27Microsoft Network Load BalancingNetwork load balancing (NLB) is a clustering functionality that is implemented by Microsoft on Windows2000 Server and Windows Server 2003 operating systems (OSs). NLB uses a distributed methodology orpattern to equally split and balance the network traffic load across a set of servers that are part of thecluster or group. NLB combines the servers into a single multicast group and attempts to use thestandard multicast IP or unicast IP addresses, and MAC addresses to transmit of network traffic. At thesame time, NLB also uses a single virtual IP address for all clients as the destination IP address, whichenables servers to join the same multicast group that is transparent to the clients (the clients do notnotice the addition of new servers to the group). The clients use a cluster IP address to connect to theserver. For optimal processing of data packets, NLB enables flooding of traffic over the virtual local areanetwork (VLAN) ports (for Unicast mode) or a subset of ports in a VLAN (for Multicast mode) to avoidoverloading and effective performance of the servers.NLB functions in two modes, Unicast mode and Multicast mode. Configure the cluster IP address and theassociated cluster MAC address in the NLB application running on the Windows Server.• In Unicast mode, when the server IP address attempts to be resolved to the MAC address using theaddress resolution protocol (ARP), the switch determines whether the ARP reply, obtained from theserver, is of an NLB type. The switch then maps the IP address (cluster IP) with the MAC address(cluster MAC address).• In Multicast mode, the cluster IP address is mapped to a cluster multicast MAC address youconfigured using a static ARP command. After the NLB entry is learned, the traffic forwards to allthe servers in the VLAN corresponding to the cluster virtual IP address.NLB Unicast Mode ScenarioConsider a sample topology in which you configure four servers, S1 through S4, as a cluster or a farm.This set of servers connects to a Layer 3 switch, which connects to the end-clients. The servers contain asingle IP address (IP-cluster address of 172.16.2.20) and a single unicast MAC address (MAC-Clusteraddress of 00-bf-ac-10-00-01) for load-balancing. Because multiple ports on a switch cannot learn asingle MAC address, the servers are assigned MAC addresseses of MAC-s1 to MAC-s4), respectively, on S1through S4 in addition to the MAC cluster address. All the servers of the cluster belong to VLAN1.In Unicast NLB mode, the following sequence of events occurs:• The switch sends an ARP request to resolve the IP address to the cluster MAC address.• The ARP servers send an ARP response with the MAC cluster address in the ARP header and a MACaddress of MAC-s1/s2/s3/s4 (for servers S1 through S4) in the Ethernet header.• The switch associates the IP address with the MAC cluster address with the last ARP response itobtains. Assume that the last ARP reply is obtained from MAC-s4 (assuming that the ARP responsewith MAC-s4 is received as the last one). The interface associated with server, S4, is added to the ARPtable.• With NLB enabled, after learning the NLB ARP entry, all the subsequent traffic is flooded on all ports inVLAN1.Microsoft Network Load Balancing 549