Solved

4 Nics on one server, how can I make the route constant??

Posted on 2004-09-17
9
536 Views
Last Modified: 2013-12-23
Hi,

This is my dilema.  I have 4 nics on my Server.  The purpose for this is that I have 4 different ISP's.  
The ip addresses for each nic are as follow
172.16.1.x  255.255.255.0   ----------> DG ----------> 172.16.1.1
172.16.2.x  255.255.255.0   ----------> DG ----------> 172.16.2.1
172.16.3.x  255.255.255.0   ---------->DG ----------> 172.16.3.1
172.16.4.x  255.255.255.0   ---------->DG ----------> 172.16.4.1

This is the problem:
I noticed that the server running Windows 2000 Server is doing a load balance between all the nics.  At some point
if the request comes to the 172.16.1.x address, the response will be sent to the 172.16.2.x gateway.
This is variable will cause a loss in all my connections since the reply will be sent to a totally different link than the one
that came in.

How can I manage to make my server to respond always on the same interface, so that it doesn't fluctuate between nics.
This is causing network down situations on my lan.

Thanks
0
Comment
Question by:casatech
9 Comments
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
ID: 12090479
please show the outputs of IPCONFIG /ALL and ROUTE PRINT on the server which has 4 NICs installed. thanks,
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12091499
The issue is that no matter howmany NIC's you have, you can only have one default gateway.
If you look at the output of "route print" as bbao suggested you post, you will see all the default gateways with different metrics. Only the NIC with the lowest metric will be the true "default" path.

Only if the source and destination IP are local to the interface will you guarantee in/out the same interface.

If you are using private IP's on these NIC's, then I would assume there are 4 routers out in front of this server that are doing NAT? Or 1 router with 4 interfaces? I can't imagine using a Windows server as an Internet router...
0
 

Author Comment

by:casatech
ID: 12092747
Hi,
This is my  ipconfig all and the route print.  I have 4 PIXes doing the NAT Translations.  Two things I wanted to point out.
1- The metric on every nic is 1 - Didn't do anything fancy, just added the ip and Gateway on each nic.
2- The route print here is showing 172.16.1.1
at the moment, but if check it later the gateway will change to 172.16.2.1, 172.16.3.1 etc..

C:\Documents and Settings\Administrator>ipconfig /all

Windows 2000 IP Configuration

        Host Name . . . . . . . . . . . . : gigawebserver
        Primary DNS Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter DMZ 1 172.16.1.10:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Etherne
        Physical Address. . . . . . . . . : 00-06-5B-8C-62-03
        DHCP Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 172.16.1.11
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        IP Address. . . . . . . . . . . . : 172.16.1.10
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 172.16.1.1
        DNS Servers . . . . . . . . . . . : 196.40.31.66
                                            196.40.3.10

Ethernet adapter DMZ 2 172.16.2.108:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Linksys LNE100TX(v5) Fast Ethernet
dapter #2
        Physical Address. . . . . . . . . : 00-0C-41-20-3F-07
        DHCP Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 172.16.2.108
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 172.16.2.1
        DNS Servers . . . . . . . . . . . : 196.40.31.66
                                            196.40.3.13

Ethernet adapter  DMZ 3 172.16.3.197 & 202:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Linksys LNE100TX(v5) Fast Ethernet
dapter
        Physical Address. . . . . . . . . : 00-0C-41-20-3E-D3
        DHCP Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 172.16.3.202
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        IP Address. . . . . . . . . . . . : 172.16.3.197
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 172.16.3.1
        DNS Servers . . . . . . . . . . . : 196.40.31.66
                                            196.40.3.13
        Primary WINS Server . . . . . . . : 192.168.0.1

Ethernet adapter DMZ 4 172.16.4.173:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Intel(R) PRO/100+ Dual Port Server
dapter
        Physical Address. . . . . . . . . : 00-02-B3-AC-81-8C
        DHCP Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 172.16.4.173
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 172.16.4.1
        DNS Servers . . . . . . . . . . . : 196.40.31.66
                                            196.40.31.67

