NLB + CAS \ HT Server IP question.

QChang · Joined: 01 Feb 2008 Posts: 2

Hi All,

I am new to the concept of NLB so pardon me for my ignorance.

After reading Henrik Walther's excellent articles on the NLB I would like to
setup NLB with Unicast and dual NICs for the two Exchange 2007 CAS / HT
servers that we have. However, I am confused about the IP ranges and traffic
flow on the 2 NICs.

Server 1

So on NIC1 ( Public )
IP :10.0.0.100 ( Server 2 - 10.0.0.101 )
SM : 255.255.0.0
GW : 10.0.0.1

NIC 2 ( NLB )
IP : 192.168.100.100 ( Server 2 - 192.168.100.101 )
SM : 255.255.0.0
no GW or DNS

NLB Cluster DNS entry (192.168.100.200 )

From what I have gathered from the articles ( and please correct me if I am
wrong ) I would need to register a DNS entry for the NLB Cluster. I think I
would also need to have the firewall NAT to the NLB Cluster IP but there's
where I can't get my head around this.

I know traffic is suppose to traverse thru the NLB cluster but does the
traffic need to go thru a gateway or does it behave more like a Virtual IP
with heartbeat functions ?

If I only have 2 servers to NLB would it be sufficient to use a crossover
cable between the 2 servers or am I completely wrong and need to have the
traffic be routable ( on it's own seperate network with a gateway )

Would the correct answer be ...

1) Firewall ( 10.0.0.1 ) --> Public IP ( 10.0.0.100 ) NLB Clu (
192.168.100.200 ) ( own segment but no gateway )

or

2 ) Firewall ( 192.168.100.1 ) -- > NLB Clu ( 192.168.100.200 ) Public IP
( 10.0.0.100 ) ---> Inside Network ---> Firewall ( 10.0.0.1 )

I am semi-familiar with clustering so I am afraid I am mixing the 2 ideas
and confusing myself to death...

Any assistance would be greatly appreciated before I pound my head into the
wall...

Thanks in advance and best regards,
Q

Archived from group: microsoft>public>exchange>clustering

Rui Silva [MVP] · Joined: 05 Aug 2007 Posts: 32

1. Set up your servers using just 1 NIC. Configure it with each server's IP
address, register those IPs with DNS, configure a DNS Server and a Gateway.
2. Configure the 2nd NIC. The 2nd NIC will ONLY be used for NLB. Each of
these NICs will have an IP address of your production network segment, but
you don't need to register these IPs with DNS, neither you need to configure
DNS Server or Gateway for this 2nd NIC.
3. Each 2nd NIC on each server will share a virtual IP address (the NLB IP
address). This is the IP you must register with DNS.

The concept here is a little bit different from clustering, it's not an
heartbeat, it's a dedicated NIC for NLB.

And please remember that you should only load-balance ports 80 and 443!

--
Rui Silva
MVP Windows Server System - Exchange Server
Blog "subject: exchange", http://msmvps.com/ehlo

"QChang" wrote in message @microsoft.com...
> Hi All,
>
> I am new to the concept of NLB so pardon me for my ignorance.
>
> After reading Henrik Walther's excellent articles on the NLB I would like
> to
> setup NLB with Unicast and dual NICs for the two Exchange 2007 CAS / HT
> servers that we have. However, I am confused about the IP ranges and
> traffic
> flow on the 2 NICs.
>
> Server 1
>
> So on NIC1 ( Public )
> IP :10.0.0.100 ( Server 2 - 10.0.0.101 )
> SM : 255.255.0.0
> GW : 10.0.0.1
>
> NIC 2 ( NLB )
> IP : 192.168.100.100 ( Server 2 - 192.168.100.101 )
> SM : 255.255.0.0
> no GW or DNS
>
> NLB Cluster DNS entry (192.168.100.200 )
>
> From what I have gathered from the articles ( and please correct me if I
> am
> wrong ) I would need to register a DNS entry for the NLB Cluster. I think
> I
> would also need to have the firewall NAT to the NLB Cluster IP but there's
> where I can't get my head around this.
>
> I know traffic is suppose to traverse thru the NLB cluster but does the
> traffic need to go thru a gateway or does it behave more like a Virtual IP
> with heartbeat functions ?
>
> If I only have 2 servers to NLB would it be sufficient to use a crossover
> cable between the 2 servers or am I completely wrong and need to have the
> traffic be routable ( on it's own seperate network with a gateway )
>
>
> Would the correct answer be ...
>
> 1) Firewall ( 10.0.0.1 ) --> Public IP ( 10.0.0.100 ) NLB Clu (
> 192.168.100.200 ) ( own segment but no gateway )
>
> or
>
> 2 ) Firewall ( 192.168.100.1 ) -- > NLB Clu ( 192.168.100.200 ) Public
> IP
> ( 10.0.0.100 ) ---> Inside Network ---> Firewall ( 10.0.0.1 )
>
>
> I am semi-familiar with clustering so I am afraid I am mixing the 2 ideas
> and confusing myself to death...
>
> Any assistance would be greatly appreciated before I pound my head into
> the
> wall...
>
> Thanks in advance and best regards,
> Q
>

