Nexus 1000v, UCS, and Microsoft NETWORK load balancing

Hi all

I have a client that implements a new Exchange 2010 environment. They have an obligation to configure load balancing for Client Access servers. The environment consists of VMware vShpere running on top of Cisco UCS blades with the Nexus 1000v dvSwitch.

Everything I've read so far indicates that I must do the following:

1 configure MS in Multicast mode load balancing (by selecting the IGMP protocol option).

2. create a static ARP entry for the address of virtual cluster on the router for the subnet of the server.

3. (maybe) configure a static MAC table entry on the router for the subnet of the server.

3. (maybe) to disable the IGMP snooping on the VLAN appropriate in the Nexus 1000v.

My questions are:

1. any person running successfully a similar configuration?

2 are there missing steps in the list above, or I shouldn't do?

3. If I am disabling the snooping IGMP on the Nexus 1000v should I also disable it on the fabric of UCS interconnections and router?

Thanks a lot for your time,.

Aaron

Aaron,

The steps above you are correct, you need steps 1-4 to operate correctly.  Normally people will create a VLAN separate to their interfaces NLB/subnet, to prevent floods mcast uncessisary frameworks within the network.

To answer your questions

(1) I saw multiple clients run this configuration

(2) the steps you are correct

(3) you can't toggle the on UCS IGMP snooping.  It is enabled by default and not a configurable option.  There is no need to change anything within the UCS regarding MS NLB with the above procedure.  FYI - the ability to disable/enable the snooping IGMP on UCS is scheduled for a next version 2.1.



This is the correct method untill the time we have the option of configuring static multicast mac entries on

the Nexus 1000v.  If this is a feature you'd like, please open a TAC case and request for bug CSCtb93725 to be linked to your SR.


This will give more "push" to our develpment team to prioritize this request.


Hopefully some other customers can share their experience.


Regards,

Robert

Tags: Cisco DataCenter

Similar Questions

  • Hi ALL, did any attempt on the virtual computer NETWORK load balancing using HYPERV on UCS blades

    I try to configure the CASE server cluster by using the Unicast NLB on the virtual machine on different blades on the UCS, it works for awhile, then he abandoned packages.

    I heard that this screenplay of unicast is not supported in the UCS when she used END-host mode in the fabric interconnet...? any attempted before.

    Would it, I use the multicast mode is that something needs to be done on the FBI62020 or the LAN switch upstream. ??

    Header note I found on the implementation of UCS for mulitcast NLBL:

    Microsoft NLB can be deployed in 3 modes:

    Unicast

    Multicast

    IGMP multicast

    For series B UCS deployments, we have seen that the multicast and IGMP multicast work.

    IGMP multicast mode seems to be the more reliable deployment mode.

    To do this, the monitoring settings:

    All NLB Microsoft value "Multicast IGMP" nodes.  Important!  Check ths by logging into EACH node independently.  Do not rely on the MMC of NLB snap.

    An IGMP applicant must be present on the VLAN of NLB.  If PIM is enabled on the VIRTUAL LAN that is your interrogator.  UCS cannot function as applicant IGMP.  If an interrogator of functioning is not present, NLB IGMP mode will not work.

    You must have a static ARP entry on cheating it upstream pointing IP address Unicast NLB on the multicast MAC address NETWORK load balancing.  This need will set up, of course, on the VLAN of the NLB VIP. The key is that the routing for the NLB VLAN interface must use this ARP entry as a unicast IP ARP response may not contain a multicast mac address. (Violation of the RFC 1812)  Hosts on the NLB VLAN must also use the static entry.  You may have several entries ARP.  IOS can use a function of 'alias' of ARP. (Google it.)

    How Microsoft NLB works. -The truncated for brevity Mac addresses.

    TOPOLOGY OF NLB MS

    NETWORK VLAN 10 = subnet 10.1.1.0/24 IP load balancing

    VIP = 10.1.1.10 NETWORK LOAD BALANCING

    Arp entry static switch advanced IP 10.1.1.10 upstream to MAC 01

    NLB VIP (MAC 01, IP 10.1.1.10)

    NODE-A (AA, MAC IP:10.1.1.88)

    NŒUD-B (MAC BB, IP:10.1.1.99)

    Using the IGMP snooping and interrogator VLAN snooping table is filled with the mac NLB address and groups pointing to the appropriate L2 ports.

