Balancing Act: Dual-NIC Configuration with Windows Server 2008 NLB Clusters



Dual-NIC NLB Configuration with Windows Server 2008 NLB Clusters

We’ve had a few calls from customers who have run into a particular issue when they’ve deployed NLB on a Windows Server 2008 cluster.  Most of them have had older NLB deployments and thought we made a change to 2008 NLB to cause a problem. The installations with the issue have dual-NIC nodes with the default gateway on the Outbound NIC.  This is the reported behavior:

  • Communication with the cluster IP from a computer on the same subnet works without a problem
  • Communication with the cluster IP from an computer on a different subnet fails
  • If you move the default gateway to the cluster NIC, everything works

What does that look like?

In some cases, you might want to keep your default gateway on a 2nd NIC in order to have all inbound traffic use one interface and outbound traffic use another, as shown in the diagram below:


In Windows Server 2003, a packet from the client would route in through the inbound NIC and because the response was not from the same subnet, it would be sent back via the outbound NIC to the default gateway and back to the client.  The problem with the above configuration on a 2008 server is that we disabled IP forwarding by default.  Therefore, when the packet enters the inbound NIC, without a default gateway, it has no way to get off subnet and the packet is dropped.

Does that mean it won’t work in Windows Server 2008?

There is actually a simple change in order to get this to work without putting the default gateway on the cluster NIC.  You need to enable routing using one of the two following methods – via netsh or via the registry:

Via netsh:

  • First, you need to get the name of the Cluster NIC.  This appears in “Network Connections” or, from the command prompt, run the following command:
    • netsh interface show int
  • The output will look like this:
Admin State    State          Type             Interface Name
Enabled        Connected      Dedicated        Cluster NIC
  • That will show you the interfaces in the server.  Find the name of the cluster NIC and put it in quotes in the following command:
    • netsh interface ipv4 set interface "Cluster NIC" forwarding=enabled
  • You can confirm that it is changed by running the command:
    • netsh interface ipv4 show interface l=verbose
  • If the look at the output below, you’ll see that Forwarding is now enabled:
Interface Cluster NIC Parameters
IfLuid                             : ethernet_5
IfIndex                            : 10
Compartment Id                     : 1
State                              : connected
Metric                             : 20
Link MTU                           : 1500 bytes
Reachable Time                     : 30000 ms
Base Reachable Time                : 30000 ms
Retransmission Interval            : 1000 ms
DAD Transmits                      : 3
Site Prefix Length                 : 64
Site Id                            : 1
Forwarding                         : enabled
Advertising                        : disabled
Neighbor Discovery                 : enabled
Neighbor Unreachability Detection   : enabled
Router Discovery                   : dhcp
Managed Address Configuration      : enabled
Other Stateful Configuration       : enabled
Weak Host Sends                    : disabled
Weak Host Receives                 : disabled
Use Automatic Metric               : enabled
Ignore Default routes              : disabled

Via the registry

Add the following value:

Key name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
Value Name: IpEnableRouter 
Data Type: REG_DWORD 
Value: 1  

Be sure to reboot the server for the change to take effect. The netsh command does not require a reboot.

Hopefully, this blog will provide you with a quick fix for your new Server 2008 NLB deployment!

– Michael Rendino and Pete Sullivan