Tài liệu Module 11: Troubleshooting a Network Load Balancing Cluster doc

Contents Overview 1 Using Status Tools and Utilities 2 Using Network Tools and Utilities 16 Lab A: Network Load Balancing Cluster Troubleshooting 21 Review 27 Module 11: Troublesh

Contents

Overview 1

Using Status Tools and Utilities 2

Using Network Tools and Utilities 16

Lab A: Network Load Balancing Cluster

Troubleshooting 21

Review 27

Module 11:

Troubleshooting a Network Load

Balancing Cluster

with all applicable copyright laws is the responsibility of the user No part of this document may

be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Microsoft Corporation If, however, your only means of access is electronic, permission to print one copy is hereby granted

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property

 2000 Microsoft Corporation All rights reserved

Microsoft, Active Directory, BackOffice, Jscript, PowerPoint, Visual Basic, Visual Studio, Win32, Windows, Windows NT are either registered trademarks or trademarks of Microsoft Corporation

in the U.S.A and/or other countries

Other product and company names mentioned herein may be the trademarks of their respective owners

Program Manager: Don Thompson

Product Manager: Greg Bulette

Instructional Designers: April Andrien, Priscilla Johnston, Diana Jahrling

Subject Matter Experts: Jack Creasey, Jeff Johnson

Technical Contributor: James Cochran

Classroom Automation: Lorrin Smith-Bates

Graphic Designer: Andrea Heuston (Artitudes Layout & Design)

Editing Manager: Lynette Skinner

Editor: Elizabeth Reese

Copy Editor: Bill Jones (S&T Consulting)

Production Manager: Miracle Davis

Build Manager: Julie Challenger

Print Production: Irene Barnett (S&T Consulting)

CD Production: Eric Wagoner

Test Manager: Eric R Myers

Test Lead: Robertson Lee (Volt Technical)

Creative Director: David Mahlmann

Media Consultation: Scott Serna

Illustration: Andrea Heuston (Artitudes Layout & Design)

Localization Manager: Rick Terek

Operations Coordinator: John Williams

Manufacturing Support: Laura King; Kathy Hershey

Lead Product Manager, Release Management: Bo Galford

Lead Technology Manager: Sid Benavente

Lead Product Manager, Content Development: Ken Rosen

Group Manager, Courseware Infrastructure: David Bramble

Group Product Manager, Content Development: Julie Truax

Director, Training & Certification Courseware Development: Dean Murray

General Manager: Robert Stewart

Instructor Notes

This module provides students with the knowledge and skills to troubleshoot a Network Load Balancing cluster by using various status and networking tools

and utilities

After completing this module, students will be able to:

Describe the status tools that are available to monitor and analyze a Network Load Balancing cluster

Identify troubleshooting issues that occur within the Network Load Balancing cluster

Describe the networking tools that are used to detect and troubleshoot network problems

Materials and Preparation

This section provides the materials and preparation tasks that you need to teach this module

Required Materials

To teach this module, you need the Microsoft® PowerPoint® file 2087A_11.ppt

Preparation Tasks

To prepare for this module, you should:

Read all of the materials for this module

Complete Lab A: Network Load Balancing Cluster Troubleshooting

Study the review questions and prepare alternative answers to discuss

Anticipate questions that students may ask Write out the questions and provide the answers

Presentation:

30 Minutes

Lab:

15 Minutes

Demonstration

This section provides demonstration procedures that will not fit in the margin notes or are not appropriate for the student notes

Examining Network Properties

Install the full version of Network Monitor from Systems Management Server 2.0 on the instructor computer

Install the Network Load Balancing parser files from the Microsoft Windows® 2000 Server resource kit The installation of the parser dlls requires modification of several ini files for Network Monitor The procedure is documented in the resource kit tools; you can search for wlbs to find it

If you do not install the Network Load Balancing parser into Network Monitor, the heartbeat traffic will not be parsed and displayed The heartbeat traffic will

be available for display only as binary data

Install the capture files from the Instructor CD into the capture directory for your installation of Network Monitor

Module Strategy

Use the following strategy to present this module:

Using Status Tools and Utilities Review the concepts of direct and inferred status information with the students

