[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Force traffic over specific NIC on Server with 2 NICS on same subnets

Posted on 2004-08-24
10
Medium Priority
?
1,212 Views
Last Modified: 2008-01-16
I have a Win2000 Advanced server that has 2 NICs.  I want the first NIC to respond to WWW traffic and the 2nd NIC to send/receive traffic through our firewall to our database server.  The 2 IP address are on the same subnet but I want to only open one hole in the firewall and that will be for the database NIC.  

It appears that my configuration works if the Database NIC gets enabled first (ie Disable then enable the WWW NIC).  However, if I reboot the server the NICs get enabled in random order and the databse traffic will sometimes default to the WWW NIC.  If I manually disable/enable the WWW NIC the database traffic will switch to the DB NIC and things are fine.  I want a reboot to be configured automaticaly 100% of the time.  Things I have tried are:

1. Physically move the NICs on the motherboard hoping one always gets enabled first. (doesn't happen)
2. Add a static persistent route to the database IP using the "Interface" option.  The static route works, but after a reboot, but the "Interface" part of the static route command does not.
3. Add a service that runs a batch file that in turn runs the route command.  I hold promise for this, but it didn't work the first time I tried it.  
4. Changed the binding order and made the Database NIC the first NIC listed. (didn't seem to make a difference)

Any other suggestions would be greatly appreciated.
0
Comment
Question by:spillanepp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 1

Expert Comment

by:acsservice
ID: 11887349
On the Public IP NIC go to the properties for the adapter and under the Advanced Tab of the TCP/IP uncheck the Automatic Metric and assign it a number 2.  Then do the same to the Internal NIC assigning it a 1.  This will give the Databse NIC first assignment.

If not already static you should make them static
0
 
LVL 11

Expert Comment

by:PennGwyn
ID: 11888326
Putting two NICs on the same network, IF IT WORKS AT ALL, tells everybody that you *don't care* which one handles the traffic.  (It's not guaranteed to work at all....)

If you want to route traffic differently over two NICs, their addressing has to reflect that difference.  If the second NIC is for a private back channel to the database server, put it on a private subnet and address the database server via an address that takes that route.

0
 
LVL 16

Expert Comment

by:The--Captain
ID: 11889053
>If the second NIC is for a private back channel to the database server, put it on a private subnet and address the database
>server via an address that takes that route

I concur.

Cheers,
-Jon
0
Survive A High-Traffic Event with Percona

Your application or website rely on your database to deliver information about products and services to your customers. You can’t afford to have your database lose performance, lose availability or become unresponsive – even for just a few minutes.

 

Author Comment

by:spillanepp
ID: 11917475
I really thought that acsservice's suggestion was going to work, but it actually didn't, so I went with the static route option and had it run with the autoexnt service at bootup.  Once I added the AutoExNT service I had to make sure that it was dependent on TCP/IP by modifying the registry and adding the DependOnService value.  At least it is working now.
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 11924743
I object - I think PennGwyn's solution was much cleaner, and the "right" way to accomplish the solution - IMO, the author has implemented some bizarrre workaround because s/he is afraid to adjust the networking config in some small way (other than local static routes).

I'm also hoping the author can clarify this:

>so I went with the static route option and had it run with the autoexnt service at bootup

I'd be interested to know how a static route solved this, and why it apparently works now, when the author listed it as number 3 in a list of things that *didn't* work.

I'm also not convinced this solution will work outside a narrow set of conditions, while PennGywn's solution will work on *any* OS that supports IP.

Cheers,
-Jon
EE Networking PE

0
 

Author Comment

by:spillanepp
ID: 11962854
While I agree that PennGywn's solution would work, it was not an option for me because of security concerns.  If I use the private subnet that the database server is on for one of the NICs then I have a server with a private and a public IP address that would be bypassing the firewall completely.  Personally I believe this comprimises security which I was not willing to do.  Reconfiguring the network with an additional subnet is really not an option because I was looking for a server based solution that didn't include making changes to the network infrastructure.  

I will also say that manually adding a static route always worked as stated in #2 of my question.  The problem I initally had was how to get the static route to run as a service.  Getting this to work solved my problem.  The reason it didn't work at the time of my first writing was because I  needed to manually add the DependOnService value to the HKLM\System\CurrentControlSet\ServicesAutoExNT registry key and then add TCPIP as a multi-string.  This forces TCPIP to start before running the route command.  Ideally I could have just added a persistent route, but in Windows 2000 the interface information is not retained in the registry.

To clarify how I got the route command to run I used the Technet article:
http://support.microsoft.com:80/support/kb/articles/Q243/4/86.ASP
and put the following command into the autoexnt.bat file
Route add <database ip> mask 255.255.255.255 <gateway ip> IF 0x1000003

I will also agree with you Jon that it may not work outside of the scope of this scenario (i.e. another OS), but I can tell you that it works on the two Windows 2000 servers that I tried it on (different hardware).  
0
 

Accepted Solution

by:
CetusMOD earned 0 total points
ID: 11983500
Closed, 125 points refunded.
CetusMOD
Community Support Moderator
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question