Failover Clustering and Network Load Balancing Team Blog
This is the second blog is our series of posts on PowerShell for Network Load Balancing (NLB). The first post introduces you to the CMDlets: http://blogs.msdn.com/clustering/archive/2009/10/28/9913877.aspx
Most of NLB CMDlets have the following common parameters.
Specifies the interface to which NLB is bound
Specifies the name of the cluster node that you want to manage
Most CMDlets require reference to a Cluster object. To get a Cluster object you can run Get-NLBCluster and pass the output object to the desired CMDlet or use the -interfaceName parameter.
We will discuss running CMDlets and using the output as input of another CMDlet in future posts.
A new cluster can be created via NLB using New-NLBCluster CMDlet. This is a synchronous command, meaning that it will only return after completing the operation. You can also use this CMDlet to create a new cluster on remote nodes. To achieve this, the managing system must have Windows Server 2008 R2 installed and the cluster node must be Windows Server 2008 or higher.
New-NLBCluster has the following parameters of interest.
The clusters primary IP address. More IP addresses can be added via Add-NLBClusterVIP
We can create a cluster on a remote machine by passing the machine name here
Specifies the name of the new cluster (optional)
This will add a dedicated IP address to the stack that can be used to reach this machine directly
The cluster operation mode can be one of the following: unicast, multicast, igmpmulticast
Once a cluster has been created, we may want to add more nodes to the cluster. This can be achieved via the Add-NLBClusterNode CMDlet.
Parameters of interest:
The name of the new node that needs to be added to the cluster
Interface on which we want to bind NLB on the new node
After creating a new NLB cluster you may want to modify the port rules before adding any nodes. To do so you will want to use the Set-NLBClusterPortRule CMDlet.
Set-NLBClusterPortRule will modify existing port rules. For example, when creating a new cluster, the default port rule is added. If you want to customize the port rule you can either delete the existing port rule or modify the existing port rule. Modifying the existing port rule is the best approach because you run only one command rather than two commands.
Set-NLBClusterPortRule has the following parameters that I believe are the most useful. As always, for detailed help on this please run Get-Help Set-NLBClusterPortRule.
Specifies the new start port for the cluster port rule. The acceptable range is between 0 and 65535
Specifies the new end port for the cluster port rule. The acceptable range is between 0 and 65535
Specifies the new affinity for the cluster port rule. There are three possible values for port rule affinity: none, single, and network
Specifies the new IP address for the cluster port rule
Specifies the new timeout in minutes for the cluster port rule. The acceptable range is between 0 and 240
Specifies a port number within the port rule to set
This shows how to change the port rule:
The previous example assumes that only one port rule exists prior to modifying the port rule. If multiple port rules exist prior to running the command and you wanted to modify the StartPort or EndPort, you will get an error because the port ranges (as specified by the start port and end ports) overlap.
If you want to modify the port range, you should use the -port parameter:
You may have noticed that the example shows changing affinity instead of the port range. I did this to set up for the next example where I change the affinity to single affinity on both port rules.
To manage NLB node properties such as host priority, initial host state or persisted suspend state, you need to use Set-NLBClusterNode.
Specifies the host priority or host ID for the cluster node. The value should be between 1 and 32
Specifies the initial host state for the cluster node. The value is either started, stopped, or suspended
By default Set-NLBClusterNode manages only one node at a time. For example, when running a command from one of the nodes the local host is the node that is managed.
If you want to run a command that executes on all nodes you can first run the Get-NLBClusterNode and redirect the output to Set-NLBClusterNode.
To view all node properties you can run the following Get-NLBClusterNode and pipe the output through Format-List CMDlet.
To control the state (such as stop or start) of the cluster or a node there is a CMDlet for the respective action or "verb" and the respective object. For example to stop a cluster you could run Stop-NLBClusterNode while Start-NLBClusterNode CMDlet will start the specific cluster node.
The CMDlet I want to discuss here is the Stop-NLBClusterNode command, specifically the parameter, -Timeout. This new parameter lets you control the time you want to wait before forcing the Stop operation on the node. Now you don’t have to wait for Drain to complete, before doing a stop. You can simply run this command with a timeout value, like in the example below.
In creating the CMDlets we combined stop and drainstop in to one CMDlet, Stop-NLBCluster and Stop-NLBClusterNode.
Drains existing traffic before stopping the cluster node
Specifies the number of minutes to wait for the drain operation before stopping the cluster node
This example will do the following:
1. Drain all the connections on the Cluster
2. If there are no outstanding connections, stop the cluster immediately
3. If all connections are not drained in less than 10 minutes, force stop the node, breaking all existing connections to that particular node.
The NLB team has added an awesome CMDlet, Get-NLBClusterDriverInfo, this CMDlet is a replacement for the nlb.exe binary that you may have used. This is a loaded CMDlet with lots of options. Note, this CMDlet does not provide any remoting capabilities, so it does not take hostname as input parameter.
1. Getting the Cluster configuration: When this CMDlet is run without any arguments, it returns the basic cluster configuration on the current machine.
2. We can determine if a given connection will be handled by the current node using the -filter argument. This argument requires the following additional arguments to be set:
IP Address of the client in question
If known, the client source port. This can be set to 0, if unknown
The destination port of the server. Example, http could be on 80
The server's IPAddress. For incoming connections, this means the VIP
In the following example, we are checking to see if a TCP connection coming from client: 22.214.171.124 will be accepted by the NLB server on Port 80, whose VIP is 126.96.36.199
Stay tuned for more NLB PowerShell information!
Rohan Mutagi & Gary JackmanClustering & High-Availability Test TeamMicrosoft
The documentation for Stop-NlbClusterNode is wrong with regards to the -Timeout parameter. The timeout is in seconds not minutes as stated in the documentation.
We specify the parameter as being in seconds here: technet.microsoft.com/.../ee817127.aspx
Where do you see it listed as being in minutes?