Monday, March 26, 2012

Windows Network Load Balancing (NLB) and ICMP

If you're running Microsoft Network Load Balancing (NLB) you may not know it but all the nodes in your cluster are responding to ICMP request.  You wouldn't know this by pinging the cluster IP from a windows machine because the implementation of ping on windows ingores duplicated ICMP echo responses.  If you ping the cluster IP from a linux machine or OS X machine you'll see that you're receiving duplicate ICMP echo responses.  This isn't normally a big deal but if you're using third party monitoring, such as pingdom.com, they may report an error on their ping tests for your site.

So how does one stop all nodes in the NLB cluster from responding to ICMP?  I didn't think you could until a co-worker of mind stumbled apon the following link. The link doesn't tell you how to change how the cluster responds to ICMP messages but it show's that there is an option to.  There isn't much documentation that I could find on microsoft's site regarding this.  The only other thing I could find is this.

Now that I knew you could change how the nodes in the NLB cluster responded to ICMP messages, I needed to figure how to change the behavor.  Turns out it's actually just a simple registry setting.

To change it so that the NLB cluster will load balance ICMP traffic, all ICMP traffic will be filtered by the cluster and accepted by only a single host perform the following:

Change HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WLBS\Parameters\Interface\{GUID}\FilterICMP from 0 to 1 on all the nodes in the cluster and then reboot all the nodes.

Where {GUID} is a GUID that refers to the network involved in the NLB cluster you're wanting to change the ICMP filtering functionality on.

Additionally, you can use Windows PowerShell to see if the node is configure to filter ICMP requests or not (make sure you're on a computer that has NLB installed and you open the "Windows PowerShell Modules" so that the NLB commandlets are loaded):

Get-NlbClusterNode test01 | fl *

Outputs:

Cluster                : testcluster.domain.com
Name                   : test01
InterfaceName          : NLB
Host                   : test01.domain.com
State                  : Converged(default)
HostPriority           : 1
AdapterGuid            : {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF}
InitialHostState       : Started
PersistSuspendOnReboot : False
MaskSourceMac          : True
FilterIcmp             : 1
GreDescriptorTimeout   : 10

Unfortunately there doesn't appear to be a way to use PowerShell to change the FilterIcmp setting, so you'll have to edit the registry.

1 comment:

  1. Hey Scott. Thanks to your post, I solved an issue on my W2K8 NLB cluster. Thank you.

    ReplyDelete