Re: ISA Server 2000 NLB on Windows Server 2003
From: Charles Scott (charles.scott_at_qnrl.com)
Date: 08/16/04
- Next message: John [MSFT]: "Re: ISA Server 2000 NLB on Windows Server 2003"
- Previous message: Neal: "HTTP Redirector in ISA 2004"
- In reply to: Emiliano G. Estevez: "Re: ISA Server 2000 NLB on Windows Server 2003"
- Next in thread: John [MSFT]: "Re: ISA Server 2000 NLB on Windows Server 2003"
- Messages sorted by: [ date ] [ thread ]
Date: 16 Aug 2004 14:34:25 -0700
You need to add static ARP entries on the router (or layer 3 switch
interface). Most vendor routers do not dynamically resolve multicast
MAC addresses with a lead byte of 03. Unicast NLB addresses have a
lead byte of 02 and these are dynamically learned by the router
interface. The fact that the router cannot resolve the MAC address
explains why you can ping the NLB address locally, but not from across
the routed network.
Incidentally, if you want to add static CAM entries on the switch at
the same time, you can prevent the switch from port flooding.
I hope this helps.
Charles Scott
Consulting Director
Quorum Network Resources Ltd
"Emiliano G. Estevez" <eestevez@sistran.com.ar> wrote in message news:<uIRW3YKgEHA.380@TK2MSFTNGP10.phx.gbl>...
> Each ISA Server node has his own private IP address and I am able to ping
> each node from every segment, and the mac addresses of those IP's are
> correctly registered in the arp table of the switches, this doesn't happen
> with the virtual ip address assigned to NLB.
>
> Best Regards,
>
> "John [MSFT]" <jhawkins@online.microsoft.com> wrote in message
> news:4KMcDzIgEHA.540@cpmsftngxa06.phx.gbl...
> > Do you have dedicated Ip Addresses on each ISA Node? Are you able to ping
> > those?
> >
> > Thanks,
> >
> > John Hawkins
> > Security Support
> > Microsoft Corporation
> >
> > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> > --------------------
> > >From: "Emiliano G. Estevez" <eestevez@sistran.com.ar>
> > >References: <OKiwLGwfEHA.3272@TK2MSFTNGP11.phx.gbl>
> <dQoS188fEHA.740@cpmsftngxa06.phx.gbl>
> > >Subject: Re: ISA Server 2000 NLB on Windows Server 2003
> > >Date: Wed, 11 Aug 2004 17:03:28 -0300
> > >Lines: 65
> > >X-Priority: 3
> > >X-MSMail-Priority: Normal
> > >X-Newsreader: Microsoft Outlook Express 6.00.2800.1437
> > >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
> > >Message-ID: <uV1A569fEHA.1972@TK2MSFTNGP09.phx.gbl>
> > >Newsgroups: microsoft.public.isa.configuration
> > >NNTP-Posting-Host: 200.55.36.206
> > >Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09.phx.gbl
> > >Xref: cpmsftngxa06.phx.gbl microsoft.public.isa.configuration:7887
> > >X-Tomcat-NG: microsoft.public.isa.configuration
> > >
> > >Hi, I have all the routes to the other segments, and I have double
> checked
> > >the ACL's in my switches, from the other segments I can ping the internal
> > >address of each ISA Server, but I cannot ping the virtual IP address of
> NLB.
> > >
> > >Best Regards,
> > >
> > >"John [MSFT]" <jhawkins@online.microsoft.com> wrote in message
> > >news:dQoS188fEHA.740@cpmsftngxa06.phx.gbl...
> > >> So from your question I am assuming you are load balancing the internal
> > >> network cards of your Array. If this is the case does your ISA Server
> know
> > >> how to respond back to other segments other then the local segement?
> (like
> > >> have you made static routing statements for other segments?....the
> Internal
> > >> card should not have a default gateway.) It sounds like ISA either does
> not
> > >> know how to respond to the other segment or the request is not getting
> to
> > >> the ISA Server.
> > >>
> > >> So you either need a route on the ISA Server to your other segments or
> you
> > >> router or switch needs to know how to send traffic to the ISA Server.
> > >>
> > >>
> > >>
> > >>
> > >> John Hawkins
> > >> Security Support
> > >> Microsoft Corporation
> > >>
> > >> This posting is provided "AS IS" with no warranties, and confers no
> rights.
> > >> --------------------
> > >> >From: "Emiliano G. Estevez" <eestevez@sistran.com.ar>
> > >> >Subject: ISA Server 2000 NLB on Windows Server 2003
> > >> >Date: Tue, 10 Aug 2004 14:40:12 -0300
> > >> >Lines: 10
> > >> >X-Priority: 3
> > >> >X-MSMail-Priority: Normal
> > >> >X-Newsreader: Microsoft Outlook Express 6.00.2800.1437
> > >> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
> > >> >Message-ID: <OKiwLGwfEHA.3272@TK2MSFTNGP11.phx.gbl>
> > >> >Newsgroups: microsoft.public.isa.configuration
> > >> >NNTP-Posting-Host: 200.55.36.206
> > >> >Path:
> > >>
> >
> >cpmsftngxa06.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP1
> > 1
> > >> phx.gbl
> > >> >Xref: cpmsftngxa06.phx.gbl microsoft.public.isa.configuration:7873
> > >> >X-Tomcat-NG: microsoft.public.isa.configuration
> > >> >
> > >> >Hello,
> > >> >
> > >> >I have two ISA Servers in array configured with NLB, I can ping the
> virtual
> > >> >ip addres from the local segment, but I cannot ping from another
> segment,
> if
> > >> >I ping from my switch (cisco catalyst) the switch can resolve the mac
> > >> >address, anybody knows why? and how can I fix this.
> > >> >
> > >> >Best Regards,
> > >> >
> > >> >
> > >> >
> > >>
> > >
> > >
> > >
> >
- Next message: John [MSFT]: "Re: ISA Server 2000 NLB on Windows Server 2003"
- Previous message: Neal: "HTTP Redirector in ISA 2004"
- In reply to: Emiliano G. Estevez: "Re: ISA Server 2000 NLB on Windows Server 2003"
- Next in thread: John [MSFT]: "Re: ISA Server 2000 NLB on Windows Server 2003"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