    MS NLB nodes will send the responses of IGMP queries.

    This snooping table could take 30 to 60 seconds to complete.

    Host on VLAN 200 (10.200.1.35) sends traffic to NETWORK VIP (10.1.1.10) load balancing

    It goes of course to VLAN 10 interface that uses the static ARP entry to resolve to address MAC 01 VIP NETWORK load balancing.

    Since it is a multicast frame destination it will be forward by the IGMP snooping table.

    The framework will arrive at ALL NLB nodes. (NŒUD-A & NŒUD-B)

    NLB nodes will use its load balancing algorithm to determine which node will manage the TCP session.

    Only one NLB node will respond to this host with TCP ACK to start the session.

    NOTES

    This works in a VMware with N1k, standard vSwtich and vDS environment. Where surveillance IGMP is not enabled, the framing for VIP MAC NETWORK load balancing will be flooded.

    NLB can only work with TCP-based services.

    As stated previously mapping an IP unicast to a multicast mac address is a violation implied by RFC 1812.

    TROUBLESHOOTING

    Make sure your interrogator is working. Just to clarify that this does not mean that it is actually at work.

    Wireshark lets check that IGMP queries are received by the NLB nodes.

    Make sure that the ARP response works as expected.  Once Wireshark again is your friend.

    Look at the paintings IGMP snooping. Validate the L2 ports appearing as expected.

    CSCtx27555 [Bug-preview for CSCtx27555] Unknown multicast with destination outside the range MAC 01:xx: are deleted. (6200 FI fixed in 2.0.2m)

    IGMP mode not affected.

    CSCtx27555    Unknown multicast with destination outside the range MAC 01:xx: are deleted.

    http://Tools.Cisco.com/support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtx27555

    fixed in 2.0(2m)

    Solution: Change the NLB mode of operation of "Multicast" to "multicast IGMP', which modifies balancing load NETWORK VIP MAC at 0100.5exx.xxx Beach, allows to transfer occur as expected.

    Q: and if I switch to switch mode, which means all of the profile and the settings on the servers are completely exhausted and I need to recreate them. ???

    A:Cisco Unified Computing System Ethernet switching Modes

    http://www.Cisco.com/en/us/solutions/collateral/ns340/ns517/ns224/ns944/whitepaper_c11-701962.html

    -There is no impact on the configuration, you have done service profiles.  they will continue to work as expected.  Mode selector has the FI behave more like a conventional switch.  Most notable is that Spanning tree will be activated and if you have several uplinks yew, tree covering weight will begin to block redundant paths.

    You need to review your topology and what impact tree covering weight.  Generally, we at the switch port upstream defined as "edge master", you want to delete this line.

    For pre-production and laboratory environment, PDI can help qualified with the planning, design and implementation partners.  Given to review the IDP site and open a case if you need more detailed assistance.

  • Network Load Balancing error

    Hello

    I have DC with 192.168.10.2 255.255.255.0 P.DNS 192.168.10.2 & ADC 192.168.10.3 P.DNS 192.168.10.2 255.255.255.0

    When I configure the network load balancing in win2012r2 std I get below error. Please help on this.

    "NLB Manager running on a system with all networks bound to NLB mifht does not work as expected.
    If all interfaces are ser to run NLB in "unicast" mode, Manager NLB will fail to connect to the hosts. »

    Thank you.

    This issue is beyond the scope of this site (for consumers) and to be sure, you get the best (and fastest) reply, we have to ask either on Technet (for IT Pro) or MSDN (for developers)
    *

  • Network Load Balancing

    Hello

    I have some difficulty of implementation, network load balancing in VMware - I'm not sure what mode of load balancing that I use.

    I have an ESXi 5.5 - host connected to a HP Procurve switch I have configured for 2 VLANS (40,41).

    On the switch, I created 2 trunks (Trk10, Trk20) I scored on two VLANs:

    trunk Trk10 trunk 23,47

    24,48 trunk Trk20 trunk

    VLAN 40

    name of "trial".

    untagged 1-22

    Tagged 50, Trk10, Trk20

    no ip address

    output

    VLAN 41

    name "PLC".

    tagless 25-46

    Tagged Trk10, Trk20

    no ip address

    output

    Port 23 and 47 will ESXi-host1 and port 24.48 will ESXi-host2.

