SHARE POINT 2010

Setup Load Balance(NLB) in SharePoint 2010 Farm

Basics of NLB

What is load balancing?

System that increases the scalability & high availability of the servers that provide access to data.

Other NLB methods:

  •        >> A virtual IP address (VIA) is used to distribute requites between multiple severs
  •        >> Not suitable for all applications

      What is Windows NLB?

  •        >> Is a fully distributed software solution for load balancing

 >>Is included with all versions of Windows Server 2008  

 Requirements  for Windows NLB:

  •       >>  At least one network adapter for load balancing
  •        >>Only TCP/IP on the NLB adapter
  •        >> All NLB nodes on the same subnet

    What are port rules?

Specify how requests to a certain IP address & port range are handled.
Port rules define:
>> Filtering mode
>> Affinity
>> Load weight
>> Handling priority 

     What is the filtering mode?

Filtering mode Description
Single Host Only the NLB node with the highest priority responds
Disable this port range All traffic for this port range is blocked
Multiple hosts All NLB nodes respond based on the weight assigned to each node.


What is affinity?

Affinity controls how requests from a client are distributed among multiple nodes in an NLB cluster

Affinity Description
None Each client request could be distributed to any node
Single All requests from a single client are distributed  to a single node
Network Directs clients requests to the closest node on the basis of subnet

————————————————————————

Scenario: 

NLB is a feature installed on any Windows Server 2008 system and optimized for IIS. It provides basic level of software load balancing. The scenario is that we have 2 or more web   fronts (SharPoint 2010 farm) with two or three IPs that participates in load balancing and create a single virtual IP to our users and NLB decides which web front would serve the users via priority. NLB reduces the load on a web front end & provides quality of f service to users.

 

      

  In this topology above two servers, SP2010WFE1 and SP2010WFE2 and we will install NLB feature at both the machines.  We present to our users a single virtual server with host name to Portal and IP address of 192.168.10.10. 

Step1: Adding NLB feature

Add NLB feature at both SP2010WFE1 SP2010WFE2 as NLB feature has to installed on both the machines.

 

Step2: Creating the cluster 

Navigate to Start >> Administrative Tools >> Network Load Balancing Manager on SP2010WFE1 server & right click to create “New Cluster

The Host would be the first server i.e. SP2010WFE1
The Priority would be first server.

 

Now we set up the cluster which is called as virtual IP address (VIP). The IP address that is NOT taken and we cant use SP2010WFE1 and SP2010WFE2. It should be unique. I created a new IP address 192.168.10.10 as the cluster IP address.
In the cluster IP configuration, I supplied full internet name as portal.contoso.com (I will create a DNS entry in the later step) and in the cluster operation mode to be Multicast.

Click the “Finish” button and kept the default settings.

Note: Normally in the production environment, we have to limit this because only NLB nodes should be participated. Thus, we can customize the port rules for the production environment. In my example I have only two nodes, i.e. SP2010WFE1 and SP2010WFE2, so I keep it default settings.

Now, we add the second server (SP2010WFE2).

 

I put this server’s priority to 2.

Its waiting time for both the nodes to be converged and keep refreshing the NLB manager till both the nodes are converged.

We now switch to SP2010WFE2 server and we will observe that both the cluster nodes have been automatically converged. Please note it will take some time to converge the nodes.

Step 3: Creating a DNS entry 

Create “A record” in the SP2010WFE1 server within the  “Forward Lookup Zones” and type in:
Name: portal
IP Address: 192.168.10.10 (virtual IP address)

Step 5IIS Settings 

On the IIS manager, right click on “SharePoint – 80” web application >> Edit Bindings >> Add a new host name.

 

Perform IIS at both machines by navigating Run >> cmd (prompt) >> IISRESET

Step 6: Logging into SharePoint Central Administration

Navigate to SharePoint 2010 Central Administration >> System Settings >> Configure alternate access mappings, choose correct web application and under “Default” zone type in: http://portal/

and punch in the http://portal.contoso.com

I tried the administrator log in credentials numerous times but my attempts went in vain. I again researched and tried to make NLB cluster working. I found that from different blog posts about the same issue and found a workaround.
Step7:  DisableLoopbackCheck on Windows Server 2008 R2 server. 
What is the issue? 
Windows Server 2003 SP1 and Windows Server 2008 introduced a loopback security check according to Spence Harbar & mentioned that its a Microsoft security feature. Please refer to his blog about more details.
Even I faced the same issue when  I typed in the http://portal.contoso.com and constantly prompted for the username and password. There is Microsoft KB article 896881 and I followed Method 2. It fixed the issue for me.
Step8: Failover
 
For testing the NLB cluster, I navigated to SP2010WFE1 server and stopped the server.
I was able to browse both at SP2010WFE1 & SP2010WFE2.
If I stopped both the nodes, I was not able to browse at either of SharePoint Web Front Ends.