Ethernet adapter Local Network:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Intel(R) PRO/100+ Dual Port Server
dapter #2
        Physical Address. . . . . . . . . : 00-02-B3-AC-81-8D
        DHCP Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 192.168.0.19
        Subnet Mask . . . . . . . . . . . : 255.255.0.0
        Default Gateway . . . . . . . . . :
        DNS Servers . . . . . . . . . . . :

C:\Documents and Settings\Administrator>route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x1000003 ...00 02 b3 ac 81 8d ...... Intel(R) PRO/100+ Dual Port Server Adapt

0x1000006 ...00 06 5b 8c 62 03 ...... Broadcom NetXtreme Gigabit Ethernet Driv

0x4000004 ...00 0c 41 20 3f 07 ...... Linksys LNE100TX(v5) Fast Ethernet Adapt
 NDIS5 Driver
0x4000005 ...00 02 b3 ac 81 8c ...... Intel(R) PRO/100+ Dual Port Server Adapt

0x4000007 ...00 0c 41 20 3e d3 ...... Linksys LNE100TX(v5) Fast Ethernet Adapt
 NDIS5 Driver
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0       172.16.1.1     172.16.1.10       1
          0.0.0.0          0.0.0.0       172.16.2.1    172.16.2.108       1
          0.0.0.0          0.0.0.0       172.16.3.1    172.16.3.197       1
          0.0.0.0          0.0.0.0       172.16.4.1    172.16.4.173       1
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
       172.16.1.0    255.255.255.0      172.16.1.10     172.16.1.10       1
      172.16.1.10  255.255.255.255        127.0.0.1       127.0.0.1       1
      172.16.1.11  255.255.255.255        127.0.0.1       127.0.0.1       1
       172.16.2.0    255.255.255.0     172.16.2.108    172.16.2.108       1
     172.16.2.108  255.255.255.255        127.0.0.1       127.0.0.1       1
       172.16.3.0    255.255.255.0     172.16.3.197    172.16.3.197       1
     172.16.3.197  255.255.255.255        127.0.0.1       127.0.0.1       1
     172.16.3.202  255.255.255.255        127.0.0.1       127.0.0.1       1
       172.16.4.0    255.255.255.0     172.16.4.173    172.16.4.173       1
     172.16.4.173  255.255.255.255        127.0.0.1       127.0.0.1       1
   172.16.255.255  255.255.255.255      172.16.1.10     172.16.1.10       1
   172.16.255.255  255.255.255.255     172.16.2.108    172.16.2.108       1
   172.16.255.255  255.255.255.255     172.16.3.197    172.16.3.197       1
   172.16.255.255  255.255.255.255     172.16.4.173    172.16.4.173       1
      192.168.0.0      255.255.0.0     192.168.0.19    192.168.0.19       1
     192.168.0.19  255.255.255.255        127.0.0.1       127.0.0.1       1
    192.168.0.255  255.255.255.255     192.168.0.19    192.168.0.19       1
        224.0.0.0        224.0.0.0      172.16.1.10     172.16.1.10       1
        224.0.0.0        224.0.0.0     172.16.2.108    172.16.2.108       1
        224.0.0.0        224.0.0.0     172.16.3.197    172.16.3.197       1
        224.0.0.0        224.0.0.0     172.16.4.173    172.16.4.173       1
        224.0.0.0        224.0.0.0     192.168.0.19    192.168.0.19       1
  255.255.255.255  255.255.255.255     192.168.0.19    192.168.0.19       1
Default Gateway:        172.16.1.1
===========================================================================
Persistent Routes:
  None


0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12092819
Interesting setup....

>2- The route print here is showing 172.16.1.1
at the moment, but if check it later the gateway will change to 172.16.2.1, 172.16.3.1 etc..

It appears that with the same metric, it is "round-robin"ing the gateways.

