Windows 2000 question - multiple gateways

We have two gateways to the Internet on our network.
Is it possible to make a webserver (neither IIS nor Apache) running on Windows 2000 server always return replies to the same gateway it was received from?
The server may have one or two NICs.
Links to MSDN that explains in detail how this could be setup or why this is not possible would be good.
LVL 10
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

It is not possible because routing decisions are made by the OS and are independant of any application.  Routing decisions on any OS or router are made by routing tables and are have nothing to do with the source or the originally received packet.  At that level of decision making, it is not concerned with where other packets came from or are going.  It looks at the destination address, examines the routing table, and makes a decision based on this information ONLY.  
Well, to some extent, it is irrelevant.  Once a TCP transaction is open, the data TENDS to flow back the same way it came, but not necessarily.  That's justthe nature of TCP/IP.

If there is a certain block of addresses that you always want to contact via a particular gateway, you can set that up in either the host routing tables, or the gateway routing tables.
>>Well, to some extent, it is irrelevant.  Once a TCP transaction is open, the data TENDS to flow back the same way it came, but not necessarily.  That's justthe nature of TCP/IP.

It only "tends" to flow back the same way if there are limited options in active paths.  

>>If there is a certain block of addresses that you always want to contact via a particular gateway, you can set that up in either the host routing tables, or the gateway routing tables.

This will only work if you know who the clients are.  If you are load balancing across links and you have no idea who the clients may be (for example on a public web server) this is literally impossible.

Out of curiosity - what is the need for a solution such as this?
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

rj2Author Commented:
The purpose is to have the webserver accessible using two different external IPs so that if it can't be accessed by the first IP due to e.g. problem in ISP1's network or problem with ISP1's router or whatever it should be accessible with second external IP using ISP2's network. Server is accessed by special client software that understands this and tries other IP automatically if server can't be reached using first IP.
rj2Author Commented:
What is the best way to set up a server that should be accessible using two different external IPs?
There are two Cisco routers, one for each ISP. The routers use NAT.
I think you're trying to setup some sort of fail-over capabilities on that server. Well... there are 2 ways of doing this:

- Round Robin DNS: this is where you have 2 IPs or more assigned to the same server, each IP on a different NIC. In this case, 50% or so of your visitors will go to NIC1 and the other 50% or so to the other NIC.

- Load Balancing/Fail-Over: This can be accomplished in Windows 2K Advanced Server. It has a built in Load Balancing feature. Or you can purchase a Lod-Balancer and configure it so that traffic will balance between the 2 NICs and in case one of the NICs fail, it will route traffic to the second NIC.

Hope that helps :)

I forgot to mention a 3rd solution which is much more expensive, and that's BGP. Running BGP on your router will allow you to fail-over to the second ISP in case the first ISP link goes down. In this case, you need a good router and you can actually connect both of your T1 lines to the same router, something like a Cisco 3640 or 7206 with 2 WIC cards.


>> The routers use NAT.

A possibly dumb idea : get them to masquerade the incoming connections. This way, the webserver will only "see" the IP addresses of one of these routers and it will "naturally" reply to the originating one. Drawback : the server logs are then almost useless.
There are a few non-BGP routers that will load balance between two POPs and automatically failover to using just one if the other dies.  Symantec bought one of them about a year back, for their firewall appliance line.
rj2Author Commented:
What I want is the server to be available using a custom client also if it can't be reached using ISP1's network.
Such high availability is needed  only for this custom client that knows that server can be reached using two different IPs.
I thought maybe it was possible to make the client try other IP automatically and setup the router (Cisco 1721 with 2 WICs) to route requests to the same gateway that the request came from for traffic initiated from outside.
Does that make sense/is that possible? If yes, how do I setup the router to do this?
Are there other or better ways of achieving this?
tchamtieh has the best recommendations - round-robin DNS, load balancing and BGP.  What will work best for you has to be your decision.  

You can't just point a single-interface NIC at two different gateways and expect any consistency.

You can try doing a dead-gateway-detection deal, but that won't load-balance or guarantee that the in and out routes are consistent, and won't help with public name resolution.
rj2Author Commented:
Ok, but is it possible to point a single-interface NIC at the Cisco 1721 router, and let the Cisco 1721 send requests to the gateway the request came from, using a setup like this (ie only one gateway in the LAN)?

s  w  i  t  c  h (in LAN)
Our router (Cisco 1721)
   |                   |
ISP1               ISP2
The router does not maintain a source path. It can't. It only knows about a source and destination IP address and a routing table with a default route for all routes not connected.
What you want cannot be done as long as both ISP links are active at one time.
However, if you loose connection to ISP1, then the only route out is ISP2.
Assuming that your client will only look for the alternate IP if it can't reach the first IP (through ISP1), then it is logical to assume that the outbound route to ISP1 would be dead and the packets automagically go back out through ISP2..
You might need to use a route-map for the nat statements...

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
The only true remedy to this scenario is for you or your firm to acquire your own set of IPs from arin. In this case, your two or more providers will advertise your IP block.  In this scenario if you loose connectivity with one provider you will still be accessible via the other.  You would most likely need to setup BGP routing schemes with the other providers.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.