Remind the students that monitoring system performance is an important part of maintaining and administering a Network Load Balancing cluster Access Computer Management and demonstrate the Performance Tool for the class

Prior to the Discussion: Acquiring Data with the Performance MMC, review with the students how they can collect the performance data, then store and use it for later analysis

Briefly review Network Monitor with the students; they should be familiar with this tool Ask the students how they have used this networking tool Review with the students the types of event logs that they can expect to see for a Network Load Balancing cluster and how they can use these logs to troubleshoot the cluster

Troubleshooting Problems Explain to the students that the table of troubleshooting issues is only a partial list There are many more possible troubleshooting issues that are listed under troubleshooting in the Wlbs help files

Using Network Tools and Utilities Review the network tools and utilities with the students

Overview

When troubleshooting a Network Load Balancing cluster you will find that configuration errors, automated responses to failures, and changes to the network infrastructure can change the status of a cluster For example, if a single host within a cluster fails to come online, the cluster will not converge

To troubleshoot a Network Load Balancing cluster, you can use the various tools that are available to analyze the problem without visiting the management console on the failed cluster member

Error handling in the Network Load Balancing cluster is designed to minimize the possibility of disrupting the cluster’s service to client requests, while allowing a cluster’s parameters and member hosts to dynamically change as required For example, you can add hosts to the cluster, remove them for maintenance, add port rules, and modify rule parameters, all without interrupting Cluster service

The cluster administrator must decide how to monitor changes in the cluster status and how to investigate failures in both the configuration and operation of the cluster

After completing this module, you will be able to:

Describe the status tools that are available to monitor and analyze a Network Load Balancing cluster

Identify troubleshooting issues that occur within the Network Load Balancing cluster

Describe the networking tools that are used to detect and troubleshoot network problems

In this module, you will learn

about the tools, utilities, and

commands that are used to

monitor, analyze, and

troubleshoot a Network

Load Balancing cluster

Using Status Tools and Utilities

While the operation of a Network Load Balancing cluster is automatic after you have properly configured it, you can be required to investigate failures and set performance baselines when troubleshooting You use these baselines to test against, and interactively monitor, current cluster performance

You can use various tools and utilities in Microsoft® Windows® 2000 to provide status information on the operation of a Network Load Balancing cluster The status tools and utilities provide information on the cluster operation, individual hosts within the cluster, and network conditions for client connections made to the cluster There are two types of status information about cluster operation, direct or inferred

Direct Status Information

There are tools and utilities that provide direct status information on the operation of a Network Load Balancing cluster; you can collect this data from the following three sources:

The events written to the event log by the Network Load Balancing driver

Interactive information derived by running Wlbs.exe

Interactive information derived from the Windows Management Instrumentation (WMI) provider for Network Load Balancing

Topic Objective

To describe the status tools

that are available to monitor

and analyze a Network Load

Balancing cluster

Lead-in

While the operation of a

Network Load Balancing

cluster is automatic after

you have properly

configured it, you can be

required to investigate

failures and set performance

baselines when

troubleshooting

Inferred Status Information

There are tools that you can use to collect only inferred status information on the operation of the Network Load Balancing cluster These tools and utilities provide information, which you must then interpret to determine the operational status of the cluster The tools and utilities that provide this data are:

The Performance tool, which includes the System Monitor tool and Performance Logs and Alerts

The Network Monitor tool

The Ping.exe and Pathping.exe utilities

The Arp.exe utility

The Netstat.exe utility

The Performance Tool

Computer Management

Action View Tree

Computer Management (Local) System Tools Event Viewer System Information Performance Logs and Alerts Counter Logs Trace Logs Alerts Shared Folders Device Manager

System O… This sample log provides an o… Binary File C:\PerfLogs\System_Overview.blg

Performance

Console Window Help Action View Favorites Tree Favorites

Console Root System Monitor Performance Logs and Alerts Counter Logs Trace Logs Alerts

100 75 50 25 0

Color Scale Counter Instance Parent Object 1.000 % Proc _Total - Proces… 10.000 Discover - - DHCP…

