Windows Network Load Balancing (NLB) supports three methods: unicast, multicast, and IGMP multicast. NLB in unicast mode is simple to configure and can be accessed across network segments, but there will be port flooding problems, so this working mode is generally not used. NLB configuration in multicast mode, if the switch is not configured, only the same network segment can be accessed, and other network segments cannot be accessed. This article introduces the configuration of NLB in the virtual machine in the vSphere virtualization environment, as well as the configuration of the corresponding physical switch.
When using Active Directory and DNS in an enterprise, if the number of users is large, multiple Active Directory and DNS servers need to be configured. Each Active Directory and DNS server has one IP address, and multiple servers have multiple IP addresses. Users need to add multiple when configuring, or specify different servers by department, which is not convenient for management. In addition, the Active Directory server is configured with a domain name (for example, msft.com) by default. If the organization has multiple domain names, such as msft.com.cn, msft.net, msft.com, msft.cn, etc., if there are multiple DNS servers, If the information is modified in one of the DNS servers, it needs to be modified manually in the other DNS servers. This section introduces the use of Active Directory, DNS and Windows Network Load Balancing (NLB) to solve these problems.
The user's current environment and DNS servers are all deployed in a virtualized environment. The topology and connections of the current virtualized environment are shown in Figure 1.
Figure 1 Virtualization architecture
In the topology of Figure 1, each server is configured with two 2-port 10G bit/s network cards. Port 1 of each network card is used for ESXi management and virtual machine traffic (TRUNK), connected to the two switches on the left in Figure 1. Medium (port 1 of NIC 1 is connected to switch 1, and port 1 of NIC 2 is connected to switch 2); port 2 of each NIC is used for vSAN traffic, specifically connected to the 2 vSAN switches on the right in Figure 1 (port of NIC 1 2 is connected to switch 1 on the right, and port 2 of the network card 2 is connected to switch 2 on the right). Every 2 switches use 40 Gbit/s ports to connect in a stack.
In the virtualization environment, 7 virtual machines were created, each virtual machine was allocated 2 vCPUs, 4GB of memory, and Windows Server 2019 Data Center Edition was installed. In the vSphere Client, view the running status of these 7 virtual machines as shown in Figure 2.
Figure 2 Screenshot of resource occupation of 7 virtual machines
The computer names of these 7 servers are DC01~DC07, and the corresponding IP addresses are 172.16.5.51~172.16.5.57 respectively. The corresponding information of DNS and IP address is as follows.
DC01 172.16.5.51
DC02 172.16.5.52
DC03 172.16.5.53
DC04 172.16.5.54
DC05 172.16.5.55
DC06 172.16.5.56
DC07 172.16.5.57
Upgrade to Active Directory server in the first server DNS01 and set the domain name to msft.com. DC02~DC07 are added to the Active Directory of DC01.msft.com and are additional domain controllers. You can see the information of these 7 domain controllers in the "Domain Controllers" of "Active Directory Users and Computers", as shown in Figure 3.
Figure 3 A total of 7 domain controllers currently
[Explanation] In this example, the Active Directory domain name uses msft.com instead. In an actual production environment, use your actual domain name.
Then modify the hosts files of the DC01~DC07 computers, and add the following information to the hosts file of each computer:
172.16.5.51 DC01
172.16.5.52 DC02
172.16.5.53 DC03
172.16.5.54 DC04
172.16.5.55 DC05
172.16.5.56 DC06
172.16.5.57 DC07
172.16.5.51 DC01.MSFT.COM
172.16.5.52 DC02.MSFT.COM
172.16.5.53 DC03.MSFT.COM
172.16.5.54 DC04.MSFT.COM
172.16.5.55 DC05.MSFT.COM
172.16.5.56 DC06.MSFT.COM
172.16.5.57 DC07.MSFT.COM
In "Server→All Servers", add other domain controllers, as shown in Figure 4.
Figure 4 All servers
Then add "Network Load Balancing" on each server, as shown in Figure 5.
Figure 5 Add network load balancing
Then create a cluster on DC01 on the first computer, set the IP address of the cluster to 172.16.5.11, the cluster operation mode to "multicast", and leave the full Internet name blank, as shown in Figure 6.
Figure 6 Cluster parameters
[Note] Record the multicast MAC address here. In this example, it is 03bf-ac10-050b. Later, you need to statically bind the cluster's IP address 172.16.5.11 with the MAC address 03bf-ac10-050b in the core switch. "IGMP Multicast" can also be used. Also need to record the MAC address. To use multicast or IGMP multicast, you need to bind the MAC address and IP address in the core switch.
Then add other node hosts DC02 to DC07 to the cluster, as shown in Figure 7.
Figure 7 Configuration of the cluster is complete
After the configuration is complete, in the "Server Manager → All Servers", you can see that each server has added the cluster address 172.16.5.11, as shown in Figure 8.
Figure 8 The cluster address has been enabled
In the DNS manager, create an Active Directory integrated zone for other domain names that need to be resolved, as shown in Figure 9.
Figure 9 Create Active Directory integrated DNS zone
In this way, the Active Directory integrated DNS zone created in any DNS server from DC01 to DC07, as well as the records created or modified in DNS, will be synchronized to make the same changes in other DNS servers. As shown in Figure 10, this is the DNS zone and record created in the current production environment.
Figure 10 DNS Manager
Modify the IP address parameters of each domain controller and modify the DNS server to 172.16.5.11 and 127.0.0.1. For other computers in the network, modify the DNS address to 172.16.5.11.
Finally, the configuration of the core switch must be modified. In this example, two S6720S-26Q-SIs are configured as a stack, and the two 10 Gigabit ports of the ESXi host are connected to ports 1 to 6 of each S6720S-26Q-SI in turn, and ports 1 to 6 are configured as TRUNK. 172.16.5.11 belongs to VLAN1005.
You need to configure each port connected to the ESXi host switch, and bind 172.16.5.11 with 03bf-ac10-050b in the global configuration. The switch configuration method is as follows.
interface Vlanif1005
ip address 172.16.5.254 255.255.255.0
quit
port-group group-member interface GigabitEthernet0/0/1 to GigabitEthernet0/0/6
port link-type trunk
port trunk allow-pass vlan 2 to 4094
mac-address multiport 03bf-ac10-050b 1005
quit
port-group group-member interface GigabitEthernet1/0/1 to GigabitEthernet1/0/6
port link-type trunk
port trunk allow-pass vlan 2 to 4094
mac-address multiport 03bf-ac10-050b 1005
quit
arp static 172.16.5.11 03bf-ac10-050b