    40 of VLAN is to have the network 192.168.40.0/24.

    41 of VLAN is to have the network 192.168.41.0/24.

    I created a virtual switch that has 2 NICs in it, but how do I set the load balancing mode?

    The virtual machine is slow on the internet right now, and I suspect the packets going to the VLAN evil.

    (Time of balancing mode is set to 'Route based on the original virtual port code').

    Kind regards

    Soren

    Let me know if you need more information.

    Could you do a 'show interface memory' and 'show interface' on the HP switch and paste it here?

    I would remove the trunks as I don't see why this is necessary in your configuration...

    Make sure the road based on virtual port ID what origin is selected on vSwitch1 and both exchanges configured (PLC and trial).

    Remove the trunks on the HP switch and tag/UNTAG required VLANS on individual ports that were previously used in these trunks...

    Quick config necessary for HP...

    conf t

    without trunk 23,47 Trk10 trunk

    without trunk Trk10 trunk 24.48

    VLAN 1

    23,24,47,48 not marked

    VLAN 40

    Tagged 23,24,47,48

    VLAN 41

    Tagged 23,24,47,48

    WARNING: You may have a few hickups network when you do...

    What model switch you use...?

    / Rubeck

  • Windows 2008 network load balancing

    I hope someone can help.

    I'm looking to start to test the Windows 2008 network load balancing. This will serve a webfarm. I went through various whitepapers, and forum messages but who have a few more questions:

    1. I get VMWare recommends multicast. Windows 2008 gives you two options, multicast and IGMP multicast. Seeing that I'm not an expert in network management, I'm a little nervous about the switched. Apparently to enable IGMP Snooping on your Cisco switches eliminate this? Is this true, if so you need install your cluster as IGMP Mulicast?

    2 do you need to have dedicated NICs for the NLB cluster, separate vSwitch etc.? If this is not the case, there will be interference with the existing production network?

    3 is a necessary static arp entry on your switch? All switches or just the farm goes where the ESX hosts are connected to?

    Some info would be appreciated.

    1 have not tested, but IGMP snooping is what caused problems before because the switch ports would not join the group correctly, so it is suitable to test whether the OS is ready to send packets.

    2. it is better to use separate vNIC to the virtual IP address of the NLB cluster

    3 static arp would be necessary if the IGMP snooping does not work for the switch ports that will be the virtual machine hosts that are part of the NLB cluster.

    -KjB

  • NETWORK load balancing issues

    Hi all

    It is a strange and I can't really find anything when searching. I just wanted to know if other people have seen this? and if there is a work around?

    OK, the virtual environment that I administer is quiet large and the love windows NLB developers where I prefer f5 or hardware NLB. So it is quiet assign windows NETWORK load balancing clusters in the virtual environment, the issue I encountered is if the critical path for an application passes a cluster nlb to another (so they talk to each other). If a node of each of these clusters is on the same physical host NLB rocking.

    Why?

    well windows NLB when a request is sent to the VIP address all nodes in the cluster must meet before it is executed by one of the nodes, tests that I've found is that if a node of each group is on the same host demand seams to stay internal to the ESX host, as it goes, I know where that IP address is and goes to a single node until that node is waiting for the other nodes of the cluster in order to recognize the request but they never get it the whole thing stopped and happens to expire and the performed by the team of network packet capture won't let even the host he sews.

    OK, a few rules affinity could solve this but I'm talking about 8 knots, talking to a node 4 cluster which then in turn talk to another cluster of 4 knots and im talking about another 50 like that until the point where DRS. can not move whatever it is as well that the rules are a nightmare administrave especially since only 2 machines can be in a rule.

    All hosts running ESX 4 Update 1 and running on HP blades, unfortunately we run on unicast mode, due to the size of the environment networks don't want to or can't add all switches/routers arp entries. It is configured as recommended by using unicast.

    I can reproduce this problem every time still in test. would it be because of the unicast? I don't see how.

    I would add also that it should not be 2 nlb cluster, if a server client attempts to hit the VIP of a windows NETWORK load balancing cluster and it is on the same host as one of the nodes it will expire as a single node gets applications. F5 NLB works perfectly, and when they are on hosts separate windows THAT NLB works very well also.