Microsoft Windows 2000 provides the Performance tool, which contains the System Monitor and Performance Logs and Alerts You can use these tools or utilities to display and collect performance information for the Network Load Balancing cluster Monitoring system performance is an important part of maintaining and administering your cluster You can use performance data to:

Understand your workload and the corresponding effect on your cluster or individual cluster hosts

Observe changes and trends in workloads and resource usage so that you can plan for future upgrades to the cluster or decide whether you should implement scale up or scale out strategies

Test configuration changes or other tuning efforts by monitoring the results

Diagnose problems and target components or processes for optimization System Monitor and Performance Logs and Alerts provide detailed data about the resources that are used by specific components of the operating system and

by server programs that have been designed to collect performance data The components of this tool are:

Graphs that provide a display for performance-monitoring data

Logs that provide recording capabilities for the data

Alerts that send notification to users by means of the Messenger service when a counter value reaches, rises above, or falls below a defined threshold

Topic Objective

To describe how you can

use the Performance tool to

view the performance of a

Network Load Balancing

cluster

Lead-in

Microsoft Windows 2000

provides the Performance

tool, which contains the

System Monitor and

Performance Logs and

Alerts

Key Points

There are no specific

performance objects and

counters for the Network

Load Balancing driver

Because the driver is

installed in the TCP/IP stack

the IP data below and above

the driver can be monitored

Performance Objects and Counters

Performance objects and counters supply data from system components in your computer As a component performs work on your system, it updates the performance data The data is described as a performance object and is typically named for the component generating the data For example, the Processor object is a collection of performance data about processors on your system

There are no specific performance objects and counters for the Network Load Balancing driver Because the driver is installed in the Transmission Control Protocol/Internet Protocol (TCP/IP) stack you can monitor the IP data below and above the driver

In monitoring your system, you can use many performance objects, for example, in a Network Load Balanced Web site you can monitor the Internet Information Services (IIS) and Hypertext Transfer Protocol (HTTP)

performance objects to assess the performance of the Web site Because Network Load Balancing works only with IP traffic, the objects you will use most frequently to monitor the Network Load Balancing drivers are:

IP

TCP

User Datagram Protocol (UDP)

To monitor TCP/IP statistics on computers running Windows 2000, install the Simple Network Management Protocol (SNMP) service

Performance Logs and Alerts access these TCP/IP statistics

Performance Data Collection Strategies

The System Monitor tool allows you to capture real-time monitoring and display of performance data With the Performance Logs and Alerts tool you can acquire performance data to designated file and alerts on any counter The tools permit access to local and remote computers

You can generate performance monitor log files on individual servers, or you can obtain the data from multiple servers by a single instance of Performance Monitor, writing the data to a centralized log To ensure the smallest file sizes, always record data by using the binary format

You can collect data in the following ways:

Centralized, when the number of counters is low, or the collection interval is long, or both

Distributed, when the number of counters is high, or the collection interval

is short, or both

When collecting performance data you must decide whether you will collect data locally or from a central location It is recommended that the collection of data be centralized but not collected by using the Network Load Balancing cluster IP address If you collect data by using the cluster IP address, the in-band collection impacts throughput to the cluster

Note

Note

Discussion: Acquiring Data with the Performance MMC

Computer Management

Action View Tree

Computer Management (Local) System Tools Event Viewer System Information Performance Logs and Alerts Counter Logs Trace Logs Alerts Shared Folders Device Manager

System O… This sample log provides an o… Binary File C:\PerfLogs\System_Overview.blg

Performance

Console Window Help Action View Favorites Tree Favorites

Console Root System Monitor Performance Logs and Alerts Counter Logs Trace Logs Alerts

100 75 50 25 0

Color Scale Counter Instance Parent Object 1.000 % Proc _Total - Proces… 10.000 Discover - - DHCP…

To monitor servers, you must acquire status information for analysis, or set alerts to give instant notification on the monitored services You can view data from Performance Logs and Alerts in real-time, or save it to disk files for later analysis

Setting up a Monitoring Configuration

Configure Performance Logs and Alerts to report data for the recommended counters at regular intervals, such as every 10 to 15 minutes Retain logs over extended periods of time, store data in a database, and query the data to report

on and analyze the data as needed for overall performance assessment, trend analysis, and capacity planning

