I have a network layout like this (ESXi hosts):
Internal Network
+
+-----------------+ |
| Host1 | |
NLB Heartbeat |-----------------| |
+------------+<- 10.10.1.x | |
| | | | +------------+
| | 192.168.9.x ->+------------+ | |
| +-----------------+ | | |
|VLAN 2 | | Public |
| +-----------------+ |
| +-----------------+ | | |
| | Host2 | | +------------+
| |-----------------| |Cluster IP:
+------------+<- 10.10.1.x | |192.168.9.x
| | |
| 192.168.9.x ->+----------+
+-----------------+
My goal is to have the cluster IP accessible from inside the network. That is, I can access services on that IP address. The reason I'm using a VLAN is because of multicast flooding switch ports otherwise, so I want to isolate the NLB traffic to its own network.
Both hosts are connected to the same switch. For some strange reason, on my switch (HP 1910-48G), I am unable to add a static ARP entry for the cluster:
[3Com Baseline Switch]arp static 192.168.9.x 0100-5e7f-090a
MAC Address Error: Invalid MAC address.
The MAC address is formatted weird, but that's how the switch expects it.
So currently, I'm unable to ping or access anything on the cluster IP. All the VLAN traffic appears to be okay (the VMs can communicate with each other). Is there something I am missing?
I was able to finally figure this out after looking at my switch:
As you can see in the screenshot, the switch the ESXi hosts were connected to has IGMP Snooping as well as Querier capabilities. By enabling this:
I noticed the broadcast traffic suddenly disappear from wireshark and be constrained to the two ports. The IP listed is the IP of the switch itself. I'm sure different hardware has different ways of making this work, but this seemed to work for me!