rj2
asked on
Windows 2000 question - multiple gateways
Hello!
We have two gateways to the Internet on our network.
Is it possible to make a webserver (neither IIS nor Apache) running on Windows 2000 server always return replies to the same gateway it was received from?
The server may have one or two NICs.
Links to MSDN that explains in detail how this could be setup or why this is not possible would be good.
We have two gateways to the Internet on our network.
Is it possible to make a webserver (neither IIS nor Apache) running on Windows 2000 server always return replies to the same gateway it was received from?
The server may have one or two NICs.
Links to MSDN that explains in detail how this could be setup or why this is not possible would be good.
It is not possible because routing decisions are made by the OS and are independant of any application. Routing decisions on any OS or router are made by routing tables and are have nothing to do with the source or the originally received packet. At that level of decision making, it is not concerned with where other packets came from or are going. It looks at the destination address, examines the routing table, and makes a decision based on this information ONLY.
Well, to some extent, it is irrelevant. Once a TCP transaction is open, the data TENDS to flow back the same way it came, but not necessarily. That's justthe nature of TCP/IP.
If there is a certain block of addresses that you always want to contact via a particular gateway, you can set that up in either the host routing tables, or the gateway routing tables.
If there is a certain block of addresses that you always want to contact via a particular gateway, you can set that up in either the host routing tables, or the gateway routing tables.
>>Well, to some extent, it is irrelevant. Once a TCP transaction is open, the data TENDS to flow back the same way it came, but not necessarily. That's justthe nature of TCP/IP.
It only "tends" to flow back the same way if there are limited options in active paths.
>>If there is a certain block of addresses that you always want to contact via a particular gateway, you can set that up in either the host routing tables, or the gateway routing tables.
This will only work if you know who the clients are. If you are load balancing across links and you have no idea who the clients may be (for example on a public web server) this is literally impossible.
Out of curiosity - what is the need for a solution such as this?
It only "tends" to flow back the same way if there are limited options in active paths.
>>If there is a certain block of addresses that you always want to contact via a particular gateway, you can set that up in either the host routing tables, or the gateway routing tables.
This will only work if you know who the clients are. If you are load balancing across links and you have no idea who the clients may be (for example on a public web server) this is literally impossible.
Out of curiosity - what is the need for a solution such as this?
ASKER
The purpose is to have the webserver accessible using two different external IPs so that if it can't be accessed by the first IP due to e.g. problem in ISP1's network or problem with ISP1's router or whatever it should be accessible with second external IP using ISP2's network. Server is accessed by special client software that understands this and tries other IP automatically if server can't be reached using first IP.
ASKER
What is the best way to set up a server that should be accessible using two different external IPs?
There are two Cisco routers, one for each ISP. The routers use NAT.
There are two Cisco routers, one for each ISP. The routers use NAT.
I think you're trying to setup some sort of fail-over capabilities on that server. Well... there are 2 ways of doing this:
- Round Robin DNS: this is where you have 2 IPs or more assigned to the same server, each IP on a different NIC. In this case, 50% or so of your visitors will go to NIC1 and the other 50% or so to the other NIC.
- Load Balancing/Fail-Over: This can be accomplished in Windows 2K Advanced Server. It has a built in Load Balancing feature. Or you can purchase a Lod-Balancer and configure it so that traffic will balance between the 2 NICs and in case one of the NICs fail, it will route traffic to the second NIC.
Hope that helps :)
-Thomas
- Round Robin DNS: this is where you have 2 IPs or more assigned to the same server, each IP on a different NIC. In this case, 50% or so of your visitors will go to NIC1 and the other 50% or so to the other NIC.
- Load Balancing/Fail-Over: This can be accomplished in Windows 2K Advanced Server. It has a built in Load Balancing feature. Or you can purchase a Lod-Balancer and configure it so that traffic will balance between the 2 NICs and in case one of the NICs fail, it will route traffic to the second NIC.
Hope that helps :)
-Thomas
I forgot to mention a 3rd solution which is much more expensive, and that's BGP. Running BGP on your router will allow you to fail-over to the second ISP in case the first ISP link goes down. In this case, you need a good router and you can actually connect both of your T1 lines to the same router, something like a Cisco 3640 or 7206 with 2 WIC cards.
-Thomas
-Thomas
>> The routers use NAT.
A possibly dumb idea : get them to masquerade the incoming connections. This way, the webserver will only "see" the IP addresses of one of these routers and it will "naturally" reply to the originating one. Drawback : the server logs are then almost useless.
A possibly dumb idea : get them to masquerade the incoming connections. This way, the webserver will only "see" the IP addresses of one of these routers and it will "naturally" reply to the originating one. Drawback : the server logs are then almost useless.
There are a few non-BGP routers that will load balance between two POPs and automatically failover to using just one if the other dies. Symantec bought one of them about a year back, for their firewall appliance line.
ASKER
What I want is the server to be available using a custom client also if it can't be reached using ISP1's network.
Such high availability is needed only for this custom client that knows that server can be reached using two different IPs.
I thought maybe it was possible to make the client try other IP automatically and setup the router (Cisco 1721 with 2 WICs) to route requests to the same gateway that the request came from for traffic initiated from outside.
Does that make sense/is that possible? If yes, how do I setup the router to do this?
Are there other or better ways of achieving this?
Such high availability is needed only for this custom client that knows that server can be reached using two different IPs.
I thought maybe it was possible to make the client try other IP automatically and setup the router (Cisco 1721 with 2 WICs) to route requests to the same gateway that the request came from for traffic initiated from outside.
Does that make sense/is that possible? If yes, how do I setup the router to do this?
Are there other or better ways of achieving this?
tchamtieh has the best recommendations - round-robin DNS, load balancing and BGP. What will work best for you has to be your decision.
You can't just point a single-interface NIC at two different gateways and expect any consistency.
You can try doing a dead-gateway-detection deal, but that won't load-balance or guarantee that the in and out routes are consistent, and won't help with public name resolution.
You can't just point a single-interface NIC at two different gateways and expect any consistency.
You can try doing a dead-gateway-detection deal, but that won't load-balance or guarantee that the in and out routes are consistent, and won't help with public name resolution.
ASKER
Ok, but is it possible to point a single-interface NIC at the Cisco 1721 router, and let the Cisco 1721 send requests to the gateway the request came from, using a setup like this (ie only one gateway in the LAN)?
s w i t c h (in LAN)
|
Our router (Cisco 1721)
| |
ISP1 ISP2
s w i t c h (in LAN)
|
Our router (Cisco 1721)
| |
ISP1 ISP2
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The only true remedy to this scenario is for you or your firm to acquire your own set of IPs from arin. In this case, your two or more providers will advertise your IP block. In this scenario if you loose connectivity with one provider you will still be accessible via the other. You would most likely need to setup BGP routing schemes with the other providers.