Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: Windows Load Balancing and Cisco Switches

Windows Load Balancing and Cisco Switches 9 years 11 months ago #19166

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Posts: 1390
  • Karma: 1
Hi peeps,

Just wondering if anyone has implemented WLB on Cisco Switches ? We tried to set this up a while back and ended up with Broadcast Storms which took our some of our older routers due to the amount of traffic hitting the Ethernet (10Mb Half Duplex) interfaces.

I would like to give this another go. I beleive that the issue is with the Windows Loadbalancing using Multicast mode which causes the switch not to learn the Multicast Mac address for the virtual interface and therefore floods the traffic to each port because it doesn't know where to go.

There must be a way around this. I thought about manually adding the MAC address to each port in the WLB however there must be an easier way to do this since its pretty basic functionality.

I read that IGMP Snooping would sort this however i beleive the Cisco 3750G switch has this enabled by default, also we are not registering the multicast address anywhere, we are just utilising a multicast MAC address for the WLB function.

Any help would be appreciated.

Regards

Wayne
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
The administrator has disabled public write access.

Re: Windows Load Balancing and Cisco Switches 9 years 11 months ago #19180

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Posts: 1390
  • Karma: 1
Righty, got to the bottom of what goes on here;

When Windows Load Balancing is enabled, Microsoft NLB sends outbound traffic using a MAC Address different to the MAC Address that it uses in response to ARP queries. For this reason, the switch never learns the MAC address that is sent to clients and therefore when clients talk to the NLB Virtual Address, it uses the MAC returned in the ARP which the switches doesn't know about.

The switch will then broadcast the traffic to all ports on the router because the CAM has no mapping to the switch ports that its attached to.

This will therefore create a broadcast storm within that segment which isn't good.

The way i have had to get around this is by statitically assigning the virtual mac address that is sent out in the ARP reply to each port on the switch. THis is done by the following;

[code:1]mac-address-table static [mac-address] vlan [vlan-id] interface [interface] [/code:1]

N.B. This is if you are using WNLB in Unicast Mode. You can change to Multicast Mode which i beleive gets around some of these issues but i have not tested this.

Cheers
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
The administrator has disabled public write access.
Time to create page: 0.074 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup