Aarrgghh!!

Windows 2008 NLB with 2 NICs

I ran into a problem with our standard configuration for web servers, and couldn't find the real solution documented anywhere, so here it does.

We run our ColdFusion servers on dual node Windows Network Load Balancing (NLB) servers running in IGMP multicast mode. We run it on machines with two network cards. The cluster address is on one NIC and the nodes answer on another. It's the configuration we've come to like after years of working with NLB and port flooding and other anomalies.

I'm installing a new production NLB cluster for Knowledge@Wharton. To future proof it, and avoid upgrades down the road, I'm going with ColdFusion 8 64 bit on Windows 2008 64 bit. I ran through the configuration steps that I always take setting up an NLB cluster, and it worked… sort of. See the cluster address answered if you called it from another host on the subnet that the cluster was installed on. However, if you were off subnet it didn't answer. This is suboptimal for a web server.

I worked with our networking team, and they figured out (from this post: http://social.technet.microsoft.com/Forums/en-US/winserverClustering/thread/0afdb0fc-2adf-4864-b164-87e24451f875/ ) that if you added a gateway to the cluster NIC, it would work. This is counter to the way NLB has worked before, and generally not best practice. So we opened a support case with Microsoft. After a few tries, I finally got an engineer that was an expert on NLB in 2008, he had the exact cause and solution for this problem: by default IP Forwarding is not enable in Windows 2008. This is the feature of Windows networking that, in the context of NLB, allows responses to requests sent to one NIC to be routed out the other. It's fixed by using one specific command line option.

(Make sure you are using a command prompt with administrative privlidges)

netsh interface ipv4 set int "[name of the NIC]" forwarding=enabled

That's it.


October 29, 2008 Posted by Terrence Ryan at 1:19 PM

ColdFusion, Running a ColdFusion Shop, Web Development,



Comments

Great post. Thanx a lot. Didn't quite work for me :-) The packets are being forwarded, but the 2 nics are on different subnets and the gateway rejects the reply because it comes with the IP of the original NIC.

src=[user ip], dest=[wan ip], port-src=4568, port-dest=80, action=forward to 192.168.2.5 (to NLB IP by NAT rule) src=[192.168.2.5], dest=[192.168.1.1], port-src=80, port-dest=4568, action=drop (diff. subnet)

I wonder if you had the same problem.


Posted by: max at January 2, 2009 6:41 PM

Great post. Thanx a lot. Didn't quite work for me :-) The packets are being forwarded, but the 2 nics are on different subnets and the gateway rejects the reply because it comes with the IP of the original NIC.

src=[user ip], dest=[wan ip], port-src=4568, port-dest=80, action=forward to 192.168.2.5 (to NLB IP by NAT rule) src=[192.168.2.5], dest=[192.168.1.1], port-src=80, port-dest=4568, action=drop (diff. subnet)

I wonder if you had the same problem.


Posted by: max at January 2, 2009 6:42 PM

Hi,

I am also facing a similar issue with Windows 2008 NLB when configured in unicat mode is not accessible from other subnet.

I have two NIC cards.

One nic card of both hosts is connected to nortel switch and assigned IP address 10.X.X.X with NLB enabled (local Area Connection).

Another NIC of both hosts is connected via crossover cable and assigned IP address 192.168.X.X (heartbeat).

It works fine when changed to multicast mode. However, I want itto run in Unicast mode.

I run the command you mentioned that is

--netsh interface ipv4 set int "Local Area Connection" forwarding=enabled

Still, i am not able to acess the cluster across the subnet. Running abve command created some issue with server accessing the DC/DNS servers. So, I had to revert it.

Any suggestions. Thanks!


Posted by: vinit at February 3, 2009 1:22 AM

LOL! "Suboptimal" And I thought I was the master of comical understatement. Thanks for the chuckle - and the valuable info!


Posted by: Michael at April 6, 2009 10:41 AM

Great job!


Posted by: wczasy at May 21, 2009 8:22 AM

Microsoft - support case? and they helped. LOL that a first for me...


Posted by: Bilety lotnicze at June 4, 2009 10:36 AM

I am a bit confused, is the inbound NIC on the single hosts the NIC where the cluster IP address is configured?


Posted by: stan at July 7, 2009 2:41 PM

i'm a first timer with that stuff


Posted by: fotograf ślubny at July 20, 2009 8:10 PM

what a great news!


Posted by: psycholog online at July 20, 2009 8:15 PM

Hi,

I am facing a problem, but in unicast mode. Cluste is configured in unicast mode with 2 NIC. I am not able to react the cluster IP from client subnet.

Any suggestion will be appreciated.

Thanks! -Ken


Posted by: affordable health insurance at July 26, 2009 6:59 AM

I was the master of comical understatement.


Posted by: fotograf slubny at July 28, 2009 3:52 AM

Very good, thanks. rok


Posted by: asd at August 5, 2009 2:16 AM

I am also facing a problem while installing windows. However it is nice way to share your problem. I am also thinking to share my problem, hop in this way get solution of that.


Posted by: Free Web Designing at August 24, 2009 2:19 AM

Thank You! I was experiencing the exact problem you were and this post saved me a lot of time..

thanks for sharing


Posted by: Shane Harkins at September 3, 2009 4:06 PM

really good knowledge!


Posted by: fotograf slubny bielsko at September 7, 2009 3:46 PM

Still, i am not able to acess the cluster across the subnet. Running abve command created some issue with server accessing the DC/DNS servers. So, I had to revert it.


Posted by: fotografia dziecieca bielsko at September 7, 2009 3:49 PM

Wow! It's very important information! Thanks you! ))


Posted by: Download Free Games at September 10, 2009 9:54 AM

Hey great post. Quite informative. Wow! It's very important information! Thanks you! ))


Posted by: Facebook Application Development at September 11, 2009 2:59 AM

Hey great post. Quite informative. Wow! It's very important information! Thanks you! ))


Posted by: Facebook Application Development at September 11, 2009 3:00 AM

Thank you, it's very astounding description it might be very hospitable for students. For example last year when I had a difficult of time at the end of semester with a eternal flow of academic assignments and job, I had a wonderfull idea to buy it somewhere and than use plagiarism detect. I was so dead that I did not care for what can crop up when my academic work was written by flipside person. To my admirable surprise, research paper was desirable the price I paid for it. I was so satisfied with the quality and now everytime i use this service.


Posted by: Bobert Bobowsky at September 16, 2009 10:49 AM

Thank you, it's very inspiring information it might be very obliging for students. For example last year when I had a difficult of time at the end of semester with a ceaseless flow of academic assignments and mission, I had a astonishing idea to buy it somewhere and than use plagiarism check. I was so dead that I did not care for what can commence when my academic work was written by another person. To my greatest surprise, research paper was divine the price I paid for it. I was so satisfied with the quality and now everytime i use this service.


Posted by: jemmar at September 16, 2009 10:50 AM

metin2 yang


Posted by: metin2 yang at October 4, 2009 7:36 PM

Aion kinah


Posted by: Aion kinah at October 4, 2009 7:37 PM

wow gold


Posted by: wow gold at October 4, 2009 7:38 PM

Great tip. Fixed the problem perfectly.


Posted by: Adam at October 7, 2009 3:42 PM

Hi, Thanks for this helpful article.I was facing some problem with configuration of the web server.I get resolved through your article.


Posted by: bluetooth freisprecheinrichtung at October 10, 2009 6:39 AM

Yeah definitely very helpful for the people it was pleasant to read about Windows 2008 NLB with 2 NICs! If you need to get a great job firstofall you need resume service. Study and don't forget - if you have to work and study at the same time, there arehotshots who are ready to assist you with your resume when you under time crushing and looking for a great job.


Posted by: Alex at October 15, 2009 6:04 AM

A lot people transpire the responsibility to expert resume writers because they lack the skill to compose a satisfactory resume thats the reason why customers need to resume company, but such people like writer don't do that. Thanks a lot for the text. Very useful topic about Windows 2008 NLB with 2 NICs.


Posted by: Alex at October 15, 2009 6:06 AM

i love your blog


Posted by: I casino online divertenti at October 18, 2009 4:21 PM

I admire you, guys. It is yet an increadibly difficult world for me. I do my best to learn it but very often it seems to me that it is impossible to understand it. As fars I see from the post you are very good at it. My congrats.


Posted by: Rapidshare at October 20, 2009 4:51 PM

Posted by Who at September 2, 2010 2:46 PM

Post a comment











Remember personal info?