Configuration options for WLBS hosts connected to layer 2 switches

This article describes how to connect two or more Windows NT Load Balancing Service (WLBS) servers in a switched environment. For Windows Load Balancing Service (WLBS) to work correctly, every packet directed to the virtual IP address must reach all the WLBS hosts. The WLBS host then filters the packets.

If you connect Network Load Balancing hosts with a switch, the switch must be layer 2 instead of layer 3 or higher, because all the hosts share the same IP address (the cluster IP address), and layer 3 switches direct network packets (incoming client requests) according to the IP address of the destination computer.

When the cluster network adapter of each WLBS host connects to a port on a layer 2 switch (the same switch) instead of a hub, the switch tries to determine the media access control (MAC) address of the computer connected to each of its ports. As a result, the switch can associate a port to a MAC address. Ethernet switches send frames to a MAC address through the port associated with the MAC address. If a switch associates the cluster's MAC addresses to one of its ports, WLBS cannot correctly load-balance the traffic. There are several methods to configure WLBS to prevent a switch from associating the cluster's MAC address. The following sections describe these methods.

Unicast

Note: For best results, configure the default gateway so that the default gateway address is set on the cluster/WLBS Virtual adapter. Do not set the gateway address for the administrative network adapter in the TCP/IP configuration dialog.

With this configuration, requests to the cluster move through the cluster network adapter, and the appropriate host also replies through the cluster network adapter because this network adapter has the gateway information associated with it. The host's administrative network adapters connect to a dedicated hub that is either not connected to the network or connected to a router or switch for a different subnet. The administrative network adapters and cluster adapters cannot use the same subnet.

Masking the WLBS Cluster MAC Address

When you use unicast, keep the registry value set to its default value of 1. This forces the cluster to use a substitute MAC address when it sends packets through the switch. The switch maps the substitute MAC address to a port, but sends the traffic to the real cluster MAC address to all the ports in the switch. If a switch does not have a MAC address associated to a port, it sends the frames to all the ports. This is known as port flooding. You can contain port flooding only with a virtual LAN. This configuration has the highest bandwidth, and completely eliminates collisions.

The is located in the following registry key:

Note In Microsoft Windows Server 2003, the MaskSourceMAC value is located in the following registry key:

Using a Hub

To use a hub, follow these steps:

1. Set the
   MaskSourceMAC
   value to 0 on all WLBS nodes.
2. Connect all the cluster network adapters to a hub.
3. Uplink the hub to a switch port.
4. Connect the dedicated network adapter to a free switch port.

This configuration permits the switch to determine the WLBS cluster MAC address. This eliminates port flooding without the use a virtual LAN. This configuration has a bandwidth limitation on the hub, however it automatically improves the pipelining of traffic, and minimizes collisions.

Multicast

Note When the local router must send a packet to the virtual IP address, the local router uses address resolution protocol (ARP) to determine the virtual IP's MAC address. WLBS replies to these ARP requests. When you mask the source MAC address, the ARP response from WLBS has a substitute source MAC address in the Ethernet frame, but contains the correct cluster MAC address in the ARP header. Some routers cannot make this ARP mapping and must make a static ARP entry in the router. For additional information about static ARP requirements, click the following article number to view the article in the Microsoft Knowledge Base: The cluster uses a multicast MAC address that is mapped to a unicast IP address. The switch does not associate the multicast MAC addresses to a port, so the switch sends frames to this MAC address on all the ports. IP Multicast pruning implementations cannot limit the port flooding, therefore you must use a virtual LAN. Multicast provides no advantage over unicast from the switches perspective. The increased multicast processing overhead for routers and switches may lead to slower performance. Carefully analyze the effect on your network when you uses multicast to avoid congesting other network devices.