This document addresses a problem where Windows Load Balancing Server
(WLBS) causes slow traffic through switches.
WLBS on Windows NT and Windows 2000 allows servers to load balance
traffic between groups (clusters) of servers. WLBS operates by sharing a
virtual IP address so that all servers see all traffic destined for the
cluster's IP address. In certain configurations, WLBS can cause large
quantities of unicast floods on a switch. This is not a switch problem but
Technical Tips Conventions for more information on document
There are no specific prerequisites for this document.
This document is not restricted to specific software and hardware
This problem appeared as a customer was monitoring traffic because
there was a slow response across a specific switch. The customer saw unicast
packets appearing on a Switched Port Analyzer (SPAN) port, where they should
not appear. A SPAN is a feature of the Catalyst 5000 switch that extends the
monitoring abilities of existing network analyzers into a switched Ethernet
environment. SPAN mirrors the traffic at one switched segment onto a predefined
SPAN port. A network analyzer attached to the SPAN port can monitor traffic
from any of the other Catalyst switched ports. The unicast frames contained
source addresses of the WLBSs.
A unicast frame is destined to one unique host, and the SPAN port
should not see it, except in the situation of a flood. In the case of a flood,
the switch will know the MAC address of the destination host after the first
frame requesting this information comes back from the destination. The host on
the particular port the customer in this situation was examining was not the
destination for these frames. The problem may manifest itself in the following
Slow response on a given switch.
Slow response on a given switch on a given Virtual LAN (VLAN).
If the flooding gets bad enough, it could conceivably cause Spanning
Tree problems if the switch loses Bridge Protocol Data Units (BPDUs) from other
There are several ways an NT administrator can choose to configure
WLBS. The implications of these choices need to be understood because
configuring WLBS can impact an internetwork in negative ways. Once the WLBS
configuration options are configured properly, per the Microsoft
recommendation, problems that match the problems in this document should no
longer be present on a switch.
Refer to article 193602 on Microsoft's Web Site for WLBS Layer 2
Options for WLBS Hosts Connected to a Layer 2 Switches
Another workaround for multicast traffic is to disable IGMP snooping or
turn off PIM if you do not require multicast routing or do not have much
multicast traffic on the VLAN. If snooping is left on, the switch prgrams only
the multicast MAC addresses into the MAC address table if it receives IGMP
joins on those ports. Disabling snooping is not be recommended if you have a
lot of generic multicast traffic; in this case, the best solution is to create
static MAC address mappings for the ports to which the servers are
There are also Layer 3 implications with regards to the Address
Resolution Protocol (ARP).
Refer to article 244091 and 197862 on the Microsoft web site: