NLB Heartbeat/private network

I have recently set up a 2 Node NLB Cluster. Both machines have 2 NICs.
Each machine has 1 NIC connected to the switch/external network (called
Public) and each machine has 1 NIC configured as a Private network and
connected via a crossover cable to the other machine.

I can ping the private network address from each machine to the other
machine. My cluster seems to be working - although it doesn't seem that the
heartbeat is functioning correctly.

I followed the instructions using the NLB Manager. Basically here is my info

Cluster IP 141.211.134.231
Cluster Name uuis.umich.edu

1st Node (UUISWEB)
Dedicated Cluster address (Public) is 141.211.134.234

2nd Node (UUISWEB2)
Dedicated Cluster address (Public) is 141.211.134.235

My 2 private addresses are 192.168.1.1 (UUISWEB) and 192.168.1.2 (UUISWEB2).

My questions are:

The NIC that has the private address doesn't seem to be getting any packet
traffic (i.e. shouldn't the heartbeat activity show some packets
sent/received)?

How often does that heartbeat go? Every second?

Did I set it up wrong - should the dedicated IP be the Private address? So
when I add a host to the cluster - and it presents me with the list of NICs
to choose from as the dedicated IP - should that be the private (non
routable) one???

I'll post my little step-by-step "cheat sheet" here again for your
benefit...

Maybe the issue is that you don't work for the University of Notre Dame?
(just kidding!)

Hope this helps, Amy...
--Ryan


How-To: Configure Network Load Balancing (NLB) with Two Network Adapters

1. Assign appropriate IP addresses to each NIC, placing them in separate
subnets.

* Node1 -

o "Public" NIC
* IP address: 10.10.2.17
* Subnet: 255.255.255.0
* Gateway: 10.10.2.1
* DNS: as appropriate

o "NLB" NIC
* IP address: 192.168.1.1
* Subnet: 255.255.255.0
* Gateway: N/A
* DNS: N/A


* Node2 -

o "Public" NIC
* IP address: 10.10.2.18
* Subnet: 255.255.255.0
* Gateway: 10.10.2.1
* DNS: as appropriate

o "NLB" NIC
* IP address: 192.168.1.2
* Subnet: 255.255.255.0
* Gateway: N/A
* DNS: N/A

2. On the "Public" NICs, click "Advanced" and add an additional IP address
as the Virtual IP Address which clients will connect to from the Public
network (i.e. - 10.10.2.177)

3. Install "Network Load Balancing" as an additional service from the
"Public" adapter properties.
* Click "Install.." and then select "Service" in the upper-window and click
"Add."
* Select "Network Load Balancing" in the upper-window and click "OK"
* Answer any prompts and provide the correct path to installation media.

4. Once NLB is installed, return to the Properties page for the "Public" NIC
and select the check-box next to "Network Load Balancing." This enables the
service globally.

5. Next, select the item "Network Load Balancing" and click "Properties"

6. Configure the NLB Cluster properties according to your parameters, using
the following example steps as a guide.

* Node1 -

o "Public" NLB Cluster Parameters tab
* Primary IP address: 10.10.2.177
* Subnet: 255.255.255.0
* Full Internet Name mail.domain.com

o "Public" NLB Host Parameters tab
* Priority: 1
* Dedicated IP address: 10.10.2.17
* Subnet: 255.255.255.0


* Node2 -

o "Public" NLB Cluster Parameters tab
* Primary IP address: 10.10.2.177
* Subnet: 255.255.255.0
* Full Internet Name mail.domain.com

o "Public" NLB Host Parameters tab
* Priority: 2
* Dedicated IP address: 10.10.2.18
* Subnet: 255.255.255.0

7. MultiCast support can be optional in this configuration.

8. You can also now take time to create a static Host record (A record) in
your scenario's DNS infrastructure to provide appropriate name resolution to
the NLB cluster name (i.e. - mail.domain.com or just mail).

9. Your NLB cluster should be up and running.

10. An external client should now be able to ping the IP address of the NLB
cluster (i.e. - 10.10.2.177) as well as each of the individual node
addresses (i.e. - 10.10.2.17 & -.18).

11. Many good diagnostic commands can be found by typing "wlbs /?" in a
command window. For example, "wlbs query" shows the status and convergence
state of the cluster.

12. IMPORTANT NOTE: In this configuration, each individual node is NOT able
to ping the other node's Public physical IP address (i.e - 10.10.2.17 cannot
ping 10.10.2.18 and vice-versa). I believe this is expected behavior, as
the NLB cluster is now responding to requests on the Virtual Cluster address
(i.e. - 10.10.2.177).