The following table shows the counters for monitoring IP, TCP, and UDP traffic

IP Counters TCP Counters UDP Counters

Datagrams forwarded/sec Connection Failures Datagrams No Port/sec Datagrams Outbound

Discarded

Connections Active Datagrams Received

Errors Datagrams Outbound No Route Connections

Connections Reset Datagrams/sec

Datagrams Received Discarded Segments

To monitor servers, you

must acquire status

information for analysis, or

set alerts to give instant

notification on the monitored

services

There are many counters

involved in monitoring the

network related traffic Have

the students consider

(continued)

IP Counters TCP Counters UDP Counters

Datagrams Received Header Err

Segments Retransmitted/sec Datagrams Received Unknown

Protocol

Segments sent/sec Datagrams Received/Sec Segments/Sec Datagrams Sent/Sec

Datagrams/Sec Fragment Re-assembly Failures

Fragmentation Failures Fragmented Datagrams/Sec Fragments Created/Sec Fragments Re-assembled/Sec Fragments Received/Sec

To complete the discussion, read through the table and then answer the first question Be prepared to discuss the object classes and counters that are available, and their relevance as failure indicators

Questions

Answer the following questions

1 When monitoring a Network Load Balancing solution for an IIS-based Web site, which counters would provide an indication of a service failure?

Look at the counters that indicate Connection Failures and Connections Reset, which would indicate inbound traffic failures Web-based solutions would typically require monitoring of TCP counters

2 When designing a monitoring solution for your Network Load Balanced solution using unicast mode, would you use a distributed data or centralized performance data collection strategy?

Distributed data collection is most suitable where you must monitor a large number of servers; no out of band data collection facilities exist; you must monitor many counters; frequency of data collection is high; and in-band data collection may impact network performance Because the Network Load Balancing solution uses unicast, out of band

collection may no longer be possible due to the single media access control (MAC) address for the network adapter

Network Monitor

You can use the Network Monitor tool to capture and display the packets that a computer sends or receives on a local area network (LAN) You can also use Network Monitor to detect and troubleshoot networking problems that the local host might experience For example, as a network administrator, you can use Network Monitor to diagnose hardware and software problems when a host cannot communicate with other host members in the Network Load Balancing cluster

Network Monitor Components

Network Monitor is composed of an administrative tool called Network Monitor and a network protocol called the Network Monitor driver You must install both of these components to capture, display, and analyze network packets

By default, Network Monitor does not provide a parser to display heartbeat and remote control data between cluster members You must install the Windows Load Balancing Service (WLBS) network monitor parsers (Wlbs_hb.dll and

Wlbs_rc.dll) in the Netmon\Parsers directory The parsers for WLBS traffic are

available in the Windows 2000 Server Resource Kit

To monitor all of the traffic on a network you must use the version of Network Monitor provided with Microsoft Systems Management Server

You can use Network

Monitor to capture and

display the packets that a

computer sends or receives

on a local area network

(LAN)

Key Points

Running Network Monitor at

high usage times can

decrease system

performance Plan on

running Network Monitor

when the system is at low

usage or for short periods of

time To avoid capturing too

much information, capture

only as many statistics as

you need for evaluation

Smaller amounts of data

allow you to make a

reasonably quick diagnosis

of the problem

Note

Capturing Network Data

The process by which Network Monitor copies packets is referred to as capturing You can capture all of the network traffic to and from the local network card, or you can set a capture filter and capture a subset of packets You can also specify a set of conditions that trigger an event in a Network Monitor capture filter By using triggers, Network Monitor can respond to events on your network For example, you can start an executable file when Network Monitor has a trigger, which detects a particular set of conditions on the network, such as a large number of TCP connection Resets on a cluster After you have captured data, you can view it Network Monitor does much of the data analysis for you by translating the raw capture data into its logical frame structure

To minimize the amount of data that is being captured, you can use a capture filter to define the required capture traffic

It is not recommended to run the Network Monitor on a host within the cluster, as the Network Monitor driver will place the network adapter into promiscuous mode

