Thursday, October 30, 2014

Prepare NLB for SharePoint Web Front End WFE Servers

This is a copy of this Blog Post

This post demonstrate  a step by step NLB configuration , how to prepare a NLB cluster to be used later on as SharePoint WFE servers .
however through this walkthrough of NLB configuration , I tried to pause on some steps and explain the NLB configuration steps as much as possible, although this series is to configure the NLB for SharePoint WFE Servers, I tried to make this post as generic as possible to accommodate any NLB configuration for any purpose.

Before you start

 IP addresses :
  • You need to have a Virtual IP, this IP is called Cluster(Public) IP and must be the same among all Cluster nodes.
  • In the other hand each cluster node would have Dedicated (Private) IP address which must be different among other nodes.
  • How to configure these IPs to interact with NLB is differ depending on Single Network adapter or Multiple Network Adapter is used.
  • In case of using Single Adapter : The dedicated IP address is always entered first so that outgoing connections from the cluster host are sourced with this IP address instead of a virtual IP address. Otherwise, replies to the cluster host could be inadvertently load-balanced by Network Load Balancing and delivered to another cluster host.
  • Private(dedicated) IPs and Cluster IP must be on the same Subnet Mask (Network) to function properly.


General Observations

  • Multicast is slower than Unicast
  • As a general rule use Unicast for two adapters, Multicast for a single adapter
  • Best Performance is obtained from either Multiple Unicast & Multiple Multicast, although multiple multi cast needs complex configuration

1- If you are using virtual machines on hyper-v it’s important to enable the IP spoofing
2- NLB configuration , from Server manger –> add NLB feature on all WFE Servers:
3- Open NLB manager from administrative tools , Cluster –>new , or from start –> run –> NlbMgr
4- in this step we are going to add the first server node to the NLB (which is the first web front end server WFE01) ,enter the server name then connect ,
5- Select the network adapter which you wish to participate in the NLB Cluster , then Click next:

5- in this screen the dedicated IP (private IP) is displayed , with the ability to add more private IPs, leave as default and click next.
  • Priority (Unique ID)
    • each Host takes a Unique ID.
    • The host with lowest Priorities (1) is called the master host and manage all cluster traffic that is not handled by Port's Rule.
  • Dedicated IP address :
    • Must be configured in TCP/IP properties first.
    • Must be identical for the IP entered in TCP/IP properties.
  • Initial state : determine whether the node will join the cluster when operating system is started

