TMG NLB and F5 Publishing Problems


Environment:

TMG array –> F5 Load Balancer –> Published service

Problem:

When traffic comes in through TMG to F5, F5 doesn’t respond correctly to the load balanced request and then TMG doesn’t see any response.

Reason:

  1. F5 extracts the MAC address from the Ethernet header instead of arp requests
  2. MS NLB uses MAC address spoofing to prevent switch port flooding in unicast NLB. NLB will mask the MAC address of a host with the NLB cluster host number and assign to each node in the cluster.
  3. Since F5 doesn’t use arp requests, the NLB driver isn’t used to properly assign the correct MAC address to the sending host via the arp request.

Solution:

  1. Set MaskSourceMAC registry value to 0 on the adapters on both TMG servers that are in the NLB array sending to F5. http://support.microsoft.com/?id=193602
  2. Put a Hub between the F5 and the TMG array to prevent switch port flooding.
About these ads

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s