[c-nsp] Microsoft NLB vs Cisco

Tim Durack tdurack at gmail.com
Sun May 11 20:19:55 EDT 2008


Amazing, think I found a fix:
http://www.skendric.com/packet/msnlb-catalyst-configuration.pdf

MS NLB requires not just a static ARP entry, but a static MAC too,
something like:

arp a.b.c.d 0100.5e7f.ccdd
mac-address-table static 0100.5e7f.ccdd vlan x interface G1/45 G1/46
disable-snooping

The cluster still works and CPU is back to normal (I've also proved
12.2(33)SXH2 can run at 90-100% without dropping routing sessions or
crashing :-)

(Big thanks to Stuart Kendrick who wrote the above link!)

Tim:>

On Sun, May 11, 2008 at 12:35 AM, Arie Vayner <ariev at vayner.net> wrote:
> Tim,
>
> May I offer another approach? Maybe you could just drop NLB, and use the IP
> SLB feature you have inside your Sup720?
>
> Arie
>
> On Sun, May 11, 2008 at 12:38 AM, Tim Durack <tdurack at gmail.com> wrote:
>>
>> On Sat, May 10, 2008 at 4:48 PM, Peter Rathlev <peter at rathlev.dk> wrote:
>> > On Sat, 2008-05-10 at 12:09 -0400, Tim Durack wrote:
>> >> Anyone using Microsoft NLB Multicast mode for a cluster?
>> >>
>> >> It requires a static arp entry on Cisco, as the cluster ip resolves to
>> >> a multicast mac, which can't/shouldn't be learned via arp.
>> >
>> > I find that a very irritating requirement of the MS NLB. :-)
>> >
>> >> So we do something like: "arp a.b.c.d 0100.5e7f.xxyy arpa"
>> >> Apparently this results in software switching the adjacency on a
>> >> Sup720, which is painful to say the least.
>> >>
>> >> Any suggestions?
>> >
>> > I guess you're referring to CSCee49121 "static ARPs dont create adjs
>> > when used with routes pointing at intf". I thought this was only a
>> > problem if you used it like this:
>> >
>> > ip route 10.11.12.13 255.255.255.255 Gi1/1
>> > arp 10.11.12.13 030b.adc0.ffee Gi1/1
>> >
>> > Is the problem also there without the route statement? We use it against
>> > two MS NLBs, and we don't see any problems. The traffic doesn't seem to
>> > be software switched, but apart from consulting Feature Manager and
>> > looking at the CPU interrupt usage, I'm not completely sure how to check
>> > it. How do you do it?
>>
>> No static route - maybe that's the difference.
>>
>> Educated guess work. CPU is running >90%. Install a CoPP policy
>> dropping the traffic, and CPU drops back to a more normal ~30%.
>>
>> Monday I plan to try a SPAN against the rp, and see what is hitting
>> it. I need this to tune CoPP anyway.
>>
>> > Regards,
>> > Peter
>> >
>> >
>> >
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>


More information about the cisco-nsp mailing list