    Just came across this because the jobs would come about the application does not, by trying to hit the vip on the correct port for the requesting server, it wouldn't connect and the support guys would vmotion a knot and it would usually fix the issue, and if it does not pass all the nodes on the same esx host and it would work every time (I know (, but until the full time vmware resources came on board as me not doubtful we had the time to really watch)

    any ideas or comments would be great hope I have explianed the question clearly enough

    See you soon

    See: http://www.vmware.com/files/pdf/implmenting_ms_network_load_balancing.pdf

    You must use the multicast.

    André

  • Windows Server 2008 R2 Network Load Balance question

    Hello

    I got my hooked VMs when a network load balancing in Windows Server 2008 R2 clustering.

    This only happens for Windows Server 2008 R2, Windows Server 2008 with SP2 is OK.

    And I use VMware ESXi 4, I don't know if this has been addressed in ESXi 4 U1.

    Can someone give some advice?

    Thank you very much

    I would try the update 1 - it correctly supports Windows 2008 R2 x 64, where like esxi4 don't...

  • Windows 2003 R2 SP2 Enterprise 64-bit NETWORK load balancing

    Hi guys,.

    I try to get two virtual machines on the same host to the NETWORK load balancing. Each of them has 2 vNIC. I create the NLB cluster on the first node, but for the life of me when I try to add the second host in the cluster, the private network card which is supposed to be the NLB nic is not listed, but the public's. It's my setup.

    Cluster configuration:

    Cluster name: ews.contoso.local

    The cluster IP address: 192.168.0.56/24

    Host name: EX2K7 - 01.contoso.local

    Name of the NETWORK card: private

    IP address: 192.168.0.57/24

    Front door: no

    Name of the NETWORK card: Public

    IP address: 192.168.0.58/24

    Gateway: 192.168.0.1

    Host name: EX2K7 - 02.contoso.local

    Name of the NETWORK card: private

    IP address: 192.168.0.59/24

    Front door: no

    Name of the NETWORK card: Public

    IP address: 192.168.0.60/24

    Gateway: 192.168.0.1

    I am trying to create a test environment for Exchange 2007, as described here (http://www.msexchange.org/articles_tutorials/exchange-server-2007/high-availability-recovery/load-balancing-exchange-2007-client-access-servers-windows-network-technology-part2.html). For now, I'm going to rebuild my servers instead of using the deployment of the model in the VC and NewSID. Any help is very appreciated. Hope this fixes it but just in case, any input is more than welcome. Thank you.

    Just as an info... it's what I've done up to now (http://forums.msexchange.org/m_1800499325/mpage_1/key_/tm.htm#1800499367). Thank you.

    I managed to build configs W2K3 NLB before leaving a model using a customization specification (i.e. sysprep) before. We have different bits sysprep on our VC server and have a specification of personalization set for a W2K3 64-bit server. So my sequence was

    1. Deploy the new virtual machine for the model, using specifications of customization for W2K3 64 bit

    2. Let VM boot and full customization technical room (i.e. the sysprep let run)

    3. Power off the virtual machine, add 2nd NIC (our default model has only 1 NETWORK card; do not try to add another card NETWORK during the deployment step because it has a bug which prevents work properly)

    4. Power on VM, join to the domain

    5. Repeat steps 1 to 4 for 2nd VM

    6. Install and configure NLB in multicast mode

  • On windows 2008 hyperV Server NETWORK load balancing

    I have IBM Blade servers there team switches running Windows server on HyperV, when I try to configure the NETWORK load on the servers of 2008r2 balancing two Windows LB is not workingworkig?

    Hello

    The question you have posted is related to professional level support. Please visit the link below to find a community that will support what ask you:

    http://social.technet.Microsoft.com/forums/en-us/category/WindowsServer

  • Network load balancing ibm hs22 esxi 5

    Hello everyone, I have a HS22 blade connected to a bladecenter H with ethernet 2 e/s switching modules. So my HS22 has 2 nic and each blade is connected to the switch diferent on the center of the blade. I want to configure nic teaming on me HS22 Server ESXi 5. the load balancing mode I configured the default option on the ESXi. I would like to ask if I need to connect two ethernet io modules switching to a single external switch, or it's better to connect them to 2 diferent switches and maybe configure the VLAN same on ports of all swithces?

