You need to be able to configure the VMs in a Network Load Balancing (NLB) cluster

Your network includes several virtual machines (VMs) that are distributed across a Windows
Server 2008 R2 Hyper-V failover cluster. You need to be able to configure the VMs in a
Network Load Balancing (NLB) cluster. What should you do on each VMs network adapter?

Your network includes several virtual machines (VMs) that are distributed across a Windows
Server 2008 R2 Hyper-V failover cluster. You need to be able to configure the VMs in a
Network Load Balancing (NLB) cluster. What should you do on each VMs network adapter?

A.
Enable MAC address spoofing.

B.
Disable MAC address spoofing.

C.
Enable TCP Offload Engine (TOE).

D.
Disable TCP Offload Engine (TOE).

Explanation:

In Windows Server 2008 R2 Hyper-V and Hyper-V Server 2008 R2, there is a new option
(Enable Spoofing Of MAC Addresses) in the virtual network adapter settings to enable, as
you can probably guess, spoofing of MAC addresses. If you do not select this option and
disallow MAC address spoofing, the following rules are enforced:
The virtual switch port that connects the virtual network adapter sends and receives packets
that contain any valid MAC address.
The virtual network adapter MAC address cannot be moved or associated with another
virtual switch port.
The virtual switch port does not forward unicast flooded packets (packets that are forwarded
to all switch ports if the destination MAC address is not found in the switch forwarding table)
to the virtual network adapter.
You cannot override the virtual network adapter MAC address configuration using the
Network Address key in the virtual machine registry.
If you select the option to enable MAC address spoofing, the MAC address can be learned
on other ports, and the following actions will be allowed:
The virtual switch port that connects the virtual network adapter can send and receive
packets that contain any MAC address.
The virtual switch port dynamically learns of new MAC addresses and the virtual switch can
add them in its forwarding table.
The virtual switch port will receive and forward unicast flooded packets to the virtual network
adapter. You can override the virtual network adapter MAC address configuration using the
NetworkAddress key in the virtual machine registry. If you place the virtual network adapter
in promiscuous mode and enable MAC address spoofing, the virtual network adapter will be
allowed to receive Unicast flooded packets Ping Dropped in Hyper-V in Server 2008 R2 of
NLB When you Configure your NLB host in unicast mode you wont be able to access
dedicated IPs of your Guest VMs. However here a by Spoofing your VMs MAC IDs you can
access your NLB host. By default your this will be turn off.

Remember: Enabling this option will give ability to VMs to Override their MAC and send and
receive traffic using any MAC ids. Virtual switch in Hyper is Layer-2 switches. hence if
Malicious VMs start sending packet with MAC owned by other machine then it may cause
security flaws (DOS attacks). NLB – Hyper-V Virtual Machines
Assumptions:
Guest Operating System is Windows 2008 R2
HyperV Host is running Windows 2008 R2
Each VM guest has two network adapters presented to it.
NLB Cluster will be in (UNICAST) Mode
Configuration Steps:
Configure Network Adapters
Configure Network Load Balancing

Validate Configuration
Scenario: Desired NLB Configuration
The image below illustrates the desired NLB topology/configuration for this article.
Note: This particular scenario is used for an Intranet, so the NLB and CorpNet networks are
on the same network. If we desired external access to the NLB cluster, the NLB and
CorpNet would most likely be on separate networks.

Configure Network Adapters
Note: When runningUnicast, the NIC that has NLB enabled will have its’ MAC Address
overwritten (Each Node will share the MAC address assigned to the NLB Cluster). Because
of this there will be additional configuration required within HyperV for the assigned NLB
network interfaces.
1. Install on the Guest VM Windows 2008, and install the latest patches and drivers.
2. Create DNS A-Record for the Cluster Name. My cluster name isNLBCluster.contoso.com

3. On each Guest, in Windows Rename the network connections accordingly. I have mine as
such:

4. On each Guest VM, in Windows, Configure each Network Adapter based on your network
address scheme.
The required configuration information for each Network adapter is as follows:
NLBNIC: IP Address and Subnet Only Configured
Metric: 20
WINS: Disable Netbios
IMPORTANT: DO NOT MANUALLY select the “network load balancing (NLB) connection”!!
This will happen automatically during the NLB Cluster creation process. If its manually
selected the NLB Cluster creation will not pick up this network interface as an option. This
image is merely to serve as a reference to remove all connections accept NLB and TCP.

