Windows 2000 Professional set up as router with two default gateways

Good day folks,

Here's a tough one, I think at least, can anyone give me a hint here?

At my client's site, hosts on a single-subnet LAN on network 10.x are set up with a PIX 501 firewall as default gateway. This device doesn't support multiple default routes, so to introduce redundancy in connecting to the Internet, I had to introduce a W2KP PC  as a router (with IP Routing enabled in the registry) and set this  PC up with two default gateways. Gateway 1 has metric 1 whereas the Gateway 2 has metric 2.

The W2KP PC correctly selects Gateway 1; when I unplug the UTP cable to Gateway 2 it neatly fails over quickly onto Gateway 2. When Gateway 1 is re-connected, it  quicklyre-selects Gateway 1 as default gateway (checking default gateway using route print).

My problem is this: I approached the design problem as a dead-gateway-detect case wherein the "host" at one end of the TCP connection selects the next gateway in its list after waiting in vain for acknowledgements to data segments for half the number of times in the TcpMaxDataRetransmissions registry setting. On second look, it seems to be the wrong approach because my W2KP device is not at the ends of a connection but simply examining destination IP addresses in its router role.

So is the elegant fail-over working simply because W2KP is detecting that the UTP cable to the respective gateways is getting detached?
LVL 1
edepaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

The--CaptainCommented:
>This device doesn't support multiple default routes

I'm not sure that's correct, but if it doesn't have seperate physical interfaces for your upstream connections, I am willing to bite...

>So is the elegant fail-over working simply because W2KP is detecting that the UTP cable to the respective gateways is getting
>detached?

That would be my guess - most decent routing software deletes routes through a physical interface if the physical interface goes down (in your case loses link/cable unplugged).

BTW, I'd try to find a cheap solution to your configuration that doesn't involve exposing a windows machine to the public internet - the security track record is really not that great...

Cheers,
-Jon


0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
edepaAuthor Commented:
Thanks Jon.

The PIX 501 really doesn't support multiple default routes - check out docs from the Cisco web site.

As regards the Windows machine, it might as well come tumbling down, there's no critical data on it.

Given the way that dead gateways operate, what do you think of this - I'll write a simple program that opens up a number of TCP connections to a partner site on the web and closes them immediately after as a way of testing whether that default route is available. Microsoft states that after 25% of open connections fail to receive an acknowledgement, the machine switches over its default gateway.

Cheers to you too,

edepa
0
Julian_CCommented:
Hi

I set up something very simlilar with a app farm under 2 ISA servers, each app server having 2 default GW's, one for each of the ISA's. Now, there was a switch involved here so if I turned off ISA01 the connection from the web server was still fine to the switch (pair) and the GW failed over to the second ISA and, in fact, still went via switch 01. It did not rely on the cable being unplugged from the server and seemed to failover quickly enough to not give us any issues. The problem I had was quite different. If the connection above ISA01 failed then as far as the app server was concerned the GW was still up and it didn't fail (as ISA was acting as a reverse proxy an still allowed the connection, returning an error at the application layer). Still, I fixed that in another way that completely escapes me now :-)

Cheers
Julian
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

stevenlewisCommented:
did you enable the dead gateway detection in the registry for the w2k box?
http://www.winguides.com/registry/display.php?id=886&filter=plain
0
AutoSpongeCommented:
Hawking makes a dual WAN DSL router for about $50.  If something like that doesn't work, you need do decide whether you want loadbalancing or redundancy.  If you want redundancy, we're talking two routers in front of the PIX with HSRP between them.  If we're talking loadsharing we're talking one dual wan device (unless you have routing protocols between you and your Internet provider(s) like BGP that will loadbalance for you and your own AS).
0
edepaAuthor Commented:
To stevenlewis: I don't think I need to enable DGD - it should be on by default for W2K. Under HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, there's a DeadGatewayDetectDefault REG_DWORD value that's set to 1.

To Autosponge: My client wants redundancy on Internet connectivity. The situation is that the local ADSL provider has poor quality lines with frequent outages so my client opted for a backup cable modem connection. Are you talking about something like two Cisco 837 routers running VRRP, one connected directly to the ADSL line and the other to the cable modem via the WAN port? What do you think of my alternative of writing a short program that opens up TCP connections to my client's partner site as a means of triggering the DGD fail-over?

0
AutoSpongeCommented:
You can try w2k WLBS (windows load balancing service) and basically tell the server he's a cluster of 1 that needs redundant connections.  This article may help.

http://support.microsoft.com/default.aspx?scid=kb;en-us;197991
0
edepaAuthor Commented:
ended up writing my own gateway switching software using platform sdk api calls from the ip helper library.

splitting points equally among participants.
0
stevenlewisCommented:
Thanks!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.