--
Ryan Sokolowski
MVP - Windows Server - Clustering
MCSE, CCNA, CCDA, BCFP

"A troubleshooter's best tool is the Event Viewer and understanding the
events and messages contained therein."

This posting is provided "AS IS" with no warranties, and confers no rights.

"Amy Lewis" <> wrote in message
news:F72DFDF7-68B9-46BD-85E6-...
>I have recently set up a 2 Node NLB Cluster. Both machines have 2 NICs.
> Each machine has 1 NIC connected to the switch/external network (called
> Public) and each machine has 1 NIC configured as a Private network and
> connected via a crossover cable to the other machine.
>
> I can ping the private network address from each machine to the other
> machine. My cluster seems to be working - although it doesn't seem that
> the
> heartbeat is functioning correctly.
>
> I followed the instructions using the NLB Manager. Basically here is my
> info
>
> Cluster IP 141.211.134.231
> Cluster Name uuis.umich.edu
>
> 1st Node (UUISWEB)
> Dedicated Cluster address (Public) is 141.211.134.234
>
> 2nd Node (UUISWEB2)
> Dedicated Cluster address (Public) is 141.211.134.235
>
> My 2 private addresses are 192.168.1.1 (UUISWEB) and 192.168.1.2
> (UUISWEB2).
>
> My questions are:
>
> The NIC that has the private address doesn't seem to be getting any packet
> traffic (i.e. shouldn't the heartbeat activity show some packets
> sent/received)?
>
> How often does that heartbeat go? Every second?
>
> Did I set it up wrong - should the dedicated IP be the Private address?
> So
> when I add a host to the cluster - and it presents me with the list of
> NICs
> to choose from as the dedicated IP - should that be the private (non
> routable) one???

Ryan

I did see your cheat sheet while I was creating my cluster and I did follow
your instructions. However - for my "private" NIC on each node I have not
used a 192.168..... address - I am using an address on the same subnet as the
"public" network. Is this a problem?

I had been using the cluster this way for a while - and everything seemed to
work until I used the SP1 SCW - and turned on the Windows Firewall. I had
been using IPSec policies to restrict traffic. With the Firewall turned on -
people outside my local subnet can see the cluster for only about 2-4 hours.
Then all of a sudden they can't see it any more - I can still see it from my
local subnet.

I was trying to determine what was causing this problem - after reading
could it be that I was not allowing ICMP traffic? It seems to be a problem
with the switch learning the virtual MAC address - I read somewhere that this
could be caused by restricting ICMP responses - does this make any kind of
sense?

Do you know if people have sucessfully used NLB with the SP1 firewall? I am
basically running IIS in my cluster

"Ryan Sokolowski [MVP]" wrote:

> I'll post my little step-by-step "cheat sheet" here again for your
> benefit...
>
> Maybe the issue is that you don't work for the University of Notre Dame?
> (just kidding!)
>
> Hope this helps, Amy...
> --Ryan
>
>
> How-To: Configure Network Load Balancing (NLB) with Two Network Adapters
>
> 1. Assign appropriate IP addresses to each NIC, placing them in separate
> subnets.
>
> * Node1 -
>
> o "Public" NIC
> * IP address: 10.10.2.17
> * Subnet: 255.255.255.0
> * Gateway: 10.10.2.1
> * DNS: as appropriate
>
> o "NLB" NIC
> * IP address: 192.168.1.1
> * Subnet: 255.255.255.0
> * Gateway: N/A
> * DNS: N/A
>
>
> * Node2 -
>
> o "Public" NIC
> * IP address: 10.10.2.18
> * Subnet: 255.255.255.0
> * Gateway: 10.10.2.1
> * DNS: as appropriate
>
> o "NLB" NIC
> * IP address: 192.168.1.2
> * Subnet: 255.255.255.0
> * Gateway: N/A
> * DNS: N/A
>
> 2. On the "Public" NICs, click "Advanced" and add an additional IP address
> as the Virtual IP Address which clients will connect to from the Public
> network (i.e. - 10.10.2.177)
>
> 3. Install "Network Load Balancing" as an additional service from the
> "Public" adapter properties.
> * Click "Install.." and then select "Service" in the upper-window and click
> "Add."
> * Select "Network Load Balancing" in the upper-window and click "OK"
> * Answer any prompts and provide the correct path to installation media.
>
> 4. Once NLB is installed, return to the Properties page for the "Public" NIC
> and select the check-box next to "Network Load Balancing." This enables the
> service globally.
>
> 5. Next, select the item "Network Load Balancing" and click "Properties"
>
> 6. Configure the NLB Cluster properties according to your parameters, using
> the following example steps as a guide.
>
> * Node1 -
>
> o "Public" NLB Cluster Parameters tab
> * Primary IP address: 10.10.2.177
> * Subnet: 255.255.255.0
> * Full Internet Name mail.domain.com
>
> o "Public" NLB Host Parameters tab
> * Priority: 1
> * Dedicated IP address: 10.10.2.17
> * Subnet: 255.255.255.0
>
>
> * Node2 -
>
> o "Public" NLB Cluster Parameters tab
> * Primary IP address: 10.10.2.177
> * Subnet: 255.255.255.0
> * Full Internet Name mail.domain.com
>
> o "Public" NLB Host Parameters tab
> * Priority: 2
> * Dedicated IP address: 10.10.2.18
> * Subnet: 255.255.255.0
>
> 7. MultiCast support can be optional in this configuration.
>
> 8. You can also now take time to create a static Host record (A record) in
> your scenario's DNS infrastructure to provide appropriate name resolution to
> the NLB cluster name (i.e. - mail.domain.com or just mail).
>
> 9. Your NLB cluster should be up and running.
>
> 10. An external client should now be able to ping the IP address of the NLB
> cluster (i.e. - 10.10.2.177) as well as each of the individual node
> addresses (i.e. - 10.10.2.17 & -.18).
>
> 11. Many good diagnostic commands can be found by typing "wlbs /?" in a
> command window. For example, "wlbs query" shows the status and convergence
> state of the cluster.
>
> 12. IMPORTANT NOTE: In this configuration, each individual node is NOT able
> to ping the other node's Public physical IP address (i.e - 10.10.2.17 cannot
> ping 10.10.2.18 and vice-versa). I believe this is expected behavior, as
> the NLB cluster is now responding to requests on the Virtual Cluster address
> (i.e. - 10.10.2.177).
>
>
> --
> Ryan Sokolowski
> MVP - Windows Server - Clustering
> MCSE, CCNA, CCDA, BCFP
>
> "A troubleshooter's best tool is the Event Viewer and understanding the
> events and messages contained therein."
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
> "Amy Lewis" <> wrote in message
> news:F72DFDF7-68B9-46BD-85E6-...
> >I have recently set up a 2 Node NLB Cluster. Both machines have 2 NICs.
> > Each machine has 1 NIC connected to the switch/external network (called
> > Public) and each machine has 1 NIC configured as a Private network and
> > connected via a crossover cable to the other machine.
> >
> > I can ping the private network address from each machine to the other
> > machine. My cluster seems to be working - although it doesn't seem that
> > the
> > heartbeat is functioning correctly.
> >
> > I followed the instructions using the NLB Manager. Basically here is my
> > info
> >
> > Cluster IP 141.211.134.231
> > Cluster Name uuis.umich.edu
> >
> > 1st Node (UUISWEB)
> > Dedicated Cluster address (Public) is 141.211.134.234
> >
> > 2nd Node (UUISWEB2)
> > Dedicated Cluster address (Public) is 141.211.134.235
> >
> > My 2 private addresses are 192.168.1.1 (UUISWEB) and 192.168.1.2
> > (UUISWEB2).
> >
> > My questions are:
> >
> > The NIC that has the private address doesn't seem to be getting any packet
> > traffic (i.e. shouldn't the heartbeat activity show some packets
> > sent/received)?
> >
> > How often does that heartbeat go? Every second?
> >
> > Did I set it up wrong - should the dedicated IP be the Private address?
> > So
> > when I add a host to the cluster - and it presents me with the list of
> > NICs
> > to choose from as the dedicated IP - should that be the private (non
> > routable) one???
>
>
>

"Amy Lewis" <> wrote in message
news:A139BC1C-CDA6-407C-A47D-...
> Ryan
>
> I did see your cheat sheet while I was creating my cluster and I did
> follow
> your instructions. However - for my "private" NIC on each node I have not
> used a 192.168..... address - I am using an address on the same subnet as
> the
> "public" network. Is this a problem?

Yes, this is a very big problem. Your heartbeat network _must_ be on a
different network segment than your public network and it must not be
routable.


--
Russ Kaufmann

MVP - Windows Server - Clustering
http://www.clusterhelp.com - Cluster Website
http://msmvps.com/clusterhelp - Blog

Russ,

Why (on W2K3) must the heartbeat be on a different network segmeent to the
public ? Seems to work fine with heartbeat and public traffic on same NIC ?

