VMware ESXi 3.5.x Embedded
VMware ESX Server 2.0.x
VMware vSphere ESXi 5.0
VMware ESX 4.1.x
VMware ESX Server 2.1.x
VMware vSphere ESXi 6.5
VMware ESX Server 3.0.x
VMware vSphere ESXi 6.0
VMware ESXi 4.0.x Embedded
VMware ESX Server 3.5.x
VMware ESXi 3.5.x Installable
VMware ESX Server 2.5.x
VMware vSphere ESXi 5.5
VMware ESX 4.0.x
VMware ESXi 4.0.x Installable
VMware ESXi 4.1.x Installable
VMware ESXi 4.1.x Embedded
VMware vSphere ESXi 5.1

In unicast mode, all the NICs assigned to a Microsoft NLB cluster share a common MAC address. This requires that all the network traffic on the switches be port-flooded to all the NLB nodes. Normally, port flooding is avoided in switched environments when a switch learns the MAC addresses of the hosts sending network traffic through it.

The Microsoft NLB cluster masks the cluster's MAC address for all outgoing traffic to prevent the switch from learning the MAC address.

In the ESXi/ESX host, the VMkernel sends a RARP packet each time certain actions occur; for example, when a virtual machine is powered on, experiences teaming failover, performs certain vMotion operations, and so forth. The RARP packet informs the switch of the MAC address of that virtual machine. In an NLB cluster environment, this exposes the MAC address of the cluster NIC as soon as an NLB node is powered on. This can cause all inbound traffic to pass through a single switch port to a single node of the NLB cluster.

To resolve this issue, you must configure the ESXi/ESX host to not send RARP packets when any of its virtual machines is powered on.

Notes:

• VMware recommends configuring the cluster to use NLB multicast mode even though NLB unicast mode should function correctly if you complete these steps. This recommendation is based on the possibility that the settings described in these steps might affect vMotion operations on virtual machines. Also, unicast mode forces the physical switches on the LAN to broadcast all NLB cluster traffic to every machine on the LAN. If you plan to use NLB unicast mode, ensure that:
  
  
  • NLB Unicast members can be on the same ESX host or on different ESX hosts.
    
    The client machine that connects to the NLB cluster must communicate to the cluster via a physical switch.
    
    The reason for this is that NLB Unicast relies on port flooding to reach all cluster members and the virtual switch does not port flood unicast traffic.
    
    To ensure traffic between client and cluster always goes through a physical switch the client and NLB cluster should be on separate broadcast domains.
    
    
    
  • vMotion for unicast NLB virtual machines is not supported.
  • The Security Policy Forged Transmit on the Portgroup is set to Accept.
  • The transmission of RARP packets is prevented on the portgroup / virtual switch as explained in the later part of the article.
    
    
• VMware recommends having two NICs on the NLB server.

ESXi 6.x, 6.5.X

Please change “Notify Switches” setting to “No” in port groups or vSwitch to prevent RARP packet with vSphere Web Client.

ESXi/ESX 3.x, 4.x, and 5.x

You can prevent the ESXi/ESX host from sending RARP packets upon virtual machine power up, teaming failover, and so forth using the Virtual Infrastructure (VI) Client or vSphere Client. You can control this setting at the virtual switch level or at the port group level.

To prevent RARP packet transmission for a virtual switch:

Note: This setting affects all the port groups using the switch. You can override this setting for individual port groups by configuring RARP packet transmission for a port group.

1. Log in to the VI Client/vSphere Client and select the ESXi/ESX host.
2. Click Configuration tab.
3. Click Networking under Hardware.
4. Click Properties for the vSwitch. The vSwitch Properties dialog appears.
5. Click Ports tab.
6. Click vSwitch and click Edit.
7. Click NIC Teaming.
8. Select No from the Notify Switches dropdown.
   
   
   
   
9. Click OK and close the vSwitch Properties dialog box.

To prevent RARP packet transmission for a port group:

Note: This setting overrides the setting you make for the virtual switch as a whole.

1. Log in to the VI Client or vSphere Client and select the ESXi/ESX host.
2. Click Configuration tab.
3. Click Networking under Hardware.
4. Click Properties for the vSwitch. The vSwitch Properties dialog appears.
5. Click Ports .
6. Click the portgroup you want to edit and click Edit.
7. Click NIC Teaming.
8. Select No from the Notify Switches dropdown.
   
   
   
   
9. Click OK to close the vSwitch Properties dialog.

ESX 2.x

1. Log in to the Management Interface and click Options > Advanced Settings.
2. Set the value for Net.NotifySwitch to 0.
   
   Note: Net.NotifySwitch is a global setting that impacts all virtual machines.

For more information on NLB, see the Microsoft TechNet article Network Load Balancing Technical Overview.

Note: The preceding link was correct as of January 14, 2014. If you find the link is broken, please provide feedback and a VMware employee will update the link. The information provided in this link is provided as-is and VMware does not guarantee the accuracy or applicability of this information.

For related information, see Microsoft Network Load Balancing Multicast and Unicast operation modes (1006580).

Windows 2008 introduced a strong host model that does not allow different NICs to communicate with each other. For example, if a request comes in on the second NIC and if there is no default gateway set up, then the NIC will not use the first NIC to reply to the requests, even though a default gateway setup on the first NIC.

To change that behavior and return to the 2003 model, run these commands from the command prompt:

netsh interface ipv4 set interface "Local Area Connection" weakhostreceive=enable
netsh interface ipv4 set interface "Local Area Connection" weakhostsend=enable

Where Local Area Connection is the name of the network interface.

For more information, see the Microsoft TechNet Magazine article on Strong and Weak Host Models.

Note: The preceding link was correct as of January 14, 2014. If you find the link is broken, provide feedback and a VMware employee will update the link. The information provided in this link is provided as-is and VMware does not guarantee the accuracy or applicability of this information.

Additional Information

Sample Configuration - Network Load Balancing (NLB) unicast mode configuration (1006778)

To configure NLB in Unicast mode using a Cisco Nexus 1000v, see the Cisco Nexus 1000v Configuration guide - Network Load Balancing for vEthernet.

For translated versions of this article, see:

• Español: El Equilibrio de carga de red de Microsoft (NLB, Network Load Balancing) no funciona de forma adecuada en el modo de unidifusión (2016712)
  
• Português: Microsoft NLB não está funcionando corretamente em modo Unicast (2016894)
  
• 日本語: Microsoft NLB がユニキャスト モードで適切に機能しない (2078469)
  
• 简体中文: Microsoft NLB 在单播模式下不能正常工作 (2040916)