Managed Switch: help me understand

  • Thread starter Thread starter Sal Bompensaro
  • Start date Start date
S

Sal Bompensaro

Hi,

To effectively use the Network Load Balancing (NLB) capability that is
built into Windows, it's important that the servers sharing the common
virtual IP address be plugged into a hub, not a switch. The reason for this
is that these servers share a common virtual MAC address. A switch would get
confused when it tries to "learn" the appropriate port for the virtual MAC
address. This is why a whitepaper that I recently read recommends:

- plugging the servers in the cluster into a hub
- uplinking that hub into a switch

This ensures that each server in the cluster is able to see each packet
destined for the virtual MAC address. This is all pretty standard stuff, but
here's the thing: I don't want to have to mount a separate hub in my rack
for each cluster. Can I accomplish the same thing with a "managed switch"?
I've never used a managed switch before, so I'm not sure.

Let's say I have a managed switch with 24 ports. I fill up ports 1-16
with Ethernet cables from various machines on my LAN... but I then plug in
the two servers in my cluster into ports 23-24. I want ports 23-24 to act
like a hub that is unlinked to the rest of the switch. Eventually, the
switch would learn that the shared MAC address of the cluster lives behind
ports 23-24 and all traffic destined for that MAC address would be
*broadcast* to those two ports. Does that make sense?

I'm not sure what the appropriate jargon/terminology is for this type of
setup, but I've done some research and I think it's called a VLAN. The
crucial point to note here, though, is that ports 23-24 would act as a hub
(all traffic is broadcast) instead of a switch.

All comments are appreciated.

Thanks...
 
I'm not sure what the appropriate jargon/terminology is for this type of
setup, but I've done some research and I think it's called a VLAN. The
crucial point to note here, though, is that ports 23-24 would act as a hub
(all traffic is broadcast) instead of a switch.
Click to expand...

Many switches also allow you to put specific ports in "monitor mode" -
where the ports you specify will get all traffic that the switch sees.

-Kam
 
Many switches also allow you to put specific ports in "monitor mode" -
where the ports you specify will get all traffic that the switch sees.
Click to expand...

Cool, I guess that's what I'm looking for, as long as I can make the
"monitor mode" only apply to the ports in my VLAN instead of the whole
switch.
 
Be careful. Most switches (Cisco and others) limit the number of ports you
can span and how many ports can be in the span group. Is Microsoft's
implementation really using the same virtual MAC address for both servers at
the same time? I could understand if they were doing VRRP or HSRP
equivalents for keeps session states or doing the newer GLB stuff from Cisco
on a host level. I would recommend a hardware appliance or a switch with
load balancing build into it. Far easier to manage and typically doesn't
ruin your investment in good managed switches.

Anyway, you can always plug a hub into a managed switch running VLAN's. You
can therefore run all the servers that require Microsoft NLB stuff to be
plugged into the hub and run that hub on one VLAN. Then run the switch with
as many VLAN's as you design for. Are you planning on running the server
groups in different VLAN's (subnets) or all in the same? If all your server
pool is going to be in the same IP/subnet then running a hub will work and
then put the switch upstream.

Regards,
Ed Horley
 
Hi Ed,

Thanks so much for the info. I think I found a solution that I prefer to
Microsoft NLB:

http://www.enterasys.com/products/whitepapers/load-sharing-nat/

This little device is a standard NAT-style firewall, but instead of
NATing from an external IP address to an internal IP address, it NATs an
external address to *multiple* internal IP addresses in a weighted
round-robin sort of way. All internal servers in the cluster will have their
own unique IP address. No need for NLB or purchasing a separate hub. This
firewall is pretty pricey ($5k), but I think it'll do what I want.

David
 
From: "Sal Bompensaro" <[email protected]>
Subject: Managed Switch: help me understand
Date: Mon, 11 Oct 2004 13:55:08 -0700
Click to expand...
I'm not sure what the appropriate jargon/terminology is for this type of
setup, but I've done some research and I think it's called a VLAN. The
crucial point to note here, though, is that ports 23-24 would act as a hub
(all traffic is broadcast) instead of a switch.
Click to expand...

