After you have installed and configured Network Load Balancing (NLB), you can control its operations and modify parameter settings using the NLB control program, nlb.exe. To simplify and centralize system administration, you can run nlb.exe either on the cluster hosts or on any remote computer running Windows Server® 2008 that can access the cluster over a local or wide area network. However, certain actions, such as modifying parameters, can be performed only on the cluster hosts.
In order to run nlb.exe from a remote computer, remote control must be enabled. The NLB remote control option presents many security risks, including the possibility of data tampering, denial of service and information disclosure. You should only use remote control on a secure computer within your firewall. Because of the many security risks remote control presents, it is strongly recommended that you do not enable the remote control feature and instead use other remote management tools such as NLB Manager or Windows Management Instrumentation (WMI).
If you choose to enable remote control it is vital that you restrict access by specifying a strong remote control password. It is recommended that you use a firewall to protect the NLB UDP control ports (the ports receiving remote control commands) in order to shield them from outside intrusion. By default, these are ports 1717 and 2504 at the cluster IP address.
Because it is a shell-based program, nlb.exe program can be incorporated into administrative scripts.
Syntax
nlb Command [Remote Options][/h]
Parameters
Command. Specifies the Network Load Balancing action to perform. The following table lists the possible values.
Parameter | Description |
---|---|
help |
Displays the online Help. |
suspend [{Cluster[:Host] | all {local | global}}] |
Suspends all cluster operations until the resume command is issued. Suspend temporarily stops cluster operations if they were previously started. The purpose of this command is to override any remote control commands that might be issued. All subsequent cluster-control commands except resume and query are ignored. The optional parameters allow the command to address a specific cluster, a specific cluster on a specific host, all clusters on the local computer, or all global computers that are part of the cluster. |
resume [{Cluster[:Host] | all {local | global}}] |
Resumes cluster operations after a previous suspend command. This does not restart cluster operations, but enables use of cluster-control commands, including remote control commands. The optional parameters allow the command to address a specific cluster, a specific cluster on a specific host, all clusters on the local computer, or all global computers that are part of the cluster. |
start [{Cluster[:Host] | all {local | global}}] |
Starts cluster operations on the specified hosts. This enables all ports that might have been previously disabled. The optional parameters allow the command to address a specific cluster, a specific cluster on a specific host, all clusters on the local computer, or all global computers that are part of the cluster. |
stop [{Cluster[:Host] | all {local | global}}] |
Stops cluster operations on the specified hosts. The optional parameters allow the command to address a specific cluster, a specific cluster on a specific host, all clusters on the local computer, or all global computers that are part of the cluster. |
drainstop [{Cluster[:Host] | all {local | global}}] |
Disables all new traffic handling on the specified hosts. While draining, hosts continue to service opened connections and stop their cluster operations when there are no more active connections. Draining mode can be terminated by explicitly stopping cluster mode with the stop command or by restarting new traffic handling with the start command. The optional parameters allow the command to address a specific cluster, a specific cluster on a specific host, all clusters on the local computer, or all global computers that are part of the cluster. |
enable {vip[{:Port | :all}] | all[{:Port | :all}]} {Cluster[:{Host]| all {local | global}}} |
Enables traffic handling for the rule whose port range contains the specified port. The first set of optional parameters allow the command to address every virtual IP address (vip), or specific vips on a specific port rule or on all ports. The second set of optional parameters allow the command to address a specific cluster, a specific cluster on a specific host, all clusters on the local computer, or all global computers that are part of the cluster. All ports specified by the port rule are affected. If all is specified for the port, this command is applied to the ports covered by all port rules. This command has no effect if the specified hosts have not started cluster operations. |
disable {vip[{:Port | :all}] | all[{:Port | :all}]} {Cluster[:{Host]| all {local | global}}} |
Disables and immediately blocks all traffic handling for the rule whose port range contains the specified port. The first set of optional parameters allow the command to address every virtual IP address (vip), or specific vips on a specific port rule or on all ports. The second set of optional parameters allow the command to address a specific cluster, a specific cluster on a specific host, all clusters on the local computer, or all global computers that are part of the cluster. All ports specified by the port rule are affected. If all is specified for the port, this command is applied to the ports covered by all port rules. All active connections on the specified hosts are blocked. To maintain active connections, use the drain function instead. This has no effect if the specified hosts have not started cluster operations. |
drain {vip[{:Port | :all}] | all[{:Port | :all}]} {Cluster[:{Host]| all {local | global}}} |
Disables new traffic handling for the rule whose port range contains the specified port. The first set of optional parameters allow the command to address every virtual IP address (vip), or specific vips on a specific port rule or on all ports. The second set of optional parameters allow the command to address a specific cluster, a specific cluster on a specific host, all clusters on the local computer, or all global computers that are part of the cluster. All ports specified by the port rule are affected. If all is specified for the port, this command is applied to the ports covered by all port rules. New connections to the specified hosts are not allowed, but all active connections are maintained. To disable active connections, use the disable command instead. This command has no effect if the specified hosts have not started cluster operations. |
query [{Cluster[:Host]| all {local | global}}] |
