[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Windows 2000 Professional set up as router with two default gateways

Posted on 2004-11-28
9
Medium Priority
?
6,183 Views
Last Modified: 2013-11-30
Good day folks,

Here's a tough one, I think at least, can anyone give me a hint here?

At my client's site, hosts on a single-subnet LAN on network 10.x are set up with a PIX 501 firewall as default gateway. This device doesn't support multiple default routes, so to introduce redundancy in connecting to the Internet, I had to introduce a W2KP PC  as a router (with IP Routing enabled in the registry) and set this  PC up with two default gateways. Gateway 1 has metric 1 whereas the Gateway 2 has metric 2.

The W2KP PC correctly selects Gateway 1; when I unplug the UTP cable to Gateway 2 it neatly fails over quickly onto Gateway 2. When Gateway 1 is re-connected, it  quicklyre-selects Gateway 1 as default gateway (checking default gateway using route print).

My problem is this: I approached the design problem as a dead-gateway-detect case wherein the "host" at one end of the TCP connection selects the next gateway in its list after waiting in vain for acknowledgements to data segments for half the number of times in the TcpMaxDataRetransmissions registry setting. On second look, it seems to be the wrong approach because my W2KP device is not at the ends of a connection but simply examining destination IP addresses in its router role.

So is the elegant fail-over working simply because W2KP is detecting that the UTP cable to the respective gateways is getting detached?
0
Comment
Question by:edepa
  • 3
  • 2
  • 2
  • +2
9 Comments
 
LVL 16

Accepted Solution

by:
The--Captain earned 375 total points
ID: 12689230
>This device doesn't support multiple default routes

I'm not sure that's correct, but if it doesn't have seperate physical interfaces for your upstream connections, I am willing to bite...

>So is the elegant fail-over working simply because W2KP is detecting that the UTP cable to the respective gateways is getting
>detached?

That would be my guess - most decent routing software deletes routes through a physical interface if the physical interface goes down (in your case loses link/cable unplugged).

BTW, I'd try to find a cheap solution to your configuration that doesn't involve exposing a windows machine to the public internet - the security track record is really not that great...

Cheers,
-Jon


0
 
LVL 1

Author Comment

by:edepa
ID: 12689252
Thanks Jon.

The PIX 501 really doesn't support multiple default routes - check out docs from the Cisco web site.

As regards the Windows machine, it might as well come tumbling down, there's no critical data on it.

Given the way that dead gateways operate, what do you think of this - I'll write a simple program that opens up a number of TCP connections to a partner site on the web and closes them immediately after as a way of testing whether that default route is available. Microsoft states that after 25% of open connections fail to receive an acknowledgement, the machine switches over its default gateway.

Cheers to you too,

edepa
0
 
LVL 3

Assisted Solution

by:Julian_C
Julian_C earned 375 total points
ID: 12689494
Hi

I set up something very simlilar with a app farm under 2 ISA servers, each app server having 2 default GW's, one for each of the ISA's. Now, there was a switch involved here so if I turned off ISA01 the connection from the web server was still fine to the switch (pair) and the GW failed over to the second ISA and, in fact, still went via switch 01. It did not rely on the cable being unplugged from the server and seemed to failover quickly enough to not give us any issues. The problem I had was quite different. If the connection above ISA01 failed then as far as the app server was concerned the GW was still up and it didn't fail (as ISA was acting as a reverse proxy an still allowed the connection, returning an error at the application layer). Still, I fixed that in another way that completely escapes me now :-)

Cheers
Julian
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 41

Assisted Solution

by:stevenlewis
stevenlewis earned 375 total points
ID: 12690068
did you enable the dead gateway detection in the registry for the w2k box?
http://www.winguides.com/registry/display.php?id=886&filter=plain
0
 
LVL 5

Assisted Solution

by:AutoSponge
AutoSponge earned 375 total points
ID: 12690088
Hawking makes a dual WAN DSL router for about $50.  If something like that doesn't work, you need do decide whether you want loadbalancing or redundancy.  If you want redundancy, we're talking two routers in front of the PIX with HSRP between them.  If we're talking loadsharing we're talking one dual wan device (unless you have routing protocols between you and your Internet provider(s) like BGP that will loadbalance for you and your own AS).
0
 
LVL 1

Author Comment

by:edepa
ID: 12690666
To stevenlewis: I don't think I need to enable DGD - it should be on by default for W2K. Under HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, there's a DeadGatewayDetectDefault REG_DWORD value that's set to 1.

To Autosponge: My client wants redundancy on Internet connectivity. The situation is that the local ADSL provider has poor quality lines with frequent outages so my client opted for a backup cable modem connection. Are you talking about something like two Cisco 837 routers running VRRP, one connected directly to the ADSL line and the other to the cable modem via the WAN port? What do you think of my alternative of writing a short program that opens up TCP connections to my client's partner site as a means of triggering the DGD fail-over?

0
 
LVL 5

Expert Comment

by:AutoSponge
ID: 12691585
You can try w2k WLBS (windows load balancing service) and basically tell the server he's a cluster of 1 that needs redundant connections.  This article may help.

http://support.microsoft.com/default.aspx?scid=kb;en-us;197991
0
 
LVL 1

Author Comment

by:edepa
ID: 12749787
ended up writing my own gateway switching software using platform sdk api calls from the ip helper library.

splitting points equally among participants.
0
 
LVL 41

Expert Comment

by:stevenlewis
ID: 12750130
Thanks!
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
This program is used to assist in finding and resolving common problems with wireless connections.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

868 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question