I think You have to use PORT TRUNKING for this purpose, not VLAN.
 
Typically trunking is the process of passing multiple VLAN's down the same
Ethernet interface (the VLAN's are "trunked" together). A port-channel is
the process of bonding several Ethernet interfaces together into a single
channel-group (Cisco calls this EtherChannel) that could (if you set up
trunking) pass multiple VLAN's. Think of VLAN's = Broadcast Domain = Layer
3 Subnet. EtherChannel is just a way to get around the limit of a 100MB
feed when you really need 400MB between two pieces of equipment and you
don't want to use a routing protocol to do balancing across multiple paths,
you just want a bigger pipe.
HTH,
Ed Horley
 
Naw,..Port Trunking is a VLAN thing where the router uses the same physical
interface (with same cable and switch port) to serve multiple VLANs. The
line between it and the switch becomes the Trunk Line. Investigate the term
"Router on a stick" for more details.

For load balancing, the right way, requires a switch that is specifically
designed for load balancing multiple NICs.
 
Sal Bompensaro said:
Hi,

To effectively use the Network Load Balancing (NLB) capability that is
built into Windows, it's important that the servers sharing the common
virtual IP address be plugged into a hub, not a switch. The reason for this
is that these servers share a common virtual MAC address. A switch would get
confused when it tries to "learn" the appropriate port for the virtual MAC
address. This is why a whitepaper that I recently read recommends:

- plugging the servers in the cluster into a hub
- uplinking that hub into a switch
Click to expand...

A URL to the paper would help someone help you....

But what you really need is for the switch to deliver a copy of each inbound
packet to the NIC cards at each server.

depending on how you configure the cluster, this is either a conventional
unicast MAC address, or a multicast address. Multicast will work with a
switch, but has its own issues,

a hub does this in the hardware, but since hubs top out at 100 Mbps, with
modern servers and Gigabit capable interfaces, the hub may limit overall
throughput.
This ensures that each server in the cluster is able to see each packet
destined for the virtual MAC address. This is all pretty standard stuff, but
here's the thing: I don't want to have to mount a separate hub in my rack
for each cluster. Can I accomplish the same thing with a "managed switch"?
I've never used a managed switch before, so I'm not sure.
Click to expand...

You need a switch that can handle your cluster setup(s), and you may need
each cluster in its own subnet.
Let's say I have a managed switch with 24 ports. I fill up ports 1-16
with Ethernet cables from various machines on my LAN... but I then plug in
the two servers in my cluster into ports 23-24. I want ports 23-24 to act
like a hub that is unlinked to the rest of the switch. Eventually, the
switch would learn that the shared MAC address of the cluster lives behind
ports 23-24 and all traffic destined for that MAC address would be
*broadcast* to those two ports. Does that make sense?

I'm not sure what the appropriate jargon/terminology is for this type of
setup, but I've done some research and I think it's called a VLAN. The
crucial point to note here, though, is that ports 23-24 would act as a hub
(all traffic is broadcast) instead of a switch.
Click to expand...

Yes it does do some of what you want - but no setting up a VLAN does not
make the switch behave as a hub - it makes it behave as a collection of
separate switches.

You would isolate the cluster within a VLAN, sort out a way to send cluster
traffic to all attached ports, but then you add a router (or the routing
inside your layer 3 switch) to connect that VLAN as a separate subnet to the
rest of your network.

If you use unicast cluster MAC addresses, then you have to configure the
switch to replicate traffic to that MAC address to each relevant port. If
you use this setup, then you dont have to isolate clusters on their own
subnets / vlans, but it is going to make it easier to fault find, configure
and change later if you do.

If you use multicast cluster MAC Addresses, then you need a router (or layer
3 capable switch) willing to ARP and work with a multicast MAC address, or
that allows you to set that mapping manually.

Either way you need switch(es) with high end capabilities that allow for the
setup you choose. i suggest you get your vendor to spec them for this
purpose and agree and actually do a functional test for the load balancing
working correctly before you pay for any hardware.
 
Back
Top