Displays the current cluster state and the list of host priorities for the current members of the cluster. The possible states are: Unknown. The responding host has not started cluster operations and cannot determine the cluster's state. Converging. The cluster is currently attempting to converge to a consistent state. Prolonged convergence usually indicates a problem with cluster parameters. If this occurs, check the event logs on the cluster hosts for Network Load Balancing messages warning you about the source of the problem. Draining. The cluster has converged, and the responding host is draining active connections in response to a drainstop command. Converged as default. The cluster has converged, and the responding host is the current default (the highest priority host without a drainstop command in progress). The default host handles network traffic for all of the TCP/UDP ports not covered by the port rules. Converged. The cluster has converged, and the responding host is not the default host. The optional parameters allow the command to address a specific cluster, a specific cluster on a specific host, all clusters on the local computer, or all global computers that are part of the cluster. |
queryport [{vip:]Port [Cluster[:Host] | all [{local | global}]}] |
Displays information about a given port rule. The first parameter specifies which port rule to query. Specify the port rule by using a port number that is within the range of the port rule that you want to query. If necessary, you can also specify a virtual IP address (VIP). The default is all VIPs. However, if a particular port rule is assigned to only a specific VIP (as opposed to all VIPs) you must specify the appropriate VIP in order for the port rule to be found by this command. The second set of optional parameters allow the command to address a specific cluster, a specific cluster on a specific host, all clusters on the local computer, or all global computers that are part of the cluster. The information returned includes information regarding if the port rule was found or an indication that the port rule was not found, the state of the port rule (Enabled, Disabled or Draining), and a count of packets accepted and dropped on that port rule.. |
reload [{Cluster | all}] (local only) |
Reloads the NLB driver's current parameters from the registry. Cluster operations on the local host are automatically stopped and restarted if necessary. If an error exists in the parameters, the host will not join the cluster, and a warning is displayed. If this should occur, open the NLB Properties dialog box to fix the problem. |
display [{Cluster | all}] (local only) |
Displays extensive information about your current NLB parameters, cluster state, and past cluster activity. The last several event log records produced by NLB are shown, including the binary data attached to those records. This command is designed to assist in technical support and debugging. The registry information retrieved by the display command shows what the next state of NLB would be if a reload or some other operation that causes the driver to read the registry were to be performed. The registry information might or might not be the current state of NLB. |
params [{Cluster | all}] (local only) |
Displays information about your current NLB configuration. This command is similar to the display command, however, instead of retrieving the information from the registry, the params command queries directly from the kernel-mode driver. The information displayed is therefore the current state of NLB. (The registry information retrieved by the display command shows what the next state of NLB would be if a reload or some other operation that causes the driver to read the registry were to be performed. The registry information might or might not be the current state of NLB.) In addition to the configuration information, nlb params displays state variables from the kernel, including the current number of connections being maintained by NLB and the number of dynamic allocations that have been necessary for connection tracking. |
ip2mac Cluster |
Displays the media access control address corresponding to the specified cluster name or IP address. If multicast support is enabled, the multicast media access control address is used by NLB for cluster operations. Otherwise, the unicast media access control address is used. This command is useful for creating a static ARP entry in the router if necessary. |
[remote options] Specifies the remote options when using remote control operations. The following table describes the possible options.
Parameter | Description |
---|---|
/PASSW Password |
Specifies the remote control password. |
/PORT Port |
Specifies the cluster's remote control UDP port. |
/local |
Perform the operations only on the local computer. |
Remarks
- The cluster parameter can be either the cluster's full Internet
name or the cluster's primary IP address. You can omit the cluster
option when running nlb.exe directly on a cluster host. In this
instance, the command applies only to the local cluster host. To
address the cluster as a whole or a different host within the
cluster, you must also specify the target cluster, or target
cluster and specific host together.
- The host parameter specifies which host within the cluster to
which the command should be applied. If the host parameter is
omitted, the command applies to all hosts within the cluster. You
can specify host name using the internet host name, the IP address,
or the unique host priorities assigned in the Network Load
Balancing Properties dialog box. You can use the special host
priority value 0 (zero) to refer to the default host within a
cluster. You can omit the host option when running nlb.exe directly
on a cluster host. In this instance, the command applies only to
the local cluster host. To address the cluster as a whole or a
different host within the cluster, you must also specify the target
cluster, or target cluster and specific host together.
- Some commands can be invoked only on the cluster hosts
(designated above as local only).
- NLB hosts can be configured to join the cluster automatically
upon startup or to wait for the nlb start command by enabling the
initial host state option in the Network Load Balancing Properties
dialog box. You can use this command with the nlb stop command to
change cluster parameters for the local host without taking the
entire cluster offline.
- You can modify the parameters (for example, to add a port rule)
without disrupting the cluster's service to the clients. To do
this, take a host out of the cluster, update its parameters, and
then return it to the cluster. During this process, other cluster
hosts will detect inconsistencies in the rules, and they will
handle these inconsistencies in a manner that minimizes disruption
of service to the clients.
- You can use the nlb disable and nlb enable commands to
customize your cluster responses to various failures. For example,
if your SNMP monitoring program indicates that a Web server program
on one of the hosts has failed, you can issue the command nlb
disable 80 to prevent that host from accepting any further client
requests to the specified Web server port, causing other cluster
hosts to handle its load. After the Web server has been restarted,
the nlb enable 80 command can be issued to allow the host to resume
handling a portion of the cluster's network load for this port.