VMware vSphere ESXi 6.x
VMware vSphere ESXi 7.x
VMware vSphere ESXi 8.x

In unicast mode, all the NICs assigned to a Microsoft NLB cluster share a common MAC address. This requires that all the network traffic on the switches be port-flooded to all the NLB nodes. Normally, port flooding is avoided in switched environments when a switch learns the MAC addresses of the hosts sending network traffic through it.

The Microsoft NLB cluster masks the cluster's MAC address for all outgoing traffic to prevent the switch from learning the MAC address.

In the ESXi/ESX host, the VMkernel sends a RARP packet each time certain actions occur; for example, when a virtual machine is powered on, experiences teaming failover, performs certain vMotion operations, and so forth. The RARP packet informs the switch of the MAC address of that virtual machine. In an NLB cluster environment, this exposes the MAC address of the cluster NIC as soon as an NLB node is powered on. This can cause all inbound traffic to pass through a single switch port to a single node of the NLB cluster.

To resolve this issue, you must configure the ESXi/ESX host to not send RARP packets when any of its virtual machines is powered on.

Notes:

• VMware recommends configuring the cluster to use NLB multicast mode even though NLB unicast mode should function correctly if you complete these steps. This recommendation is based on the possibility that the settings described in these steps might affect vMotion operations on virtual machines. Also, unicast mode forces the physical switches on the LAN to broadcast all NLB cluster traffic to every machine on the LAN. If you plan to use NLB unicast mode, ensure that:
  
  
  • NLB Unicast members can be on the same ESX host or on different ESX hosts.
  • The client machine that connects to the NLB cluster must communicate to the cluster via a physical switch.
    • The reason for this is that NLB Unicast relies on port flooding to reach all cluster members and the virtual switch does not port flood unicast traffic.
    • To ensure traffic between client and cluster always goes through a physical switch the client and NLB cluster should be on separate broadcast domains.
  • vMotion for unicast NLB virtual machines is not supported.
  • The Security Policy Forged Transmit on the Portgroup is set to Accept.
  • The transmission of RARP packets is prevented on the portgroup / virtual switch as explained in the later part of the article.
    
    
• VMware recommends having two NICs on the NLB server.

ESXi/ESX 6.x, 7.x, 8x:

You can prevent the ESXi/ESX host from sending RARP packets upon virtual machine power up, teaming failover, and so forth using the Virtual Infrastructure (VI) Client or vSphere Client. You can control this setting at the virtual switch level or at the port group level.

To prevent RARP packet transmission for a virtual switch:

Note: This setting affects all the port groups using the switch. You can override this setting for individual port groups by configuring RARP packet transmission for a port group.

1. Log in to the vSphere vCenter Client and select the ESXi/ESX host.
2. Click Configure tab.
3. Go to the Networking section and select Virtual Switches.
4. Click Properties for the vSwitch (Standard Switch). The vSwitch Properties dialog appears.
5. Click Teaming and Failover tab.
6. Select No from the Notify Switches dropdown and click Ok.

To prevent RARP packet transmission for a port group:

Note: This setting overrides the setting you make for the virtual switch as a whole.

1. Log in to the vSphere vCenter Client or vSphere ESXi host Client and select the ESXi/ESX host.
2. Click Configure tab.
3. Go to the Networking section and select Virtual Switches.
4. Click Properties for the vSwitch (Standard Switch) port group. The port group properties dialog appears.
5. Click Teaming and Failover tab.
6. Select No from the Notify Switches dropdown and click Ok.

For more information on NLB, see the Microsoft TechNet article Network Load Balancing Technical Overview

For related information, see Microsoft Network Load Balancing Multicast and Unicast operation modes (1006580).

Windows 2008 introduced a strong host model that does not allow different NICs to communicate with each other. For example, if a request comes in on the second NIC and if there is no default gateway set up, then the NIC will not use the first NIC to reply to the requests, even though a default gateway setup on the first NIC.

To change that behavior and return to the 2003 model, run these commands from the command prompt:

• • netsh interface ipv4 set interface "Local Area Connection" weakhostreceive=enable

  • netsh interface ipv4 set interface "Local Area Connection" weakhostsend=enable

Where Local Area Connection is the name of the network interface.

To configure NLB in Unicast mode using a Cisco Nexus 1000v, see the Cisco Nexus 1000v Configuration guide - Network Load Balancing for vEthernet.