- Posts: 1390
- Thank you received: 0
Windows Load Balancing and Cisco Switches
17 years 10 months ago #19166
by Smurf
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Windows Load Balancing and Cisco Switches was created by Smurf
Hi peeps,
Just wondering if anyone has implemented WLB on Cisco Switches ? We tried to set this up a while back and ended up with Broadcast Storms which took our some of our older routers due to the amount of traffic hitting the Ethernet (10Mb Half Duplex) interfaces.
I would like to give this another go. I beleive that the issue is with the Windows Loadbalancing using Multicast mode which causes the switch not to learn the Multicast Mac address for the virtual interface and therefore floods the traffic to each port because it doesn't know where to go.
There must be a way around this. I thought about manually adding the MAC address to each port in the WLB however there must be an easier way to do this since its pretty basic functionality.
I read that IGMP Snooping would sort this however i beleive the Cisco 3750G switch has this enabled by default, also we are not registering the multicast address anywhere, we are just utilising a multicast MAC address for the WLB function.
Any help would be appreciated.
Regards
Wayne
Just wondering if anyone has implemented WLB on Cisco Switches ? We tried to set this up a while back and ended up with Broadcast Storms which took our some of our older routers due to the amount of traffic hitting the Ethernet (10Mb Half Duplex) interfaces.
I would like to give this another go. I beleive that the issue is with the Windows Loadbalancing using Multicast mode which causes the switch not to learn the Multicast Mac address for the virtual interface and therefore floods the traffic to each port because it doesn't know where to go.
There must be a way around this. I thought about manually adding the MAC address to each port in the WLB however there must be an easier way to do this since its pretty basic functionality.
I read that IGMP Snooping would sort this however i beleive the Cisco 3750G switch has this enabled by default, also we are not registering the multicast address anywhere, we are just utilising a multicast MAC address for the WLB function.
Any help would be appreciated.
Regards
Wayne
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
17 years 10 months ago #19180
by Smurf
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Replied by Smurf on topic Re: Windows Load Balancing and Cisco Switches
Righty, got to the bottom of what goes on here;
When Windows Load Balancing is enabled, Microsoft NLB sends outbound traffic using a MAC Address different to the MAC Address that it uses in response to ARP queries. For this reason, the switch never learns the MAC address that is sent to clients and therefore when clients talk to the NLB Virtual Address, it uses the MAC returned in the ARP which the switches doesn't know about.
The switch will then broadcast the traffic to all ports on the router because the CAM has no mapping to the switch ports that its attached to.
This will therefore create a broadcast storm within that segment which isn't good.
The way i have had to get around this is by statitically assigning the virtual mac address that is sent out in the ARP reply to each port on the switch. THis is done by the following;
[code:1]mac-address-table static [mac-address] vlan [vlan-id] interface [interface] [/code:1]
N.B. This is if you are using WNLB in Unicast Mode. You can change to Multicast Mode which i beleive gets around some of these issues but i have not tested this.
Cheers
When Windows Load Balancing is enabled, Microsoft NLB sends outbound traffic using a MAC Address different to the MAC Address that it uses in response to ARP queries. For this reason, the switch never learns the MAC address that is sent to clients and therefore when clients talk to the NLB Virtual Address, it uses the MAC returned in the ARP which the switches doesn't know about.
The switch will then broadcast the traffic to all ports on the router because the CAM has no mapping to the switch ports that its attached to.
This will therefore create a broadcast storm within that segment which isn't good.
The way i have had to get around this is by statitically assigning the virtual mac address that is sent out in the ARP reply to each port on the switch. THis is done by the following;
[code:1]mac-address-table static [mac-address] vlan [vlan-id] interface [interface] [/code:1]
N.B. This is if you are using WNLB in Unicast Mode. You can change to Multicast Mode which i beleive gets around some of these issues but i have not tested this.
Cheers
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Time to create page: 0.112 seconds