VMware NSX

Hi,

We are using Microsoft NLB on some of our servers, while these servers are connected to an NSX logical switch. This seems to work, but I wonder if everything works as designed. Microsoft says:

"Network Load Balancing's unicast mode induces switch flooding in order to simultaneously deliver incoming network traffic to all cluster hosts".

But there is no switch flooding in an NSX logical switch, as the NSX controllers pick up all this traffic and arrange all the tables.

In the DFW logging, the ack, fin ack and reset ack packets to the NLB address don't seem to hit the specified allow rule, I don't know why. So it gets dropped. But this doesn't seem to prevent the functioning of NLB.

Does anyone have experience with this?

By the way, the reason that we use NLB instead of Loadbalancing on the NSX Edge, is that LB on the Edge didn't work with the servers that are doing NTLM authentication.

Regards,

Albert

Logical switch should work fine as it actually will send unknown unicast (like the MS NLP MAC address which is masked when cluster members send traffic and isn't associated with a VNIC so wouldn't get learned by the controllers) to all VMs connected to the logical switch using one of the methods described starting on page 35 of the VMware® NSX for vSphere Network Virtualization Design Guide ver 3.0

DFW on the other hand may present some issues depending on whether or not it's able to keep track of TCP session states with traffic to/from multiple destinations like that but I've not implemented NLB.