    It depends on the level of redundancy you want for your network. There should be no problem with 2 switches if they are properly configured.

  • Api ViSDk fails when behind a network load balancer

    Hello world

    I have an application that uses the VI SDK to find the Virtual Infrastructure of periphery. This application is originally a network configuration of the load balancer.

    Having this kind of configuration ntwork affects the SDK API, of VI. The funny problem are all the virtual machine but there is a problem with getting the host systems.

    Can we do anything to make it work without changing the configuration of the network?

    Any help related to this is appreciated

    Thank you

    Tejas

    Yes. See: http://pubs.vmware.com/vi-sdk/visdk250/ReferenceGuide/vim.SessionManager.html#sessionIsActive

    Steve JIN, VMware engineering

    Creator of VMware Infrastructure Java API: http://vijava.sf.net/

    VI Java API 2.0 - 15 times faster than the AXIS of loading, 4 + faster in deserialization; only 1/4 of the size required by AXIS. More importantly the freedom to redistribute your applications.

    Download, samples, DocWiki, RSS feeds

  • UCS and storage network

    I am using iSCSI with the software iSCSI adapter in ESXi as well as of the UCS and use binding to ports to bind each vmkernel iSCSI port to a specific vmnic and I use 2 vmnic.  Must I also within the UCS links each vmnic so that vmnic1 traffic to cross a 1 interconnection fabric and the movement of vmnic2 fabric crossbar Interconnect 2?

    Must I also within the UCS links each vmnic so that vmnic1 traffic to cross a 1 interconnection fabric and the movement of vmnic2 fabric crossbar Interconnect 2?

    A vEth can only come out in a unique fabric of interconnection - it's decided when you take the fabric (A or B) for the vNIC. There is no additional connection to perform.

  • Design of Nexus 1000v - COS and vCenter

    Hello everyone. First foray into the 1000V, so hoping someone can give an opinion as to whether my thoughts for the design of high level are on the right track?

    • Host servers have 4 Gb x 10 and 2 x 1 GB ports

    • ESXi 4.1, Enterprise Plus and 1000v a license for every host

    • We will use the devices 1010 need, so no VSM modules

    • 10 GB ports will be allocated to the 1000v vDS

      • Portprofiles created for vMotion and all required VLANS VM

      • No requirement for IP storage

    • The ports of 1 GB on a standard vSwitch for VMkernel Port Management

      • The thinking is that if the vCenter disconnects we can manage the vDS (I suppose that this nature applies to the 1000 v as the VMware vDS?), so it is best to have hosts on a network that we can always access and change if necessary

      • 1010 devices are going to sit on this network (or be routable to/from it)

    • vCenter will be installed on a physical server

      • No Heartbeat vCenter, so only one instance running

      • Because of the dependence vCenter to 1000v port configuration, is probably a good idea to vCenter, such as a computer virtual connected to a port vDS for its virtual machine traffic?

      • The physical vCenter will have connectivity to the management on every host and devices 1010 VMkernel port

      • As an alternative, I guess we could put a VM port on the connections of 1 GB for vCenter, but who was going to start complicating the design and management


        What is everything is OK good, or is it too conservative? Should we watch it again add 1 GB ports in links rising 1000v and with the VMkernel management as on a separate port profile and containing a virtualized vCenter (which is what I normally would use for new deployments).

        Thanks in advance for any comments,

        Steve

        Hi Steve,.

        Disclaimer clause - I work for Cisco and I consolidated pro network

        There was a lot of similar questions already posted on the Cisco 1000v community.   There are a lot of similar questions and suggestions already available: https://www.myciscocommunity.com/community/products/nexus1000v?view=discussions

        Here's a recent post similar to yours.

        https://www.myciscocommunity.com/thread/17624?TSTART=0

        Regarding some of your design considerations, many of them come down to your level of comfort & expertise.  With vCenter as a physical host allows you to keep out of your virtual environment, but you will lose the advatanges of the best use of the host and VMotion resources that make the host maintenance & limited downtime.  With the vCenter as a virtual machine and running on the DVS, you'd probably the service profile, the VC is assigned to a vlan "system".  This will ensure that your VC network connectivity is ALWAYS transmitted, even if the VSMs are offline and VEM accommodation the VC is reset.  This added protection removes much of the risk of the VC running on the DVS it manages.