Russ Kaufmann [MVP] · Joined: 05 Aug 2007 Posts: 69

"QChang" wrote in message @microsoft.com...
> After reading Henrik Walther's excellent articles on the NLB I would like
> to
> setup NLB with Unicast and dual NICs for the two Exchange 2007 CAS / HT
> servers that we have. However, I am confused about the IP ranges and
> traffic
> flow on the 2 NICs.
>
> Server 1
>
> So on NIC1 ( Public )
> IP :10.0.0.100 ( Server 2 - 10.0.0.101 )
> SM : 255.255.0.0
> GW : 10.0.0.1
>
> NIC 2 ( NLB )
> IP : 192.168.100.100 ( Server 2 - 192.168.100.101 )
> SM : 255.255.0.0
> no GW or DNS
>
> NLB Cluster DNS entry (192.168.100.200 )

You probably want to put the GW and DNS on the NLB NICs. After all, the NLB
NIC needs to route packets to the world, right?

> From what I have gathered from the articles ( and please correct me if I
> am
> wrong ) I would need to register a DNS entry for the NLB Cluster.

Yes. Configure the DNS record to hit the firewall and then the firewall
route from it to the internal NLB cluster IP.

> I know traffic is suppose to traverse thru the NLB cluster but does the
> traffic need to go thru a gateway or does it behave more like a Virtual IP
> with heartbeat functions ?

The VIP is the NLB cluster address where you want to direct incoming
traffic.

> If I only have 2 servers to NLB would it be sufficient to use a crossover
> cable between the 2 servers or am I completely wrong and need to have the
> traffic be routable ( on it's own seperate network with a gateway )

No, cross over cables are not used as this is not like a cluster when it
comes to intracluster communication. All intracluster communciation travels
over the NLB'd NICs.

> 2 ) Firewall ( 192.168.100.1 ) -- > NLB Clu ( 192.168.100.200 ) Public
> IP
> ( 10.0.0.100 ) ---> Inside Network ---> Firewall ( 10.0.0.1 )

Everything goes to the VIP. The non-NLB NICs are used to connect to the
individual nodes for management purposes, i.e. to patch the node.

For more info on NLB with CAS and HT, you might want to look at this entry:
http://msmvps.com/blogs/clusterhelp/archive/2007/10/05/exchange-server-2007-hub-transport-and-client-access-service-on-the-same-nlb-cluster.aspx

--
Russ Kaufmann
MVP - Windows Server - Clustering
ClusterHelp.com, a Microsoft Certified Gold Partner
Web http://www.clusterhelp.com
Blog http://msmvps.com/clusterhelp

The next ClusterHelp classes are:
Mar 10- 13 in Denver
May 12-15 in New York

QChang · Joined: 01 Feb 2008 Posts: 2

Hi Rui,

Thank you for your reply. So just to recap.

I create an DNS entry for the NLB cluster IP ( with a production network IP
10.0.0.110 ).

I would setup the servers with one NIC first ( 10.0.0.100 ) and make sure
the DNS and Gateway is correct.

I would then install the second NIC with an IP from the production
environment ( ie. 10.0.0.105 ) and make sure that it is physically connect
to the production network or ( just to each other on a seperate hub ) ?

I thought I have found the answer before but now after reading many
different answers I am back to square 1 ( confused ) again...

Help please.