My suggestion would be a good Layer 3 switch between this server and the 4 PIX firewalls w/ redundant gigabit uplinks to the server. The server only having 1 IP address.

May I be so bold as to ask the purpose of having 4 firewalls to 4 different ISP's connected to one server? There's got to be a better way to accomplish your goal..
0
New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

 

Author Comment

by:casatech
ID: 12097534
Hi,

Thanks for the solution of the Layer 3 switch, we have actually thought about purchasing a L3 switch to provide routing and that way to only have 1 default gateway.
During the troubleshooting process we found out that some of the ports on one of the switch were failing, we changed the switch and it started working.

This is what I want to accomplish and this is the main reason why I opened up this ticket:
I want to provide full redundancy for my servers.  
1- We have 4 different ISP to provide redundancy for our servers.  (So far we have to manually connect each server
on different ISP)
If I put a Layer3 switch I know I will be able to route and there will only be a need for 1 default gateway for my servers.
But will I be able to distribute traffic according to percentages??? For example, tell the L3 switch to send 25% of the traffic to
each of the ISP???
2-  If you had to set up redundancy for your servers with 4 different ISP's and to create a load balance how would you do it?

Thanks
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12097711
The most common way I've done it and seen it done many many times:

  ISPA    ISPB   ISPC    ISPD
    |          |        |         |
  RTR1   RTR2  RTR3   RTR4  <== All routers running BGP (automatic proportional load-balancing)
    |______|        |_____|             to each ISP. Could all be one router.
           |    \       /     |
         SW1--------  SW2         <== redundant switches x-connected
             \              /              <== OSPF or other iGP routing protocol, with firewall participating
               \          /                         Yes, PIX will do OSPF
              Firewall PAIR <== redundant/ failover firewall pair (PIX in your case)
                    | |
                SWITCH -----|     <== could be another pair of x-connected switches
                 |     |  |       |             not necessarily L3, L2 only required
             SRV1   | SRV1  |
             NIC1    | NIC2   |
                        |          |
                     SRV2     SRV2
                      NIC1     NIC2

ALTERNATIVE:

 ISPA    ISPB   ISPC    ISPD
    |          |        |         |
  RTR1   RTR2  RTR3   RTR4  <== All routers running BGP (automatic proportional load-balancing)
    |______|        |_____|             to each ISP. Could all be on one router
           |                 |
         SW1          SW2        
            |                |              <== OSPF or other iGP routing protocol, with firewall participating
            |                |                    Yes, PIX will do OSPF
  Firewall PAIR       Firewall PAIR <== redundant/ failover firewall pair (PIX in your case)
             |                |
          SWITCH    SWITCH      <== could be another pair of x-connected switches
                 |  |     |       |               L3 switch here could do OSPF for load-balance, failover with the
             SRV1|   SRV1  |                PIX's
             NIC1 |   NIC2   |
                     |            |
                   SRV2     SRV2
                    NIC1     NIC2
0
 
LVL 1

Expert Comment

by:billyvandergaw
ID: 12103043
dude....your like crazy...you need only one nic.  maybe 2.  but 4?  with 4 ISP's?!  thats just insane.  Why do you need 4 ISP's?  why not invest in faster internet solutions instead of 4 slower ones?  I suggest purchasing one nic for one T1 or T3 connection if ur need for speed is what you want.  
0
 

Author Comment

by:casatech
ID: 12113790
Hi Irmore,

Thanks a lot for those suggestions.... *  I forgot to mention one mayor detail.... my ISP doesn't support
BGP...
Without BGP is there anything else to try???
Thanks
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 12113840
Only one, but it'll cost ya..:
http://www.fatpipeinc.com/xtreme/
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

A brief overview to explain gateways, default gateways and static routes OR NO - you CANNOT have two default gateways on the same server, PC or other Windows-based network device. In simple terms a gateway is formed when a computer such as a serv…
Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now