10-07-2013 03:15 AM
I have a Hyper-V cluster which is running TMG (firewall/gateway) with NLB. NLB is about the worst implementation of load-balancing I have ever seen, but it's the only official supported lb machanism for TMG. Let's assume the following:
- External connection for TMG is a dedicated VLAN with its own (untagged) ports
- Internal connection for TMG is a dedicated internal VLAN with its own untagged ports
- I can only have one logical wire (2 physical, its a 2Gb aggregate) to the internal network
- Along with the TMGs there are multiple VM guests running on the Hyper-V cluster
NLB is running in Multicast mode, but for this issue that's not even relevant. As NLB does not work properly with IGMP, I created static mac entries for the Virtual IP's to the physical switchports the Hyper-V's internal virtual switch is on. Functionally everything works now, all virtual machines as well as the NLB traffic go through one wire to the Hyper-V host. However the NLB traffic is multicast, for which on the Brocades I have static MAC's. On Hyper-V's virtual switch that is not possible though, neither to they support IGMP. Because of that, all traffic to the Virtual IP is send to all virtual switch ports, meaning all virtual machines get that traffic on their ports, like they are connected to a hub rather than a switch.
Is there any way to split that without connecting a dedicated wire for the NLB traffic? Is it for example possible to have 2 vlan's in one subnet, making the wire a trunk and tag VLAN's from within Hyper-V?
any help is welcome.