I'm attempting to troubleshoot some connectivity issues related to an
active/passive cluster (the back-end database) and an NLB cluster of
web servers (the front-end servers) behind a firewall. I suspect that
the nature of the active/passive cluster, the cluster virtual IP
address, and MAC addresses are causing the firewall to become
thoroughly confused. Can anyone shed some light on the behavior of
cluster virtual IP addresses; specifically:
- how do MAC addresses get associated with the cluster virtual IP?
- the behavior of the cluster virtual IP--is it a "receive only" IP
that won't appear as the source for traffic originating from the
- what about MAC addresses on an NLB cluster? What about their
behavior might confuse the ARP cache on a firewall? What steps can be
taken to ward off such issues?
This is my first major exposure to external connectivity to an
active/passive cluster behind a firewall, so I apologize if these are
TIA for any help, suggestions, information, etc.