5- in this screen you will be prompted to add the NLB cluster IP (Public IP) that will be used to communicate with the front end server, click Add
enter the Cluster IP as required , then click next
6- in this screen you will enter the NLB Cluster name, by selecting the NLB Cluster IP then entering Name (SPSFENLB) , this IP will be used as cluster NLB IP that will be accessed by external traffic , and traffic will be routed accordingly to the host node with the least network traffic
IP address: virtual IP address(Public IP) is set for cluster, must be identical on all cluster hosts, all applications are going to use this IP to communicate with cluster
Full internet nameClusterName.DomainName , must be identical for all cluster hosts, users type this name in their browsers to access web server cluster, This name must be registered and mapped in DNS with its Cluster IP.
Cluster Operation Mode
· Multicast:
  • Choose this option if you want cluster nodes to be accessed through both their Public IP and Private IP address.
  • This option is optimal if you have one Network Card installed because Private IP would be functional as well as no application using this Private IP would be affected
  • AC address is changed into multicast MAC address.
  • If clients are accessing Cluster through a Router (in another LAN) make sure that the router support ARP (mapping more than IP address to one MAC address).
  • IGMP can be enabled which eliminate switch flooding (only cluster ports can pass)
· Unicast
  • Choose this option if you want cluster nodes to be accessed only by Public IP, If you had one Network card and you chose Unicast then your server would not be accessed through its Private IP anymore. You would access it only through its public IP.
  • his option is optimal if you have two network cards, where you can configure one as public IP and the other as Private IP.
  • Using Unicast would provide more performance gain than Multicast.
  • Cluster MAC address overrides built-in MAC address (some adapters don’t allow this ,in this case you need to replace it with another one).
When you use the unicast method, all cluster hosts share an identical unicast MAC address. Network Load Balancing overwrites the original MAC address of the cluster adapter with the unicast MAC address that is assigned to all the cluster hosts.
When you use the multicast method, each cluster host retains the original MAC address of the adapter. In addition to the original MAC address of the adapter, the adapter is assigned a multicast MAC address, which is shared by all cluster hosts. The incoming client requests are sent to all cluster hosts by using the multicast MAC address.
As a rule of thumb Select the unicast method for distributing client requests, unless only one network adapter is installed in each cluster host and the cluster hosts must communicate with each other from inside
For more info refer to Multicast vs Unicast section at the end of this post.
7- Define Port Rules , this is an optional step , where in default all rules are enabled,
how ever if you wanted to limit the traffic on this NLB Cluster select the port rule –> Edit
· Filtering Modes : There are three Filtering Modes which determines the host responsible to handle network traffic for this rule (this helps to distribute network traffic among hosts):
Multiple Host : both hosts will handle network traffic over specified port range, This filtering mode provides scaled performance in addition to fault tolerance by distributing the network load among multiple hosts
  •  Affinity :
    • None:
      • allows multiple connections from the same client IP to be handled by different Cluster Hosts.
      • although disabling Affinity would improve performance since it allows connections from the same client to be handled concurrently by different Cluster hosts, Don’t choose none when UDP or Both is chosen this confuse NLB from handling IP fragments properly.
    • Single :
      • Directs multiple connection from the same client IP to the same Cluster Host
      • This option is efficient when you have clients that access NLB cluster through multiple proxies which might cause requests from single client to appear originated from different computers.
    • Class C: Similar to Single
      • Directs multiple connection from the same client IP to the same Cluster Host
      • This option is efficient when you have clients that access NLB cluster through multiple proxies located within the same Class C Address range.
  • Single Host: only single host will handle network traffic according to host's priority.
  • Disable the port range : all network traffic for the associated port rule will be blocked

  • To improve Load balancing choose set affinity to None when possible. Bearing in mind "none" can't be chosen when UDP or Both option is chosen in Protocols.
  • Single affinity obtains more performance than class C affinity.
  • When Single Host is selected , host with the highest priority(1) will handle all network traffic and load weight option is then disabled.
  • To determine one port in port rule , place the same port in both: From , To options.
  • The same ports rules must be placed in all involved hosts or error will be generated when trying to add another host to cluster.
  • You can determine Network load weight between hosts when multiple hosts option is chosen, Load weight is determined through Host Properties from add/edit port rules. After finishing configuration go to Host Name—>Host Properties—>Port Rules –>Uncheck Equal option—>choose proper load weight with in this rule.
TCP: connection between sender & Receiver persist until sending is finished then connection is closed. (sender can guarantee delivery, some how heavy on network).
UDP: Sender package the data and release it in the network to reach receiver (no guarantee for delivery, very light on network).
ApplicationApplication-layer protocolUnderlying Transport Protocol
electronic mailSMTPTCP
remote terminal accessTelnetTCP
file transferFTPTCP
remote file serverNFStypically UDP
streaming multimediaproprietarytypically UDP
Internet telephonyproprietarytypically UDP
Network ManagementSNMPtypically UDP
Routing ProtocolRIPtypically UDP
Name TranslationDNStypically UDP

6- After you finish , add the second WFE host, follow same steps
7- Two servers are now joined to the NLB cluster
9. Go to Active Directory and create a host record for the NLB cluster name

Multicast vs Unicast:

NLB adds the new virtual MAC to the network card, but also keeps the card’s original MAC addressNLB replaces the network card’s original MAC address with the New entered one. (Cluster IP)
Not all routers can support having two MAC addresses on one Network card where routers might reject replies from NLB hosts since a UniCast IP must have one MAC not Two MAC addressesWork with all routers since each network card only has one MAC address
Servers can communicate with each other in NLB administrator via the original addresses of their NLB network cardsSince all hosts in the cluster all have the same MAC and IP address, they do not have the ability to communicate with each other via their NLB network card. A second network card is required for communication between the servers
Note: be aware that some routers doesn’t support Multi Mac addresses over Unicast IP's , special configuration might be needed for routers.
The IP addresses starting from : to (class D) are reserved for multicast networks. e.g. is an address that belong to Unicast network.

No comments:

Post a Comment