Thanks
  http://aarohblah.blogspot.in/2013/01/how-to-setting-up-nlb-in-sharepoint.html
References: 
1) Clustering and High-Availability (MSDN)
2) Network Load Balancing Windows Server 2008 ( YouTube: Arabic)
3) How to Setup Load Balance in SharePoint 2010 Farm
4) SharePoint Central Administration: High Availability, Load Balancing, Security & General Recommendations (Harbar)

Disable loopback check 
4) SharePoint disable loopback check
5) DisableLoopbackCheck & SharePoint: What every admin and developer should know. (Harbar)
6) Disable the loopback check (MDSN)

 

*****************************************************************************

Install Domain Controller – Part1 of building my own development SharePoint2010 Farm

As the memory become really cheap now, a couple days ago I have updated my laptop memory to 12g. Plus I got my old desktop ,now I decide to build my own SharePoint farm at home. I decide to document the steps to build a simple SharePoint farm. I will use  VMware for desktop virtualization and  windows server 2008 r2 as the operating system.

In the first part of this series of building my own SharePoint farm. I will create my domain controller. Here are the steps to install it:

  1. Open the command line by going to run and type CMD and then type dcpromo in the command line.

    The AD Installation wizard will prompt and click next.

2. Click next as shown in the screenshot.

3. Select creates a new domain in a new forest and click next.

4. Type a domain name (e.g. ybbest.com) and click next.

 

 

 

 

 

 

 

 

 

 

 

5.In my case , I select Windows Server 2008 R2 forest Functional level and click next

6. Leave the default and click next.(If you have not make a static IP address , you need to do so now)

7.You might get scary prompt like the screenshot below , just ignore the message and click Yes.

8.Leave the default settings and click Next

9.Type a password when you need to restore your Domain

10.Click Next and restart your computer ,this will install your Domain Controller.

 

PART 2

In this article I will load balance 2 servers and take you through the process step-by-step. Load Balancing takes 2 or more servers and lets them share one IP address so both servers can serve client requests. At the end of this article you should be able to configure NLB.

Gathering Information

Log onto both of the servers and run IPCONFIG /ALL from the command prompt. We need the name, domain and IP address of each server that will be in the NLB Cluster. We will also need to make up an additional name for the cluster in this example we will use SERVER-LB for the virtual cluster name.

The 2 servers we will be Load Balancing are SERVER01 and SERVER02. The virtual cluster name will be SERVER-LB. So if this was a web server users would go to http://SERVER-LB, depending how we configure NLB either SERVER01, SERVER02 or both servers will service the web request.

SERVER NAME IP ADDRESS TYPE
SERVER01.pintolake.net 192.168.1.201 Server 1
SERVER02.pintolake.net 192.168.1.202 Server 2
SERVER-LB.pintolake.net 192.168.1.200 Virtual cluster name and IP address of Servers 1/2

In this example both servers only have one network card. If you have multiple network cards you will still be able to load balance the 2 servers. You need to configure one NIC per server for NLB, both NIC’s should be on the same VLAN and be they should able to contact each other.

SERVER01

SERVER02

SERVER01: NLB Configuration

Open “Network Connections” from the control panel. Right click the network connection you want to use for NLB on SERVER01. Check off the “Network Load Balancing” option and press “Properties”

There are 3 tabs, we will configure all three in this example.

Under the “Cluster Parameters” tab

  • Enter the IP address of the cluster. We are using 192.168.1.200 in this example, the subnet mask is /24 (255.255.255.0).
  • Enter a cluster name, let’s use SERVER-LB.pintolake.net. This name was made up and is used to identify the cluster by name, this name will have to be entered in DNS manually (I cover this later).
  • Select Unicast for the “Cluster operation mode” setting.
  • Now move on to the “Host Parameters” tab

Unicast vs Multicast

Unicast/Multicast is the way the MAC address for the Virtual IP is presented to the routers. In my experience I have almost always used Multicast, which if you use you should enter a persistent ARP entry on all upstream switchs or you will not be able to ping the servers remotely.

In the unicast method:

  • The cluster adapters for all cluster hosts are assigned the same unicast MAC address.
  • The outgoing MAC address for each packet is modified, based on the cluster host’s priority setting, to prevent upstream switches from discovering that all cluster hosts have the same MAC address.