--
Cheers
LM


"Russ Kaufmann [MVP]" wrote:

> "Amy Lewis" <> wrote in message
> news:A139BC1C-CDA6-407C-A47D-...
> > Ryan
> >
> > I did see your cheat sheet while I was creating my cluster and I did
> > follow
> > your instructions. However - for my "private" NIC on each node I have not
> > used a 192.168..... address - I am using an address on the same subnet as
> > the
> > "public" network. Is this a problem?
>
> Yes, this is a very big problem. Your heartbeat network _must_ be on a
> different network segment than your public network and it must not be
> routable.
>
>
> --
> Russ Kaufmann
>
> MVP - Windows Server - Clustering
> http://www.clusterhelp.com - Cluster Website
> http://msmvps.com/clusterhelp - Blog
>
>
>
>

"Lord Melch" <> wrote in message
news:F67F24E7-EC2F-4053-8B7F-...
> Russ,
>
> Why (on W2K3) must the heartbeat be on a different network segmeent to the
> public ? Seems to work fine with heartbeat and public traffic on same NIC
> ?

Best practices. There is no requirement.


--
Russ Kaufmann

MVP - Windows Server - Clustering
http://www.clusterhelp.com - Cluster Website
http://msmvps.com/clusterhelp - Blog

Russ,

OK, I have one for you. Recently setup a customer with 2 x W3K3 (Web
Edition) load balanced with a SQL Cluster (active/passive) backend.

The 2 x W2K3's are load balanced using one NIC in each and set for
Multicast. All IP's on same subnet / range.

All works OK. Would you specifiy say a crossover between the 2 x W2K3 LB
servers and use that for Private (Heartbeat) traffic and use the other NIC's
for LAN traffic. - Would this the need Unicast or Multicast ?

Would there be any benifit ?

I notice when I run the NLB admin utility is running Multicast can create
"unpredictable results" or something similar...

--
Cheers
LM


"Russ Kaufmann [MVP]" wrote:

> "Lord Melch" <> wrote in message
> news:F67F24E7-EC2F-4053-8B7F-...
> > Russ,
> >
> > Why (on W2K3) must the heartbeat be on a different network segmeent to the
> > public ? Seems to work fine with heartbeat and public traffic on same NIC
> > ?
>
> Best practices. There is no requirement.
>
>
> --
> Russ Kaufmann
>
> MVP - Windows Server - Clustering
> http://www.clusterhelp.com - Cluster Website
> http://msmvps.com/clusterhelp - Blog
>
>
>

"Lord Melch" <> wrote in message
news:7EB2BB25-03D2-4215-9039-...
> The 2 x W2K3's are load balanced using one NIC in each and set for
> Multicast. All IP's on same subnet / range.
>
> All works OK.

Then don't sweat it. <G>

Seriously, if it is working and meeting the needs of the organization, then
you have done well.

--
Russ Kaufmann

MVP - Windows Server - Clustering
http://www.clusterhelp.com - Cluster Website
http://msmvps.com/clusterhelp - Blog

Russ

> Seriously, if it is working and meeting the needs of the organization, then
> you have done well.

A man after my own heart ;>) Thanks.

BTW any idea why i get so many formatting errors on this forum all sorts of
<G> and the like ?

--
Cheers
LM


"Russ Kaufmann [MVP]" wrote:

> "Lord Melch" <> wrote in message
> news:7EB2BB25-03D2-4215-9039-...
> > The 2 x W2K3's are load balanced using one NIC in each and set for
> > Multicast. All IP's on same subnet / range.
> >
> > All works OK.
>
> Then don't sweat it. <G>
>
> Seriously, if it is working and meeting the needs of the organization, then
> you have done well.
>
> --
> Russ Kaufmann
>
> MVP - Windows Server - Clustering
> http://www.clusterhelp.com - Cluster Website
> http://msmvps.com/clusterhelp - Blog
>
>
>

Melch,

The formatting errors are because you were not complying to the world
renowned Internet Standard of Microsoft Internet Explorer 6.0 SP2.
*Owned* you blaggard for having the impetuous cheak for using ...dare I say
it.. FIREFOX......
--
Cheers
LM


"Lord Melch" wrote:

> Russ
>
> > Seriously, if it is working and meeting the needs of the organization, then
> > you have done well.
>
> A man after my own heart ;>) Thanks.
>
> BTW any idea why i get so many formatting errors on this forum all sorts of
> <G> and the like ?
>
> --
> Cheers
> LM
>
>
> "Russ Kaufmann [MVP]" wrote:
>
> > "Lord Melch" <> wrote in message
> > news:7EB2BB25-03D2-4215-9039-...
> > > The 2 x W2K3's are load balanced using one NIC in each and set for
> > > Multicast. All IP's on same subnet / range.
> > >
> > > All works OK.
> >
> > Then don't sweat it. <G>
> >
> > Seriously, if it is working and meeting the needs of the organization, then
> > you have done well.
> >
> > --
> > Russ Kaufmann
> >
> > MVP - Windows Server - Clustering
> > http://www.clusterhelp.com - Cluster Website
> > http://msmvps.com/clusterhelp - Blog
> >
> >
> >