Network Monitor Security

When running the Network Monitor, you can help protect your network from unauthorized use of Network Monitor installations; Network Monitor provides the capability to detect other installations of Network Monitor that are running

on the local segment of your network

Running Network Monitor at high usage times can decrease system performance Plan on running Network Monitor when the system is at low usage or for short periods of time To avoid capturing too much information, capture only as many statistics as you need for evaluation Smaller amounts of data allow you to make a reasonably quick diagnosis of the problem

When Network Monitor detects other installations that are running on the network, it displays the following information about them:

The name of the computer that is running the Network Monitor installation

The name of the user logged on at the computer

The state of Network Monitor on the remote computer (running, capturing,

or transmitting)

The adapter address of the remote computer

The version number of Network Monitor running on the remote computer

In some scenarios, your network architecture might prevent one installation of the Network Monitor tool from detecting another For example, if

a router that does not forward multicast packets separates another installation of Network Monitor from your installation of the tool, Network Monitor will not detect the previous installation

Note

Important

Note

Event Viewer

Event Viewer Events

The Network Load Balancing driver writes events to the event log recording status changes and errors for cluster operations For example, adding a host to the cluster with inconsistent port rules results in an error being written to the event log The system components and applications that are installed on a computer can write information to the event log, which records status changes, errors, or operating information

Event Viewer Overview

You can use Event Viewer to view and manage the event logs, gather information from the logs about hardware and software problems, and monitor Windows 2000 security events Events are recorded in three categories of logs; the application log, system log, and security log The Network Load Balancing driver writes to the system log

Event Viewer Events

Event Viewer displays these five types of events:

Error A significant problem, such as loss of data or loss of functionality

Warning Indicates a possible future problem

Information Describes a successful operation of an application, driver, or

service

Success Audit An audited security access attempt that succeeds

Failure Audit An audited security access attempt that fails

Topic Objective

To describe how you can

use the Event Viewer to

manage a Network Load

Balancing cluster

Lead-in

The Network Load

Balancing driver writes

events to the event log,

recording status changes

and errors for cluster

operations

Using Event Logs to Troubleshoot Problems

It is important to establish a baseline for your current configuration by using the System Monitor and Performance Logs and Alerts to understand the

accumulated events as your system operates In this way you can filter the accumulated events to show only events that indicate some abnormality in operation You can save the event logs for your system in log format to provide

a reference or baseline for normal operation

ID Event Description Comment

4 WLBS: Vx.y.z started successfully

Generated when a WLBS driver is loaded successfully

5 WLBS: cluster mode started with host ID 'N'

Generated on the local computer when the

cluster mode command wlbs start is issued

6 WLBS: cluster mode stopped Generated on the local computer when

commands like wlbs stop or wlbs drain are

issued

18 WLBS: Duplicate cluster subnets detected The network may have been inadvertently partitioned

This event can be caused by pulling the net tap on a server, which will cause the server to converge with itself and two clusters will form

23 WLBS: enabled traffic handling for rule containing port 'N'

Generated when the command wlbs enable

or a computer is restarted and the WLBS agent starts

24 WLBS: disabled ALL traffic handling for rule containing port 'N'

Generated when the cluster mode command

wlbs disable is issued either by an operator

or monitoring tool like HTTPMon

28 WLBS: host 'N' converged with host(s) 'N1, N2, , Nn' as part of the cluster

Generated when a convergence has been completed

29 WLBS: host 'N' converged as DEFAULT host with host(s) 'N1,N2, ,Nn' as part of the cluster

Generated only on the computer running as the default WLBS agent when a convergence has been completed

36 WLBS: registry parameters successfully reloaded

This event is issued only when the convoy

reload command is issued manually

38 WLBS: adjusted traffic handling for rule containing port N

This event is generated as a result of executing an undocumented WLBS command

39 WLBS: disabled NEW traffic handling for rule containing port N

This event is generated when the wlbs drain

command is executed for a single port

41 WLBS: disabled NEW traffic handling for all port rules

This event is generated when the wlbs drain

command is executed for all ports

42 WLBS: enabled traffic handling for all port rules

This event is generated when the wlbs

enable command is executed for all ports