ARP resolution for cluster IP address
The following diagram captures how ARP is resolved for cluster IP addresses:
The following figure depicts how the ARP request and response packets are exchange between router R1 and the servers S1, S2, and S3:
The following sequence describes the packet exchange between the router and servers in this use case:
- ARP responses from servers may reach R1 in any order.
- From the ARP responses 1, 2, and 3, router R1 learns the MAC addresses corresponding to the following servers: Server1, Server2, and Server3.
- From the ARP responses 1, 2, and 3, router R1 does not learn the cluster MAC addresses as these addresses are embedded in the payload of the ARP responses. But, the ARP entry corresponding to the cluster IP is learned.
- Typically, a route or host entry is constructed as depicted in the following:
- As the router R1 cannot learn the cluster MAC address, the route entry corresponding to the cluster IP is incomplete without a MAC address. The following figure depicts this behavior:
NLB modes
NLB functions in the following modes: Unicast mode and Multicast mode.
NLB unicast mode
In NLB Unicast mode, each NLB cluster is assigned with a unicast MAC address. The Layer 3 routers directly connected to the NLB clusters do not learn unicast cluster MAC addresses. As a result, incomplete route entry is created or learned for the cluster IP addresses.
The absence of a complete route entry for cluster IP addresses results in packet drops, especially the ones that are destined to cluster IP addresses.
After you enable NLB feature, Layer 3 routers that are directly connected to the NLB clusters must ensure that packets that are destined to NLB clusters are replicated and each member port of the NLB VLAN receives a separate copy of the packets. This behavior introduces unicast flooding.
The following diagram depicts a typical NLB unicast topology:
The following list describes the legends 1, 2, 3, and 4 depicted in the NLB unicast topology diagram:
- Legend 1 - Client 1 sends packets to the cluster with the following IP address: 172.16.2.20.
- Legend 2 - An incomplete route entry, 172.16.2.20, exists in router R1. Due to this, incomplete route entry packets are dropped.
- Legend 3 - An explicit forwarding rule is added to override the incomplete entries. As a result, packets are flooded to all the members of the NLB VLAN.
- Legend 4 - Duplicate packets are sent out on all the member ports of the NLB VLAN.
NLB multicast mode
In NLB Multicast mode, each NLB cluster is assigned with a multicast MAC address. The ARP reply from the NLB servers contains a multicast MAC address in the ARP header similar to NLB Unicast mode.
Layer 3 routers directly connected to NLB clusters do not learn Multicast cluster MAC addresses.
Failure to learn the MAC addresses of NLB clusters with Unicast MAC or Multicast MAC addresses, results in incomplete route entries that are created or learned for cluster IP addresses.
The absence of a complete route entry for cluster IP addresses results in packet drops, especially the ones that are destined to the cluster IP addresses.
After you enable the NLB feature in a Layer 3 router, the Layer 3 router must ensure that packets that are destined to an NLB cluster are replicated and a copy of the packet is sent on the configured set of ports that are a part of the NLB VLAN.
The following diagram depicts a typical NLB multicast topology:
The following list describes the legends 1, 2, 3, and 4 depicted in the NLB multicast topology diagram:
- Legend 1 - Client 1 sends packets to the cluster with the following IP address: 172.16.2.20.
- Legend 2 - An incomplete route entry, 172.16.2.20, exists in router R1. Due to this, incomplete route entry packets are dropped.
- Legend 3 - An explicit forwarding rule is added to flood the packets to the configured set of ports (P1 and P2).
- Legend 4 - Duplicate packets are sent out on the configured set of ports (P1 and P2).
Non-VLT scenario
The following diagram depicts the non-VLT topology:
The following sequence describes the non-VLT topology:
- Client 1, 2, 3, and 4 use 172.16.2.20 (cluster IP) as destination IP address.
- Router R1, routes the packets from clients that are present in either VLAN 200 or VLAN 300 to the NLB VLAN 100.
- While routing the packets into VLAN 100 (NLB VLAN), router (R1) ensures that the packets are sent out on the appropriate member ports of VLAN 100.
- NLB takes care of distributing the requests among the servers in the cluster.
Client 3 is serviced by Server 1, Client 2 is served by Server 2 and Clients 3 and 4 are serviced by Server 3.
Non-VLT - L2 and L3 switch connect NLB cluster and clients
The following diagram depicts the non-VLT scenario where Layer 2 and Layer 3 switches connect NLB cluster and client:
The following sequence describes the non-VLT scenario where Layer 2 and Layer 3 switches connect the NLB cluster and clients:
- Clients 1, 2, 3, and 4 use 172.16.2.20 (cluster IP) as destination IP address.
- Router R1 routes packets from clients to the NLB VLAN 100. Always a single copy of packets is sent to switch S1.
- While switching packets into VLAN 100 (NLB VLAN), switch (S1) ensures that the packets are sent out on the appropriate member ports of VLAN 100.
VLT scenario
The following diagram depicts a typical VLT NLB topology:
The following sequence describes the VLT scenario:
- Clients 1, 2, 3, and 4 use 172.16.2.20 (cluster IP) as destination IP address.
- Router R1 routes packets from clients to the NLB VLAN 100.
- While routing packets into VLAN 100 (NLB VLAN), router (R1) ensures that the packets are sent out on the appropriate member ports of VLAN 100.
- NLB takes care of distributing the requests among the servers in the cluster.
Client 1 is serviced by Server 1. Client 2 is services by Server 2, and Clients 3 and 4 are serviced by Server 3.