        Regarding your VSM availability, if the two 1010 are falling, yes you are not able to make changes of configuration on the VSM.  Once active & well configured, there shouldn't be many situations when the two VSMs are offline and you have an urgent need for an immediate configuration change.  VEM guests can survive very well in mode without head (no present VSM) assuming that they are not restart before finding the VSM.   Additional protection for important virtual connections for the management, storage and control IP traffic include the use of "system VLAN" as stated above.

        With each adapter used comes additional management and the need for additional upstream switch ports.  With 4 x 10 G of each host cards I would find it difficult to justify also connections of 1 G of utilzing, except if you opt for an "out of band" connections for your management on a vSwitch interfaces.  If you are comfortable with the performance of all your virtual interfaces including management & VMotion on the DVS you can better pool your resources, but using only your adapters 10 G uplinks.  By running all about the 1000v, you can easily apply QoS & limit the use of bandwidth by Port profiles - news just released version 1.4 of 1000v is incredibly easy to set up.  Certainly worth a visit.  See my post here for some of the new features in the 1000v: https://www.myciscocommunity.com/thread/17120?tstart=0

        I hope this helps.

        Kind regards

        Robert

      • In Lab Manager NETWORK load balancing

        Hello

        I am trying to configure windows NLB on two or three windows 2008 machines in Lab Manager and I have problems. The IP Address of the cluster is not to pings to all other machines in the same configuration. I ping the IP cluster of the node itself. Haven't tried multicast and unicast not to no luck.

        How can I get this to work?

        Thank you

        NLB is not supported within a Lab Manager configuration.

        In addition, Lab Manager does not support Multicast in closed configurations.

        Kind regards

        Jonathan

        B.SC., RHCT, VMware vExpert 2009

        NOTE: If your question or problem has been resolved, please mark this thread as answered and awarded points accordingly.

      • How to check and confirm the Nexus 1000V secondary work if primary goes off

        Hello

        I installed Nexus 1000V Primarry and secondary on different ESXis

        but I have to turn off the primary, how to ensure that the school will be in charge and usually have any disconnection

        the module displays them and seem to be ok

        any other checks to do before continuing?

        Thank you

        Use "show system redundancy status. You can also manually failover

        http://www.Cisco.com/en/us/docs/switches/Datacenter/nexus1000/SW/4_2_1_s_v_1_4/high_availability/configuration/guide/n1000v_ha_3system.html

        The output from the example:

        n1000v# show system redundancy status


        Redundancy role
---------------
administrative: primary
operational: primary

        Redundancy mode
        ---------------
        administrative: HA
        operational: HA

        This supervisor (sup-1)
-----------------------
Redundancy state: Active
Supervisor state: Active
Internal state: Active with HA standby

        Another supervisor (sup-2)

        ------------------------
Redundancy state: Standby
Supervisor state: HA standby
Internal state: HA standby

      Maybe you are looking for

      • Windows 8 - FF 28 does not have web pages correctly

        I just got a new laptop (ASUS R751L) running Windows 8 and 28 of Firefox, but most of the web pages are not displayed correctly. It is a serious problem for me because I am developing a Web site. Basically, the problems are the following: CSS rules -

      • After downloading firefox Betaicone will not mount on Mac ibook G4

        Downloaded firefox beta and the icon doesn't mount not so it will not install if I should try another version

      • RD350 and second processor

        I plan to buy a 6 70 RD350 (70D60001EA)Finally, I'll add a second processor (4XG0F28846) I noticed that 1 cpu RD350 have 2 less fans compared to 2 cpu ones (6 vs 4) The 2nd cpu kit comes with missing fans? So far, I was unable to get any P/N for the

      • 15n-209tx Pavilion: dotted white line horizental on screen

        Dear Sir I have the hp pavilion 15 laptop -n209tx ,. Suddenly, small horizontal white dotted lines just left side of screens... what caused this, really still another year warranty...

      • Microsoft Office Edition 2003 Setup: Error 1311

        I am trying to reinstall Microsoft Office Student and teacher edition 2003 after a complete, non-destructive recovery on my PC.  I run on Windows XP.  I'm getting "Error 1311, file not found Source: E:\ etc..." Check that the file exists and that you