In the multicast method:

  • The cluster adapter for each cluster host retains the original hardware unicast MAC address (as specified by the hardware manufacture of the network adapter).
  • The cluster adapters for all cluster hosts are assigned a multicast MAC address.
  • The multicast MAC is derived from the cluster’s IP address.
  • Communication between cluster hosts is not affected, because each cluster host retains a unique MAC address.

Selecting the Unicast or Multicast Method of Distributing Incoming Requests http://technet.microsoft.com/en-us/library/cc782694.aspx

 

Under “Host Parameters” tab we need to configure 3 settings

  • Enter the Priority (unique host identifier) – this is used to identify the nodes in the cluster. This should be different for each node in the cluster, if you have 3 servers you are load balancing then it would be 1, 2 and 3 for the 3 different servers
  • Enter the IP address of this node – this should be the servers actual IP address and subnet mask
  • Leave the default state started – this options lets us select whether we want this box to converge on the cluster when NLB starts

Go to the “Ports Rules” tab

We are going to keep the default port rules and press OK. (to see how the rules looks and why we would edit these rules, see the note below)

NOTE: Add/Edit Port Rule Settings

For most scenarios I would keep the default settings. The most important setting is probably the filtering mode. “Single” works well for most web application, it maintains a users session on one server so if the user server requests go to SERVER01, SERVER01 will continue to serve that request for the duration of the session.

None

  • You want to ensure even load balancing among cluster hosts
  • Client traffic is stateless (for example, HTTP traffic).

Single

  • You want to ensure that requests from a specific client (IP address) are sent to the same cluster host.
  • Client state is maintained across TCP connections (for example, HTTPS traffic).

Class C

  • Client requests from a Class C IP address range (instead of a single IP address) are sent to the same cluster host.
  • Clients use multiple proxy servers to access the cluster, and they appear to have multiple IP addresses within the same Class C IP address range.
  • Client state is maintained across TCP connections (for example, HTTPS traffic).

For more information on this please see this TechNet article:

Specifying the Affinity and Load-Balancing Behavior of the Custom Port Rule http://technet.microsoft.com/en-us/library/cc759039.aspx

 

After you press OK, you will get a prompt reminding you to bind the Virtual IP Address to the NIC Card. Press OK to continue

SERVER01: Binding the Virtual IP

After you configure NLB you need to BIND your virtual IP to the network adapter. In the same properties window on SERVER01 select TCP/IP and press “Properties”

Select “Advanced”

Under the “Advanced TCP/IP Settings” window, press “Add” under the IP addresses setting

Enter the address of the Virtual IP address of the cluster. Which is 192.168.1.200 and the subnet is 255.255.255.0, press “Add”

You will see the Virtual IP now configured along with the primary IP address of the server. Press “OK”

Press “OK” to close the “Internet Protocol (TCP/IP) Properties” window

Press Close to close the “Local Area Connection Properties” window

SERVER01: Verification

Go to the command prompt and type “wlbs query”, as you can see HOST 1 converged successfully on the cluster

SERVER02: NLB Configuration

This is almost exactly the same as the SERVER01 configuration but let’s go through every step again. Open “Network Connections” from the control panel. Right click the network connection you want to use for NLB on SERVER02. Check off the “Network Load Balancing” option and press “Properties”

There are 3 tabs, we will configure all three in this example.

Under the “Cluster Parameters” tab

  • Enter the IP address of the cluster. We are using 192.168.1.200 in this example, the subnet mask is /24 (255.255.255.0).
  • Enter a cluster name, let’s use SERVER-LB.pintolake.net. This name was made up and is used to identify the cluster by name, this name will have to be entered in DNS manually (I cover this later).
  • Select Unicast for the “Cluster operation mode” setting.
  • Now move on to the “Host Parameters” tab

As with SERVER01, Under “Host Parameters” tab we need to configure 3 settings

  • Enter the Priority (unique host identifier) – this is used to identify the nodes in the cluster. This should be different for each node in the cluster, if you have 3 servers you are load balancing then it would be 1, 2 and 3 for the 3 different servers. Since this is SERVER02 lets enter 2 because SERVER01 was set to 1.
  • Enter the IP address of this node – this should be the servers actual IP address and subnet mask
  • Leave the default state started – this options lets us select whether we want this box to converge on the cluster when NLB starts

Go to the “Ports Rules” tab

Press OK to continue. (to see more about add/edit port rules, see this same section in SERVER01 configuration above)

After you press OK, you will get a prompt reminding you to bind the Virtual IP Address to the NIC Card. Press OK to continue

SERVER02: Binding the Virtual IP

After you configure NLB you need to BIND your virtual IP to the network adapter. In the same properties window on SERVER02 select TCP/IP and press “Properties”

Select “Advanced”

Under the “Advanced TCP/IP Settings” window, press “Add” under the IP addresses setting

Enter the address of the Virtual IP address of the cluster. The IP address is 192.168.1.200 and the subnet is 255.255.255.0, press “Add”

You will see the Virtual IP now configured along with the primary IP address of the server. Press “OK”

Press “OK” to close the “Internet Protocol (TCP/IP) Properties” window

Press Close to close the “Local Area Connection Properties” window

SERVER02: Verification

Go to the command prompt and type “wlbs query”, as you can see HOST 1 and HOST 2 converged successfully on the cluster. This means things are working well.

