Amazing, think I found a fix: http://www.skendric.com/packet/msnlb-catalyst-configuration.pdf
MS NLB requires not just a static ARP entry, but a static MAC too, something like: arp a.b.c.d 0100.5e7f.ccdd mac-address-table static 0100.5e7f.ccdd vlan x interface G1/45 G1/46 disable-snooping The cluster still works and CPU is back to normal (I've also proved 12.2(33)SXH2 can run at 90-100% without dropping routing sessions or crashing :-) (Big thanks to Stuart Kendrick who wrote the above link!) Tim:> On Sun, May 11, 2008 at 12:35 AM, Arie Vayner <[EMAIL PROTECTED]> wrote: > Tim, > > May I offer another approach? Maybe you could just drop NLB, and use the IP > SLB feature you have inside your Sup720? > > Arie > > On Sun, May 11, 2008 at 12:38 AM, Tim Durack <[EMAIL PROTECTED]> wrote: >> >> On Sat, May 10, 2008 at 4:48 PM, Peter Rathlev <[EMAIL PROTECTED]> wrote: >> > On Sat, 2008-05-10 at 12:09 -0400, Tim Durack wrote: >> >> Anyone using Microsoft NLB Multicast mode for a cluster? >> >> >> >> It requires a static arp entry on Cisco, as the cluster ip resolves to >> >> a multicast mac, which can't/shouldn't be learned via arp. >> > >> > I find that a very irritating requirement of the MS NLB. :-) >> > >> >> So we do something like: "arp a.b.c.d 0100.5e7f.xxyy arpa" >> >> Apparently this results in software switching the adjacency on a >> >> Sup720, which is painful to say the least. >> >> >> >> Any suggestions? >> > >> > I guess you're referring to CSCee49121 "static ARPs dont create adjs >> > when used with routes pointing at intf". I thought this was only a >> > problem if you used it like this: >> > >> > ip route 10.11.12.13 255.255.255.255 Gi1/1 >> > arp 10.11.12.13 030b.adc0.ffee Gi1/1 >> > >> > Is the problem also there without the route statement? We use it against >> > two MS NLBs, and we don't see any problems. The traffic doesn't seem to >> > be software switched, but apart from consulting Feature Manager and >> > looking at the CPU interrupt usage, I'm not completely sure how to check >> > it. How do you do it? >> >> No static route - maybe that's the difference. >> >> Educated guess work. CPU is running >90%. Install a CoPP policy >> dropping the traffic, and CPU drops back to a more normal ~30%. >> >> Monday I plan to try a SPAN against the rp, and see what is hitting >> it. I need this to tune CoPP anyway. >> >> > Regards, >> > Peter >> > >> > >> > >> _______________________________________________ >> cisco-nsp mailing list cisco-nsp@puck.nether.net >> https://puck.nether.net/mailman/listinfo/cisco-nsp >> archive at http://puck.nether.net/pipermail/cisco-nsp/ > > _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/