Nlb


Applies To: Windows Server 2008,Windows Server 2008 R2

After you have installed and configured Network Load Balancing (NLB), you can control its operations and modify parameter settings using the NLB control program, nlb.exe. To simplify and centralize system administration, you can run nlb.exe either on the cluster hosts or on any remote computer running Windows ServerĀ® 2008 that can access the cluster over a local or wide area network. However, certain actions, such as modifying parameters, can be performed only on the cluster hosts.

In order to run nlb.exe from a remote computer, remote control must be enabled. The NLB remote control option presents many security risks, including the possibility of data tampering, denial of service and information disclosure. You should only use remote control on a secure computer within your firewall. Because of the many security risks remote control presents, it is strongly recommended that you do not enable the remote control feature and instead use other remote management tools such as NLB Manager or Windows Management Instrumentation (WMI).

If you choose to enable remote control it is vital that you restrict access by specifying a strong remote control password. It is recommended that you use a firewall to protect the NLB UDP control ports (the ports receiving remote control commands) in order to shield them from outside intrusion. By default, these are ports 1717 and 2504 at the cluster IP address.

Because it is a shell-based program, nlb.exe program can be incorporated into administrative scripts.

Syntax


Copy Code

nlb Command [Remote Options][/h]

Parameters

Command. Specifies the Network Load Balancing action to perform. The following table lists the possible values.

Parameter

Description

help

Displays the online Help.

suspend [{Cluster[:Host] | all {local | global}}]

Suspends all cluster operations until the resume command is issued. Suspend temporarily stops cluster operations if they were previously started. The purpose of this command is to override any remote control commands that might be issued. All subsequent cluster-control commands except resume and query are ignored. The optional parameters allow the command to address a specific cluster, a specific cluster on a specific host, all clusters on the local computer, or all global computers that are part of the cluster.

resume [{Cluster[:Host] | all {local | global}}]

Resumes cluster operations after a previous suspend command. This does not restart cluster operations, but enables use of cluster-control commands, including remote control commands. The optional parameters allow the command to address a specific cluster, a specific cluster on a specific host, all clusters on the local computer, or all global computers that are part of the cluster.

start [{Cluster[:Host] | all {local | global}}]

Starts cluster operations on the specified hosts. This enables all ports that might have been previously disabled. The optional parameters allow the command to address a specific cluster, a specific cluster on a specific host, all clusters on the local computer, or all global computers that are part of the cluster.

stop [{Cluster[:Host] | all {local | global}}]

Stops cluster operations on the specified hosts. The optional parameters allow the command to address a specific cluster, a specific cluster on a specific host, all clusters on the local computer, or all global computers that are part of the cluster.

drainstop [{Cluster[:Host] | all {local | global}}]

Disables all new traffic handling on the specified hosts. While draining, hosts continue to service opened connections and stop their cluster operations when there are no more active connections. Draining mode can be terminated by explicitly stopping cluster mode with the stop command or by restarting new traffic handling with the start command. The optional parameters allow the command to address a specific cluster, a specific cluster on a specific host, all clusters on the local computer, or all global computers that are part of the cluster.

enable {vip[{:Port | :all}] | all[{:Port | :all}]} {Cluster[:{Host]| all {local | global}}}

Enables traffic handling for the rule whose port range contains the specified port. The first set of optional parameters allow the command to address every virtual IP address (vip), or specific vips on a specific port rule or on all ports. The second set of optional parameters allow the command to address a specific cluster, a specific cluster on a specific host, all clusters on the local computer, or all global computers that are part of the cluster. All ports specified by the port rule are affected. If all is specified for the port, this command is applied to the ports covered by all port rules. This command has no effect if the specified hosts have not started cluster operations.

disable {vip[{:Port | :all}] | all[{:Port | :all}]} {Cluster[:{Host]| all {local | global}}}

Disables and immediately blocks all traffic handling for the rule whose port range contains the specified port. The first set of optional parameters allow the command to address every virtual IP address (vip), or specific vips on a specific port rule or on all ports. The second set of optional parameters allow the command to address a specific cluster, a specific cluster on a specific host, all clusters on the local computer, or all global computers that are part of the cluster. All ports specified by the port rule are affected. If all is specified for the port, this command is applied to the ports covered by all port rules. All active connections on the specified hosts are blocked. To maintain active connections, use the drain function instead. This has no effect if the specified hosts have not started cluster operations.

