Diagram 1: Server, VIP IP Address, Network connections, Switches and Clients
Hello There!
We have an IBM x3650 M3, Dual NIC. We have Windows Server 2008 R2. In this Window we will have services like:
- Proxy: using ForeFront 2010
- FTP: Using IIS
- IIS
- DHCP
- DNS
- Active Directory
- Any other Windows based service
Please, see the attached diagram. The server will have a VIP (Virtual IP Address) of 172.16.0.10/24. All remote clients will point to this VIP. We will have two switches from Alcatel, either model OS6450 or OS6850. We will have an UPLINK between them as they will be two separate modules (although if you recommend we can setup a stack as well). So if Switch 1 dies all traffic will continue via Switch2 and vice versa. "Simple" fault tolerance.
We will focus only on one server and one service for now (e.g: Proxy or FTP). How can we implement fault tolerance here? What configuration should I use?
I have done some research and came to two solutions:
(1) NIC TEAMING
(2) Windows NLB
I understand that with (1) NIC Teaming you can setup a nic team using nic vendor drivers. As I understand we will have 1 IP Address and 1 MAC Address. Am I right? The next step is to configure LACP on Switches, right? The problem with this LACP is that the only situation found is when both Server's NIC are connected directly to only ONE switch. On CISCO, we would have something like this:
source: How to properly setup a server "teaming" across multiple NIC's in windows server 2008?
If your NIC driver supports LACP, use is on the switch as well. Otherwise, you'll have to stick with a static trunk on the switch. Here is a config example for Cisco:
Switch# conf t
Switch(config)# int g0/1
Switch(config-if)# channel-group 1 mode on
Switch(config-if)# exit
Switch(config)# int g0/2
Switch(config-if)# channel-group 1 mode on
Switch(config-if)# end
For LACP, you would do something like this:
Switch# conf t
Switch(config)# int g0/1
Switch(config-if)# channel-proto lacp
Switch(config-if)# channel-group 1 mode act
Switch(config-if)# exit
Switch(config)# int g0/2
Switch(config-if)# channel-proto lacp
Switch(config-if)# channel-group 1 mode act
Switch(config-if)# end[/code]
The problem is we will have two SEPARATE switches and with an UPLINK between them. That is a very different situation. What can I setup here?
With (2) Windows NLB I understand that is a very complicated issue. For example:
http://www.remotextensions.com/how-to-configure-network-load-balancing-nlb-in-multicast-mode/
The first problem is with switch flooding: we have to setup a NLB in Multicast and we have to fix an ARP IP entry and the MAC Address on the interfaces where the server will be connecting to.
STATIC ARP RESOLUTION Cisco Global command mode: arp [ip] [cluster
multicast mac] ARPA arp 192.168.1.100 03bf.c0a8.0164 ARPASTATIC MAC RESOLUTION Cisco Global command mode For example:
mac-address-table static [cluster multicast mac] [vlan id] [interface]
mac-address-table static 03bf.c0a8.0164 vlan 1 interface
GigabitEthernet1/1 GigabitEthernet1/2 GigabitEthernet1/15
GigabitEthernet1/16
So. What can I use here in my situation? I would like to go simple with NIC Teaming. Is it possible? How can I do that?
Ps: see the following diagram:
http://s22.postimg.org/cnovh1ekx/REDUNDANCY_IN_BRIDGE_MODE_Copy2.png
http://i.imgur.com/WbHwSMH.png?1
Hello!
We have tried the bridge mode! Unfortunately the server we tried nics does not support NIC Teaming so we tried the bridge between both NICS. Please, see the attached diagram. If I am correct, the server behaves like a "switch". The redundancy worked because the Spanning Tree on the real switch blocked one of the ports: you can see in the switch output that port 1/1 is on "BLK" state. We then performed a simple test:
(1) With both cables connected, port 1/1 is blocked by STP and port 1/2 is in FORWARD state;
(2) Disconnected cable on port 1/1 and watched. The ping continued as expected because port 1/1 was already blocked;
(3) Plug the cable back on port 1/1. After some seconds the ping returned (the Spanning tree took some seconds to became stable again);
(4) Unplug cable on port 1/2. Again, after some seconds the ping returned (the Spanning tree took some seconds to became stable again);
(5) Plug back the cable on port 1/2.Again, after some seconds the ping returned (the Spanning tree took some seconds to became stable again) and we are back to initial state: port 1/1 blocked and port 1/2 in forward state.
So what do yo think of the bridge mode with redundancy provided by the STP on the real switch?
ps: we will try a redundancy with VMWare on another server, using the vswitches. I will post it back when we have the results. thanks!
Edit: 24/10/2014 – 14:21
Ps: see the following diagram:
http://s22.postimg.org/cnovh1ekx/REDUNDANCY_IN_BRIDGE_MODE_Copy2.png
http://i.imgur.com/WbHwSMH.png?1
Hello!
We have tried the bridge mode! Unfortunately the server we tried nics does not support NIC Teaming so we tried the bridge between both NICS. Please, see the attached diagram. If I am correct, the server behaves like a "switch". The redundancy worked because the Spanning Tree on the real switch blocked one of the ports: you can see in the switch output that port 1/1 is on "BLK" state. We then performed a simple test:
(1) With both cables connected, port 1/1 is blocked by STP and port 1/2 is in FORWARD state; (2) Disconnected cable on port 1/1 and watched. The ping continued as expected because port 1/1 was already blocked; (3) Plug the cable back on port 1/1. After some seconds the ping returned (the Spanning tree took some seconds to became stable again); (4) Unplug cable on port 1/2. Again, after some seconds the ping returned (the Spanning tree took some seconds to became stable again); (5) Plug back the cable on port 1/2.Again, after some seconds the ping returned (the Spanning tree took some seconds to became stable again) and we are back to initial state: port 1/1 blocked and port 1/2 in forward state.
So what do yo think of the bridge mode with redundancy provided by the STP on the real switch?
ps: we will try a redundancy with VMWare on another server, using the vswitches. I will post it back when we have the results. thanks!
Best Answer
NLB will require two servers. Since you only have one, lets throw that option out for now.
Network teaming can be done in a couple different ways. Almost any NIC teaming software can do simple failover to two separate switches. At that point, you would not need to do any configuration on the switches for LACP, you would set the teaming software to do straight failover. In this scenario, only one link would be active until a failover event occured which would switch the active link to the other NIC.
If you want to use LACP, you can stack the switches instead of using an uplink. Setting up stacking would allow LACP across both switches.
edit: Are you running virtual servers within this with Hyper-V? That may change how you do your networking.