Corp NetworkNIC: Corporate network configuration (IP, GW, DNS).
Metric: 1
Binding Order
Corp Network
NLB
Remote Access Connections

My Server NIC configuration:
Server1

Server2

5. Once the NICs are configured… Run anIPCONFIG /alland note theIPandMAC
Addressassignment for both Network Interfaces.
Note:Once the cluster is created, the designated cluster Network Interface will receive a new
MAC Address, and NLB Property will be Enabled on the Network Interface (NLB)

6.IMPORTANT!!! By defaultWindows 2008 has IP Forwarding disabled. In order for this
configuration with TWO NLB NICs to work and Not Define a Gateway to adhere to best
practices, you have to enable IP forwarding on theNLB NICso that requests sent to it are
forwarded to the other; otherwise backend communication will not function. Below is the
simple command line to run on each NLB Node.
Note: Be sure to open the command prompt as “Run as Administrator”, also if you are
running IPV6 make sure to substitute the ipv4 with ipv6.
My Scenario:netsh interface ipv4 set int “NLB” forwarding=enabled
7. Next proceed with creating and configuring the new NLB Cluster.
Create and Configure Network Load Balancing Cluster
This process will detail the process for creating and configuring the NLB Cluster.
1. Log into one of the Guest Virtual Machines (NLB Nodes). In my caseServer1 (First node
in the cluster)
2. Right ClickNetwork Load Balancing Manager, and select “RUN AS ADMINSTRATOR”.
3. In the console tree, right-clickNetwork Load Balancing Clusters, and then clickNew
Cluster.
4. In theHostbox, type the computer name (Server1.contoso.com) of the guest virtual
machine that will be the first host of the cluster, and then clickConnect. (Host Name, not
cluster name)
5. In the Interfaces available for configuring a new cluster list, select a network adapter for
theNLBcluster, and then clickNext.
6. Under interfaces selectNLBNetwork Interface.
Note: If your NLB Network interface does not show up in the list, verify that the “Network
Load Balancing” property is un checked within the network interface properties. NLB will not
pick up the network interface if that checkbox is already enabled.
7. On the New Cluster:Cluster IP Addressesscreen, define the virtual IP address. In my case
its the IP Address assigned to

NLBCluster.contoso.com A-Record (192.168.1.130)for the NLB cluster.

Important:Note the MAC addressin the Network Address property, and then clickNext. You
will use this MAC address later.
8. UnderCluster operation mode, clickUnicast, and then clickNext.
9. Complete the rest of the NLB configuration, and then shut down the virtual machine.
10. At this point you have a single node within the NLB Cluster, and the MAC Address has
been changed. To verify, run anIPCONFIG /ALL, and check to see if the NLB Network
Connection changed from what was previously noted, to a new MAC Address. In my case,
mine changed from (Previous MAC:00:15:5D:CC:16:5E to02:BF:0A:01:0A:A0).
11. If you didn’t do it in step 7, be sure to note the new MAC Address, andshutdownthe Node
(Server1).
12. Once the Guest (Server1) is shutdown, open HyperV Manager and Select theServer1 >
Settings >
Network Adapter(The one assigned to NLB).
13. Under MAC Address, set the MAC Address toSTATIC, and enter the MAC Address
assigned to the NLB
Network Interface (Note earlier).
15. Next select “Enable spoofing of MAC addresses”, and select apply.

Add the second VM to the NLB Cluster
1. Continuing from step 15, startup the VM (Server1) and log into Windows.
2. OpenNetwork Load Balancing Manager(RUN AS ADMINISTRATOR).
3. Right click theNLB cluster, and then clickAdd Host To Cluster.
4. Specify the name of the new host (Server2), and then clickConnect. The network adapters
that are available for the host are listed at the bottom of the dialog box.
5. Click the network adapter that you want to use for Network Load Balancing (In my
caseNLB), and then click Next.

6. The IP address that is configured on this network adapter is the dedicated IP address
(192.168.1.132) for this host.
7. Complete the rest of the NLB configuration, and then shut down the virtual machine
(Server2).
8. Once the Guest (Server2) is shutdown, open HyperV Manager and Select theServer1 >
Settings > Network Adapter(The one assigned to NLB).
9. Under MAC Address, set the MAC Address toSTATIC, and enter the MAC Address
assigned to the NLB Network Interface (Note earlier).
10. Next select “Enable spoofing of MAC addresses”, and select apply.

11. Next, Start the virtual machine (Server2).
12. Open Network Load Balancing Manager.
13. Verify that the NLB cluster is up as well as both nodes.
14. At this point you now have a two-node NLB Cluster, each node sharing the same MAC
address on the NLB network interface.



Leave a Reply 0

Your email address will not be published. Required fields are marked *

2 × two =