drain {vip[{:Port | :all}] | all[{:Port | :all}]} {Cluster[:{Host]| all {local | global}}}

Disables new traffic handling for the rule whose port range contains the specified port. The first set of optional parameters allow the command to address every virtual IP address (vip), or specific vips on a specific port rule or on all ports. The second set of optional parameters allow the command to address a specific cluster, a specific cluster on a specific host, all clusters on the local computer, or all global computers that are part of the cluster. All ports specified by the port rule are affected. If all is specified for the port, this command is applied to the ports covered by all port rules. New connections to the specified hosts are not allowed, but all active connections are maintained. To disable active connections, use the disable command instead. This command has no effect if the specified hosts have not started cluster operations.

query [{Cluster[:Host]| all {local | global}}]

Displays the current cluster state and the list of host priorities for the current members of the cluster. The possible states are: Unknown. The responding host has not started cluster operations and cannot determine the cluster's state. Converging. The cluster is currently attempting to converge to a consistent state. Prolonged convergence usually indicates a problem with cluster parameters. If this occurs, check the event logs on the cluster hosts for Network Load Balancing messages warning you about the source of the problem. Draining. The cluster has converged, and the responding host is draining active connections in response to a drainstop command. Converged as default. The cluster has converged, and the responding host is the current default (the highest priority host without a drainstop command in progress). The default host handles network traffic for all of the TCP/UDP ports not covered by the port rules. Converged. The cluster has converged, and the responding host is not the default host.

The optional parameters allow the command to address a specific cluster, a specific cluster on a specific host, all clusters on the local computer, or all global computers that are part of the cluster.

queryport [{vip:]Port [Cluster[:Host] | all [{local | global}]}]

Displays information about a given port rule. The first parameter specifies which port rule to query. Specify the port rule by using a port number that is within the range of the port rule that you want to query. If necessary, you can also specify a virtual IP address (VIP). The default is all VIPs. However, if a particular port rule is assigned to only a specific VIP (as opposed to all VIPs) you must specify the appropriate VIP in order for the port rule to be found by this command.

The second set of optional parameters allow the command to address a specific cluster, a specific cluster on a specific host, all clusters on the local computer, or all global computers that are part of the cluster.

The information returned includes information regarding if the port rule was found or an indication that the port rule was not found, the state of the port rule (Enabled, Disabled or Draining), and a count of packets accepted and dropped on that port rule..

reload [{Cluster | all}] (local only)

Reloads the NLB driver's current parameters from the registry. Cluster operations on the local host are automatically stopped and restarted if necessary. If an error exists in the parameters, the host will not join the cluster, and a warning is displayed. If this should occur, open the NLB Properties dialog box to fix the problem.

display [{Cluster | all}] (local only)

Displays extensive information about your current NLB parameters, cluster state, and past cluster activity. The last several event log records produced by NLB are shown, including the binary data attached to those records. This command is designed to assist in technical support and debugging.

The registry information retrieved by the display command shows what the next state of NLB would be if a reload or some other operation that causes the driver to read the registry were to be performed. The registry information might or might not be the current state of NLB.

params [{Cluster | all}] (local only)

Displays information about your current NLB configuration. This command is similar to the display command, however, instead of retrieving the information from the registry, the params command queries directly from the kernel-mode driver. The information displayed is therefore the current state of NLB. (The registry information retrieved by the display command shows what the next state of NLB would be if a reload or some other operation that causes the driver to read the registry were to be performed. The registry information might or might not be the current state of NLB.) In addition to the configuration information, nlb params displays state variables from the kernel, including the current number of connections being maintained by NLB and the number of dynamic allocations that have been necessary for connection tracking.

ip2mac Cluster

Displays the media access control address corresponding to the specified cluster name or IP address. If multicast support is enabled, the multicast media access control address is used by NLB for cluster operations. Otherwise, the unicast media access control address is used. This command is useful for creating a static ARP entry in the router if necessary.

[remote options] Specifies the remote options when using remote control operations. The following table describes the possible options.

Parameter

Description

/PASSW Password

Specifies the remote control password.

/PORT Port

Specifies the cluster's remote control UDP port.

/local

Perform the operations only on the local computer.

Remarks