Extreme Switches and Microsoft Multicast NLB

I’ve recently been troubleshooting an issue with Extreme Switches and Microsoft Multicast NLB. The Extreme switches (along with many other major Layer 3 switch vendors – Cisco, Juniper etc) have the issue that they break the NLB’s ability to mask the MAC address in use.

When you use Extreme Switches and Microsoft Multicast NLB, each cluster host retains the original MAC address of the adapter. In addition to the original MAC address of the adapter, the adapter is assigned a multicast MAC address, which is shared by all cluster hosts. The incoming client requests are sent to all cluster hosts by using the multicast MAC address. From what I could see on the Extreme switches the Multicast MAC never entered the FDB table.

Using the below commands I created a FDB entry for a single port, a matching arp entry to map the Cluster IP to the Multicast MAC, and then applied a redirect-port command inbound on the vlan with an access list for any traffic with the destination address of 192.168.126.19, this redirects the traffic out all 4 ports simultaneously.

create fdbentry 03:bf:ac:11:99:13 vlan "myvlan" port 2:5
configure iparp add 192.168.126.19 vr VR-Default 03:bf:ac:11:99:13
create access-list nlb "destination-address 192.168.126.19/32;" "redirect-port-list 1:5,2:5,3:5,4:5;"
config access-list add nlb first vlan myvlan

A single port can be specified in the fdb entry as the subsequent access list will override this. One caveat with this is that the redirect port list function only works in VR-Default, so unfortunately if you’ve created your own virtual router and are having this problem the above fix will not work.

Now the Extreme Switches and Microsoft Multicast NLB are working happily together.