Thanks and regards,
Quentin

"Rui Silva [MVP]" wrote:

> 1. Set up your servers using just 1 NIC. Configure it with each server's IP
> address, register those IPs with DNS, configure a DNS Server and a Gateway.
> 2. Configure the 2nd NIC. The 2nd NIC will ONLY be used for NLB. Each of
> these NICs will have an IP address of your production network segment, but
> you don't need to register these IPs with DNS, neither you need to configure
> DNS Server or Gateway for this 2nd NIC.
> 3. Each 2nd NIC on each server will share a virtual IP address (the NLB IP
> address). This is the IP you must register with DNS.
>
> The concept here is a little bit different from clustering, it's not an
> heartbeat, it's a dedicated NIC for NLB.
>
> And please remember that you should only load-balance ports 80 and 443!
>
> --
> Rui Silva
> MVP Windows Server System - Exchange Server
> Blog "subject: exchange", http://msmvps.com/ehlo
>
>
> "QChang" wrote in message
> @microsoft.com...
> > Hi All,
> >
> > I am new to the concept of NLB so pardon me for my ignorance.
> >
> > After reading Henrik Walther's excellent articles on the NLB I would like
> > to
> > setup NLB with Unicast and dual NICs for the two Exchange 2007 CAS / HT
> > servers that we have. However, I am confused about the IP ranges and
> > traffic
> > flow on the 2 NICs.
> >
> > Server 1
> >
> > So on NIC1 ( Public )
> > IP :10.0.0.100 ( Server 2 - 10.0.0.101 )
> > SM : 255.255.0.0
> > GW : 10.0.0.1
> >
> > NIC 2 ( NLB )
> > IP : 192.168.100.100 ( Server 2 - 192.168.100.101 )
> > SM : 255.255.0.0
> > no GW or DNS
> >
> > NLB Cluster DNS entry (192.168.100.200 )
> >
> > From what I have gathered from the articles ( and please correct me if I
> > am
> > wrong ) I would need to register a DNS entry for the NLB Cluster. I think
> > I
> > would also need to have the firewall NAT to the NLB Cluster IP but there's
> > where I can't get my head around this.
> >
> > I know traffic is suppose to traverse thru the NLB cluster but does the
> > traffic need to go thru a gateway or does it behave more like a Virtual IP
> > with heartbeat functions ?
> >
> > If I only have 2 servers to NLB would it be sufficient to use a crossover
> > cable between the 2 servers or am I completely wrong and need to have the
> > traffic be routable ( on it's own seperate network with a gateway )
> >
> >
> > Would the correct answer be ...
> >
> > 1) Firewall ( 10.0.0.1 ) --> Public IP ( 10.0.0.100 ) NLB Clu (
> > 192.168.100.200 ) ( own segment but no gateway )
> >
> > or
> >
> > 2 ) Firewall ( 192.168.100.1 ) -- > NLB Clu ( 192.168.100.200 ) Public
> > IP
> > ( 10.0.0.100 ) ---> Inside Network ---> Firewall ( 10.0.0.1 )
> >
> >
> > I am semi-familiar with clustering so I am afraid I am mixing the 2 ideas
> > and confusing myself to death...
> >
> > Any assistance would be greatly appreciated before I pound my head into
> > the
> > wall...
> >
> > Thanks in advance and best regards,
> > Q
> >

Question on deployment of OWA Hey all, We currently have an 2 node Exchange 2003 SP2 cluster installed on a Windows 2003 domain. The cluster isn't apart of RPC-HTTP topology right now. We want to add an additional FE server and make the environment work as apart of HTTP-RPC topology.

Microsoft SCR Question I have two locations, NYC and London, Each site has 25 users with mailboxes, I want to setup an Exch 07 ENT SP1 in each Site and have their mailbox stores replicated to each other and switch them on if either one of the servers failed. In other words, eac

Another SP1 CCR upgrade question Hi There, Was wondering if we need to upgrade "exchnage rolluo 5" before installing SP1 in our CCR environment. And can someone confirm the order in which to install: i.e. 1 Intstall on CAS servers 2 Hubs 3 CCR passive node 4 CCR active node Thanks Trejay

Exchange 2007 CCR - update rollup 2 question When installing my hub servers in my org it offered to run windows updates which picked up the update rollup 2 for exchange 2007. However when installing exchange on my cluster nodes windows updates didn't pick this up. Does this mean its not required. Or

Exchange 2007 high availability question I have read that Exchange 2007 does not support active/active clustering. Does Exchange 2007 support this scenario: 3 node clusters: 2 active and 1 passive? What about 4 node clusters : 3 active and 1 passive? Regards JP