote MAC destination.

When the OTV edge device receives a frame destined to a MAC across the overlay, by default it performs a Layer 2 lookup in the MAC table. Because it does not have information for the MAC, the traffic is flooded out the internal interfaces (because they behave as regular Ethernet interfaces) but not via the overlay.

In releases earlier than 6.2(2), unicast mode NLB only works if the servers are on a single side of the OTV overlay. The OTV VDC at the site that these servers is placed is configured in this manner:

In Release 6.2(2) and later, unicast mode NLB servers can exist on both sides of the OTV overlay. This is done through use of the selective unicast flood command on the OTV VDCs at all sites where the server exists:

Note: When you use NLB for an OTV extended VLAN, you must disable ARP ND cache 'no otv suppress-arp-nd' on the Overlay.

Caveats

There are a few caveats related to NLB on the Nexus 7000:

  • Cisco Bug ID CSCtw73595: IGMP mode floods routed traffic on M1 and M2 modules. This is a hardware limitation.
  • Cisco Bug ID CSCtv00148: Multicast mode floods routed traffic. This issue is fixed in Releases 5.2(3a), 6.0(2), and later.

Supported Platforms

Mac Address Example

This document was written specifically for the Nexus 7000. However, only these NX-OS platforms currently have support for NLB:

  • Nexus 7000
  • Nexus 6000
  • Nexus 5000
  • Nexus 9500 (unicast only; see Cisco Bug ID CSCup90853)

Here is some additional information in regards to NLB support:

  • Support for NLB on the 3548 Series platform is tracked by Cisco Bug ID CSCup43205.
  • Support for NLB on the 30xx and 31xx Series platforms is tracked by Cisco Bug IDs CSCup92860 and CSCui82585.
  • Support for NLB on the Nexus 9300/9500 Series platforms is tracked by Cisco Bug IDs CSCuq14783and CSCuq03168.

Verify

Note: The Output Interpreter Tool (registered customers only) supports certain show commands. Use the Output Interpreter Tool in order to view an analysis of show command output.

Static ARP can be verified with this command:

IGMP snooping entries can be verified with this command:

Static MAC address table entries can be verified with this command:

Microsoft Nlb Mac Address 2017

Troubleshoot

Microsoft Nlb Cluster Mac Address

There is currently no specific troubleshooting information available for this configuration.