I have a customer that is using Windows Network Load Balancing for a fault tolerance web service across two web servers. They started running W2003 x86 a few years ago and recently decided that they should \u201cupgrade\u201d to W2008 R2 to take advantage of some of the better web hosting features. Each server has 2 NIC\u2019s. The first is the normal one we use to log into the servers and manage them. The second is used purely for the NLB clustered web traffic.<\/p>\n
This meant a rebuild of the servers. For some architectural reasons, it was also decided to build a new NLB cluster. We would do this one web server at a time.<\/p>\n
We rebuilt the first server. I brought up a new NLB cluster, with just itself as the only member for the moment. We would add the second server when it was rebuilt. To bring it into production we would:<\/p>\n
Then we could rebuild the second web server and away we go!<\/p>\n
Muggins here drew the short straw and I was awake at 06:00 this morning to VPN in, do some prep work and switch the IP addresses to bring the new server into production. I did that and tested. The websites would not respond. I had no idea what was up. Network monitor showed external traffic coming in on TCP 80 and reaching the server. I could even see my IP address coming in.<\/p>\n
I checked the website bindings which were set to the default of *, that is all assigned IP addresses on the server. I verified with IPCONFIG that the production IP was live. I could ping it from other machines and see the traffic in Network Monitor. I decided I would configure the site in IIS7.5 to just use the NLB cluster IP address. That\u2019s where issue #1 arose. I could not select that IP address. After a quick google I learned that W2008 R2 IIS7.5 cannot pick detect the NLB cluster IP address and load it into the drop down list box. I had to type it in.<\/p>\n
It should be OK now? I tested. And no joy. At this point I had to roll back the changes. The site had been offline for too long.<\/p>\n
A few hours later I had the time to start investigating some more. I used another public IP address with a NAT rule to another internal IP address that I could use on the new NLB cluster. That would leave the production, old NLB, websites up and running and unaffected by my tests.<\/p>\n
I still couldn\u2019t access the site. I tested the sites from another server in the same VLAN. I could access the sites from there. Strange! This means that I either had a firewall or a routing issue. It couldn\u2019t be a firewall issue. The same NAT rule was being used on the new server. I was simply moving the IP address and we don\u2019t do anything crazy with MAC addresses. It couldn\u2019t be an ARP cache issue because I could see web traffic actually reaching the server in Network Monitor 3.3.<\/p>\n
I scratched my head. I could route out from the server. I could surf the web and traceroute out. Both the server\u2019s management IP and NLB IP are in the same VLAN. The server management IP had the correct default gateway. The TCP configuration was identical to the W2003 R2 configuration.<\/p>\n
What if \u2026 now I was reaching \u2026 what if NLB doesn\u2019t route correctly? What if the NLB NIC\u2019s IP configuration doesn\u2019t pick up the default gateway set up on the management NIC\u2019s IP configuration. If it was a normal NIC it probably would. I set up the default gateway on the NLB NIC. It was identical to the server management NIC configuration. I got the warning about multiple default gateways on a computer and clicked OK.<\/p>\n
Now I tested web site access from an external IP and it worked perfectly. My conclusion? You have to configure the default gateway on an NLB NIC if using Network Load Balancing on Windows Server 2008 R2. Otherwise it will not route correctly to other networks; it should pick up the default gateway from the management NIC but it does not.<\/p>\n
I have a customer that is using Windows Network Load Balancing for a fault tolerance web service across two web servers. They started running W2003 x86 a few years ago and recently decided that they should \u201cupgrade\u201d to W2008 R2 to take advantage of some of the better web hosting features. Each server has 2 … Continue reading “First Impressions: Windows Server 2008 R2 NLB”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[52],"tags":[117],"class_list":["post-10659","post","type-post","status-publish","format-standard","hentry","category-windows-server","tag-windows-server-2008-r2"],"aioseo_notices":[],"jetpack_featured_media_url":"","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts\/10659","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=10659"}],"version-history":[{"count":0,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts\/10659\/revisions"}],"wp:attachment":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=10659"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=10659"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=10659"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}