Working with NLB - RDP Not Working with Black Screen. Some Considerations

Windows Network Load Balancing (NLB) is a feature that distributes network traffic among multiple servers or virtual machines within a cluster to avoid overloading any hosts and improve performance. The Network Load Balancing feature uses the TCP/IP networking protocol to route traffic to different hosts based on a user's settings and a proprietary Microsoft distribution algorithm. The feature is available in Microsoft Windows Server 2008, 2008 R2, 2012 and 2012 R2 operating systems.

Network Load Balancing can also ensure network traffic is re-routed to remaining hosts if one or more hosts within the cluster fail unexpectedly. A Network Load Balancing cluster can scale up to 32 servers/nodes.

We can use NLB when configuring Terminal Servers High Availability. Let's take for instance the picture below:

All the Internal Users and possible External Users can use the VIP Address of the NLB to reach one of the Terminal Servers. If one Server is Down, the NLB automatically redirects all the requests to the remaining one. The same happens with WebServers.
 

Let's see some of the most common problems and considerations:

 

Why are Unicast & Multicast so Important

 

Unicast or multicast mode defines how the cluster MAC address (from the VIP) is handled. The network traffic sends packets for the cluster virtual IP based on the cluster MAC address advertised by the cluster. The cluster virtual IP MAC address is used because all traffic for the NLB cluster need be delivered to all nodes.

 

• Unicast issues to consider

1. You need two NICs ports. Don't even consider using a single NIC NLB solution in production;
2. Port Flooding can’t be stopped on the switch level;
3. It does work in most environments.

• Multicast issues to consider

1. You can use a one NIC solution. Multicast allows setting up an NLB cluster with only one NIC which, by some, is considered a benefit. I never implement single NIC Windows Network Load Balancing solutions.
2. Port Flooding. But here we have some good news for switch admins. Multicast also allows you to stop port flooding by using static arp entries on the switches upstream of your server. This is very valuable. When you only have a couple of nodes in the NLB or can’t create or use VLANs to separate the NLB traffic this is a very good reason to use multicast;
3. Routers might not support mapping a unicast IP address (the cluster IP address) with a multicast MAC address. In these situations, you must upgrade or replace the router. If that’s not possible than you can’t use multicast.

• Bottom Line
• When practical I use unicast with multiple NICs and when the circumstances or the products used allows, I use multicast with multiple NICs.

 

 

Some of the Most Common Problems with NLB

 

Here’s a bullet list of what people tend to do Wrong when configuring NLB network settings:

 

• Virtualization. You must enable MAC Address spoofing on the NLB network card on the Hyper-V or ESXi Server:

 

 

•  Default Gateways. No support for multiple gateways that are on multiple subnets. But the default gateway does not have to be empty on the NLB NIC that is on the same management network.

• Subnets. The Private and the NLB NIC can be on separate or the same subnets. There is no requirement to have different subnets for every NIC.

• Routes. Don’t forget about static routes where and when needed. Only user routes if you using multiple subnets. For instance if you want to reach the network 10.30.0.0/16 using the NLB interface (10.10.0.1), you can use this:
• route add -p 10.30.0.0 mask 255.255.0.0 10.10.0.1

• Binding. Mind the order of the connections in Adapters and Bindings. The first connection is always the Management interface (DNS, AD, RDP, etc.). That prevent any issues (speed, functionality) of those services and your experience will be much better.

• Forwarding. Depending on how many NICs you use and how traffic must flow you might have to do it on more than one NIC, normally the one(s) without a default gateway.
• netsh interface ipv4 set interface "NLB NIC" forwarding=enabled

For instance, if you didn't forward or route the NLB interface (last bullet point), when users from other networks try to RDP access, they will get a black screen with timeouts.

 

If you want to add more information, please let me know.
Happy Load Balancings!