Environment:
TMG array –> F5 Load Balancer –> Published service
Problem:
When traffic comes in through TMG to F5, F5 doesn’t respond correctly to the load balanced request and then TMG doesn’t see any response.
Reason:
- F5 extracts the MAC address from the Ethernet header instead of arp requests
- MS NLB uses MAC address spoofing to prevent switch port flooding in unicast NLB. NLB will mask the MAC address of a host with the NLB cluster host number and assign to each node in the cluster.
- Since F5 doesn’t use arp requests, the NLB driver isn’t used to properly assign the correct MAC address to the sending host via the arp request.
Solution:
- Set MaskSourceMAC registry value to 0 on the adapters on both TMG servers that are in the NLB array sending to F5. http://support.microsoft.com/?id=193602
- Put a Hub between the F5 and the TMG array to prevent switch port flooding.