Dual-NIC NLB Configuration with Windows Server 2008 NLB Clusters

If you're new here, you may want to subscribe to Windows Reference RSS feed Thanks for visiting!

We’ve had a few calls from customers who have run into a particular issue when they’ve deployed NLB on a Windows Server 2008 cluster.  Most of them have had older NLB deployments and thought we made a change to 2008 NLB to cause a problem. The installations with the issue have dual-NIC nodes with the default gateway on the Cluster NIC.  This is the reported behavior:

• Communication with the cluster IP from a computer on the same subnet works without a problem

• Communication with the cluster IP from an computer on a different subnet fails

• If you move the default gateway to the cluster NIC, everything works

In Windows Server 2003, a packet from the client would route in through the inbound NIC and because the response was not from the same subnet, it would be sent back via the outbound NIC to the default gateway and back to the client.  The problem with the above configuration on a 2008 server is that we disabled IP forwarding by default.  Therefore, when the packet enters the inbound NIC, without a default gateway, it has no way to get off subnet and the packet is dropped.

There is actually a simple change in order to get this to work without putting the default gateway on the cluster NIC.  You need to enable routing using one of the two following methods – via netsh or via the registry:

Via netsh:

• First, you need to get the name of the Cluster NIC.  This appears in “Network Connections” or, from the command prompt, run the following command:
  • netsh interface show int
• The output will look like this:

Admin State    State          Type             Interface Name
-------------------------------------------------------------------------
Enabled        Connected      Dedicated        Cluster NIC

• That will show you the interfaces in the server.  Find the name of the cluster NIC and put it in quotes in the following command:
  • netsh interface ipv4 set interface “Cluster NIC” forwarding=enabled
• You can confirm that it is changed by running the command:
  • netsh interface ipv4 show interface l=verbose
• If the look at the output below, you’ll see that Forwarding is now enabled:

Interface Cluster NIC Parameters
----------------------------------------------
IfLuid                             : ethernet_5
IfIndex                            : 10
Compartment Id                     : 1
State                              : connected
Metric                             : 20
Link MTU                           : 1500 bytes
Reachable Time                     : 30000 ms
Base Reachable Time                : 30000 ms
Retransmission Interval            : 1000 ms
DAD Transmits                      : 3
Site Prefix Length                 : 64
Site Id                            : 1
Forwarding                         : enabled
Advertising                        : disabled
Neighbor Discovery                 : enabled
Neighbor Unreachability Detection   : enabled
Router Discovery                   : dhcp
Managed Address Configuration      : enabled
Other Stateful Configuration       : enabled
Weak Host Sends                    : disabled
Weak Host Receives                 : disabled
Use Automatic Metric               : enabled
Ignore Default routes              : disabled

Via the registry

Add the following value:

Key name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
Value Name: IpEnableRouter
Data Type: REG_DWORD
Value: 1

Be sure to reboot the server for the change to take effect. The netsh command does not require a reboot.

Source from MS network blog.