NOTE: NOT SEEING NODE 2?

If you only see one node chances are you put an incorrect “Priority (unique host identifier)” in the Network Load Balancing Properties > Host Parameters tab

DNS Entries

For client to be able to access the NLB cluster by name we need add it to DNS.

Open DNS in AD since the server is in the “pintolake.net” domain I am going to create an A record that associates the SERVER-LB name to IP address 192.168.1.200

Right click DOMAIN and select “New Host (A)”

Enter SERVER-LB as the name and 192.168.1.200 as the IP address

The record was created successfully. Unless you need to wait for DNS to replicate you should be able to ping SERVER-LB now

Open a command prompt and ping SERVER-LB. You should get a response. This concludes the installation and configuration of WLBS (NLB)

Microsoft’s NLB Clustering is kind of to High Availability Load Balancing what Natural Light is to the beer world. Both will basically get the job done, and on the cheap, but in the long run they might leave you with a wicked headache and wishing you spent a few extra dollars for a Sam Adams.

A lot of my time at work recently has been spent researching and testing load balancing and fail-over solutions for a group of Windows based application servers. Having never had load balancing requirements before, an NLB clustering solution sounded good at first, especially being included free with the OS. However, I found that unless your environment exactly meets requirements, you may be better off not going down the MS NLB road. This brief overview of my lessons learned may help others also considering NLB solutions.

* Basically MS NLB works by assigning a virtual IP address (VIP) to the network adapter of each cluster member. Traffic is sent to the VIP, received by all cluster members, accepted by one, dropped by the rest.

MS NLB supports two configurations: unicast mode, or multicast mode. Unicast mode replaces the existing MAC address of all cluster members with a new cluster MAC address, which is shared by all nodes. Multicast mode adds the cluster MAC address to the node adapter, but also leaves the original one. With both methods, the nodes share an IP and MAC address, so that when a client asks “who has this IP address” (an ARP request), all nodes respond.

* Unicast mode aims to be simple, and has the advantage of working across routers with no problems. However, this method has the negative side effect of flooding switch ports. MS-NLB hides the MAC address of outgoing cluster traffic, switches never learn what ports cluster members are attached to, so traffic destined for the cluster is flooded out all ports. This effectively turns a switch into a hub as far as cluster traffic goes, which can cause network issues with busy clusters. This can be overcome by adding static ARP entries on the switch (if supported), but that can quickly become a management nightmare. Another possible drawback to unicast mode is that cluster members cannot directly communicate with each other without adding a 2nd NIC.

* Multicast mode attempts to address switch flooding by using IGMP Multicast support, which tells the switch to direct cluster traffic only to those ports with cluster members attached. However, this assumes the switch supports IGMP snooping and has it enabled. Also, many routers & layer 3 switches do not support this mode because ARP replies associate a unicast IP with a multicast MAC, which may or may not be against standards depending on whether you ask Microsoft or Cisco. No IGMP support means switch flooding. And no IGMP router support means no cluster access outside of that subnet unless a static ARP entry is used.

* Planning to implement NLB in a virtualized environment adds complexity. The only one I can speak to from experience is VMWare ESX. They support both modes, however unicast is not recommended. By default, unicast doesn’t work because the virtual switches learn MAC addresses despite the cluster masking outbound traffic, which breaks clustering. This can be overcome by disabling the NotifySwitch feature, but that in turn breaks operations like VMotion. Multicast works, but is subject to the same problems as mentioned above, and made more complex by the many different physical / virtual topologies.

I certainly don’t intend to demean Microsoft on their products. Microsoft could have easily not included it with the OS, leaving the only option as an expensive hardware load balancer. MS NLB does work, and providing you are aware of and can address its limitations, you may find it to be an effective low cost load balancing solution in your environment. On the flip-side, if you find that the management and overhead is too much and you need a hardware LB device, there are a number of powerful and relatively inexpensive possibilities. The ones from Barracuda Networks are a good choice. There are also other factors not covered here that need to be taken into account; session support, affinity, and redundant network topologies to name a few. So make sure to do adequate research, up to and including packet captures to prove intended operation.

Advertisements