Quick Tip: Configuring Network Load Balancing (NLB) on Windows 2008 for Exchange CAS Servers…
Posted by: Andy Grogan on: March 24, 2008
There are some small differences within this article which you may not have come across – for example;
- Best practices for NLB recommend using Unicast within the cluster. Unicast is a good solution when you have two NIC’s in the server, however due to port limitations in my secondary Data-centre I can only make use of a single NIC on the server – therefore I have used Multi-cast communication between hosts.
When using the NLB Manager in conjunction with a host which has a single NIC and is set to use UNICAST communication you will receive the following error message when the management tool starts:
Ironically it still appears when you have configured your Cluster to use Multi-cast.
The following is an interesting read on Unicast limitations when using a single NIC on your server (taken directly from http://support.microsoft.com/kb/556067)
Unicast Mode with Single NIC
- In Unicast Mode, NLB modifies the Network Adapters MAC address to Cluster MAC. Now, there is only one MAC Address available in cluster – that is Cluster MAC and this MAC address has to be same on all cluster hosts. Network Re-director can’t forward the request to same MAC Address if it is originating from the same source and also host cannot communicate with each other – This is the disadvantage of Unicast Mode with Single NIC. To enable hosts to talk to each other, enable either MULTI-CAST mode or install a second NIC.
- You may get “No interface is available to configure load balancing” when using network load balancing manager. You get this error if you have imaged a server or copied to virtual machine. All network GUIDs will be same. You need to re-install the network adapter from device manager to overcome this problem.
- While configuring NLB through NLB Manager and you have deleted the host from the cluster. If that status of that still shows pending for a long time then manually disable the NLB in host. It would disappear from the Manager.
- It is always best practice to add local host (on where you’re running NLB Manager) after adding all host when you’re running NLB Cluster in Single NIC with Unicast Mode.
- It is recommended to run NLB Manager on a separate computer which is not part of cluster when you’re running Cluster in Single NIC with Unicast or Multi-cast Mode.
- If you have added the local host to NLB Manager in single NIC Unicast mode and when you refresh, all other hosts will be unreachable.
- When you access VIP using UNC, you might get the login box if you’re request is being forwarded to a host who is not in domain and you’re member of domain. You might need to supply user credentials.
- Crossover cable between NLB nodes doesn’t work correctly for heartbeat messages and others. It works great in server clustering.
- Heartbeat messages are transmitted over NLB Enabled NIC always whether you’re operating cluster in Unicast or Multi-cast mode.
- When an application running on a host dies or stop the NLB will keep forwarding the requests to that server because NLB doesn’t monitor the state of the application.
- Only Windows 2003 and later versions can be configured by the NLB Manager. However, you can manage previous versions of Windows but can’t configure them using NLB Manager.
- Remote control for NLB uses UDP port 2504.
- You will notice that some areas of the my guide have incomplete IP addresses and Subnet masks – its pretty obvious as to why I have done this.
Installing Windows 2008 NLB on Node 1;
Network Load Balancing is available in both the Standard and Enterprise Editions of Windows 2008 (it is also available in other higher level variants of Windows 2008). Essentially NLB uses a node based distributed process which farms network traffic between a number of Hosts (or nodes) – each node constitutes a member of a NLB cluster (this should not be confused with Windows Failover Clustering Services – NLB clustering is designed mainly around the distribution of Network traffic and providing fault tolerance at the interface level).
In order to install and correctly configure NLB in your environment you will need the following:
- At least two servers (or if you do not have two servers one server with two NIC interfaces – however under this scenario you would be at the mercy of the other components within the architecture).
- If you are Load Balancing two separate servers (which this article
is about) you will require x 3 free IP addresses on your network:
- x 2 for the Public Addresses of your nodes
- x 1 for the NLB Cluster Address
- A DNS entry that points to the NLB clustered address – this will be used for hosts to connect to the Clustered NLB IP Address
When you have ensured that the above criteria has been met, open a Windows 2008 Command Prompt and type in the following command:
serverManagerCMD -i NLB – then press <Enter> (see below);
You will need to perform this on all nodes (computers) that will form that NLB cluster.
When NLB has completed installing (on both Nodes) on the Primary Node (First Machine you installed NLB) – go to the following [ START -> Programs -> Administrative Tools -> Network Load Balancing Manager ] – see below:
The following Window will open:
From the top left pane – right click on the “Network Load Balancing Clusters” and from the context menu that appears choose “New Cluster”:
You will then be presented with the “New Cluster: Connect” option – in the section that is entitled “Host” type in the Host name of the Primary Node in the cluster then click on the “Connect” button and then Click “Next” when the “Interfaces available for configuring this cluster” populates which will display the following:
As this the first node interface in the cluster you should ensure that the Priority is set to “1” – you can then leave the rest of the configuration options as the default and click on the “Next” button which will display the following screen:
This screen allows for you to configure the IP addresses that will be shared by each node of the NLB cluster – so for example earlier we created a DNS entry which corresponds to the CAS server’s Clustered IP address – click on the “Add” button which will open the following screen:
Enter in the Cluster IP addresses (which corresponds to the DNS entry) in the section entitled “Add IPv4 address” (you should also include the Subnet Mask) – then click on the “OK” button – this will return you to the main Cluster IP address screen – click on the “Next” button to be taken to the “Cluster Parameters” screen:
Here you will see that the Cluster IP address and Subnet have been pre-populated – however in the “Full Internet Name” section you will need to provide the FQDN of the DNS entry that we did at the start of the article (under the pre-requisites section) – as I am using a single network card I have chosen to use “Multi-cast” for the cluster operation mode – if you have two NIC’s in your server you should choose the Unicast option.
We you are happy with the setting above click on the “Next” button:
Here you will be presented with the “Port Rules” section of the configuration.
Essentially this screen provides a means for you to reduce the “Attack Surface” area of the clustered IP address by allowing you to specify specific port traffic which is allowed via the IP address.
As you can see there is a default rule defined which essentially allows all traffic – select it and then click on the “Remove” button.
Now for the purposes of my CAS server I will only require ports 80 (HTTP) and 443 (SSL) – however it is possible that other people would also require 110 (POP3) and 143 (IMAP) to be added.
To add a port rule click on the “Add” button and the following dialog box will appear:
In order to configure HTTP Un-tick the “All” button, and then choose the IP address of your cluster from the “Cluster IP Address” area – then ensure that the rest of the configuration option match that as above. When you are happy with your choices click on the “OK” button.
You will be taken back to the main “Port Rules” screen – repeat the process for the other ports – when you have configured the remaining ports click on the “Finish” button.
Installing Windows 2008 NLB on Node 2;
You will now be returned to the main screen of the NLB cluster manager – which will now be processing your configuration changes. When it has finished – right click the New entry under “Network Load Balancing Clusters” (which is your new cluster) and from the context menu that appears choose the “Add Host to cluster” option – see below
You will be presented with the familiar “Add host to cluster” dialog box – here type in the Host name of the second node and then click on the “Connect” button – then when the “Connection Status” changes to “Connected” click on the “Next” button:
You will then be presented with the “Host Parameters” dialog box – ensure that the priority assigned is set to “2” – then click on the “Next” button:
You will given the option to Edit the port rules again – confirm that they are as expected then click on the “Finish” button:
The cluster will then return you to the NLB manager screen – where it will be processing the changes made and converge the interfaces.