For testing purposes I have installed 3 virtual machines on MS VS2005R2: 2 ISA 2006 EE in array and one DC who acts as CSS as well, all machines are joined to the domain and everything works fine. I have enabled integrated NLB for internal and external nic and also a NIC for intra-array communication between ISA's with ip's in a different subnet. It looks like this: ISA 1 Internal nic: 192.168.1.50/24 virtual ip: 192.168.1.60/24 external nic: 172.28.2.24/16 external virtual ip: 172.28.2.25/16 intra-array nic: 192.168.10.80/24 ISA 2 Internal nic: 192.168.1.51/24 virtual ip: 192.168.1.60/24 external nic: 172.28.2.26/16 external virtual ip: 172.28.2.25/16 intra-array nic: 192.168.10.81/24 DC (CSS) server Internal nic: 192.168.1.100/24 with gateway set as internal virtual ip 192.168.1.60/24 intra-array nic: 192.168.10.100/24
DC is primary CSS and ISA1 is secondary CSS. sychronization is working fine, NLB is working fine and doesn't report any errors with configuration.
Now comes the problem: I am testing failover functionality and when I start download on a DC and during the download I turn off one of the ISA's to simulate a failure, download remains active, but when I recover the ISA that has been turned off and turn off the other one, the connection is severed and download breaks up. I wait for 15 minutes before i turn off the other one. My question is: shouldn't the other ISA (the one that has been turned off and turned back on) take over as it has been when the first one was turned off and the second ISA took over, if yes what do I need to do to make it work? Am I missing something and what? For example: I am planning to provide failover functionality to one of the customers who needs to be online 24/7 and for that reason I am trying to simulate downtime for example due to maintenance of the servers, and by now NLB doesn't look promising.
I suppose virtual server2005r2 supports nlb, otherwise I would't be able to setup 2xISA 2006 and enable NLB on them (these are virtual machines running server2003 standard edition with sp1) or do I get the wrong impression? So, all machines are virtual machines (2xISA 2006 EE on w2k3 server standard edition, one DC on w2k3 server standard edition which is at the same time configuration storage server for ISA and they are all in "virtual" domain), all of them use configured "adapters" as internal network except for ISA's external adapter and configured external virtual ip that is connected to our corporate LAN which acts as the internet for ISA 2006 (defined in virtual machine setup as the physical adapter of the machine that acctually runs virtual server), it sounds very confusing when it's laid out like this, but it's not so complicated to set up. I haven't used VMware so I would't know if I could do the same setup. So there is a possibility that virtual server doesn't support nlb, how do I check this? Should I get any errors during the NLB setup?
Please if somebody has the will to check it out and help me solve the problem, I know it would be much easier to test on real hardware not virtual machines but unfortunately I don't have such possibility.
You are correct and I should have been specific. VMware does support multicast mode and I've done articles on this site showing captures of multicast mode NLB in action. ISA EE uses unicast mode, and therefore you can't use it with VMware. As for Virtual PC and MS Virtaul Server, I'm not sure what the level of support is.
I've managed to setup lab with three machines (instead virtual machines) 2xISA2006EE and one CSS that is also DC. I was struggling to overcome flooding issue (using 2 hubs, one for external vip, one for internal vip both connected to the switch) and managed to make it work (be sure to have working NIC's if u try to do it yourself, I had 2 faulty and lots of trouble to identifiy the "it's not working as it should" problem). Now after putting everything together (with very limited hardware resources) one problem still remains, every time when I try to simulate "maintenance" of array members, download that is in progress breaks. (shut down one of the array members, turning it on, waiting for it to become available and operational, then shutting down the other one). Any ideas what might be wrong? (Same thing happened with virtual machines).
I was mislead by the wrong information that the active session should remain active even in the event when the array member that "has" the session stops working (turns off, restarts), I was a bit suspicious about that and the testing revealed it completely and you have just confirmed it.
Next thing is to configure VPN on the array, more articles to read :-)) If I get stuck I'll search for help here.