Tom, could you explain this again with a little more details
Quick Tip: You can tell a multicast MAC address from a unicast MAC address by looking at the high order octet in the MAC address. If the low order bit in the high order octet in the MAC address is 1, then the address is a multicast MAC address. If the low order bit in the higher order octet in the MAC address is 0, then the address is a unicast MAC address.
HI Tom, following para is from your article "NLB solves this problem by masking the cluster MAC address. The switch learns MAC addresses associated with its ports by looking at the source MAC address in the Ethernet frame header. NLB will create a bogus MAC address and assign that bogus MAC address to each adapter in the NLB array. NLB will assign each NLB adapter a different bogus MAC address based on the host ID of the array member and this address will appear in the Ethernet frame header. " As mentioned in your Article as above we tried to do NLB using Unicast, But unfortunately we are not getting the Bogus MAc Address getting registered. So i entered a static ARP entry for the bogus and it started working. But after some time again it stopped working and i noticed that there is an Dynamic ARP entry for "NLB MAC address" registered to only ONE OF THE PORT for the Cluster IP Address. This is causing us problem. Now my questions are : 1) Will the bogus MAC address based on the Host id will get register automatically ? 2) Why does the NLB MAC Address appear dynamically on the ARP for one of the port, and how can we remove this. I hope the questions are clear Thanks and Regards Najeeb
Ok, but what should the network do to protect itself?
I'm an IT consultant and have a client that has 3 ISA servers generating multicast traffic all over their flat Ethernet network.
They have 400 users, 30 servers and about 60 switches in one VLAN. All of corporate uses these ISA as their Internet proxies. So they are important and heavily used. Other corporate servers are mixed in with the corporate office users. I know its a bad design and am recommending moving all servers to a separate VLAN, but what to do about the flood? Moving the ISAs to the same VLAN as the other servers will affect them also.
Do I need to turn on IGMP support for the switches to minimize port flooding or move the servers into their own VLAN to they don't bother the users and other servers?
The easiest and often best solution is to create a dedicated VLAN for the NLB enabled interfaces as this will isloate the broadcast traffic to this VLAN and prevent the switch flooding for other hosts.
The alternative otpion is to move ISA over to using multicast NLB but this takes a little more work and also needs associated network changes if you have a routed network.