Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

How to create a backbone between Windows servers with dual nics

Posted on 2005-04-19
26
Medium Priority
?
442 Views
Last Modified: 2013-11-09
I'm running Windows 2003 Server standard on three servers and each server has 2 gigabit network cards.  Yes I can team them and have the managed switches to do this.  However, I want to know also how to backbone them instead.  I've seen other threads on the subject but never seen a complete solution (correct me if there is one).

Here's what I have:

primary lan: 172.20.1.xxx
server1: 172.20.1.98, running DNS, all DC functions (will be splitting off from SBS soon but not yet)
server2: 172.20.1.99, running DNS
server3: 172.20.1.96, just arrived, not setup at all yet, but this is the plan

secondary lan I've tried: 172.20.2.xxx, with services such as netbios over tcp, and lm host lookup disabled
server1: 172.20.2.98, dns and gateway entries empty
server2: 172.20.2.99, dns and gateway entries empty
server3: 172.20.2.96, dns and gateway entries empty

Switches: Dell 5324, 3324, 3348 all managed, can setup vlans, etc.

The above is what I've setup for servers 1 & 2, but they're not sending anything on that.  I'm assuming I need to add entries to DNS but not sure what.

Thanks much.




0
Comment
Question by:djharris
  • 10
  • 8
  • 4
  • +2
26 Comments
 

Expert Comment

by:zawmo
ID: 13818435
Hi there,

172.20.2.98, 172.20.2.99 and  172.20.2.96 should be in different VLAN from 172.20.1.0 network.
As those NICs are disabled for NetBIOS, they may not produce broadcast, I guess.
Can you ping them each other by IP? One more thing I would like to know is; what is your real purpose for setting up this backbone? You will need to use IP instead of names as you have already disabled DNS and NetBIOS. From my view, I do not recommand putting DNS entry for those NICs. It will mess up your name resolution process.
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 13818602
im with zawmo to some degree,,, we really need to know what you are trying to accomplish by doing this before we can answer your question.  What is your goal for doing this basically???
0
 

Author Comment

by:djharris
ID: 13819044
My goal is strictly to give the servers their own conduit for DC replication with no chance of regular lan traffic interferring.  Ping from either server to the other works, and there are *some* packets going back and forth on the 2nd nics, but not as much as I expected.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:djharris
ID: 13819064
I meant to add:  ipconfig /all from server 1 shows the configuration.  From server 2 it only shows the main adapter as configured.
0
 

Author Comment

by:djharris
ID: 13819077
Sometimes I wish I could edit prior entries.  Disregard ipconfig /all not showing on server 2...
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 13819442
You would somehow tell the OS that you want replication traffic to only go out on a certain interface and all other traffic to go out of the other interfaces ( i dont know if this can be done)  Are these interfaces plugged directly into a switch?  Plugging them into a switch rather than a hub would eleminate shared bandwith on the lines between them.  Are you experiencing any replication troubles??? why do you want to do this?


In the future,,, list your ultimate goal as part of the question, rather than giving us a piece of the puzzle and then giving us the whole problem/goal later.  
0
 
LVL 88

Expert Comment

by:rindi
ID: 13819490
I'd use a "backbone" for backup purposes. But yes, it should work, as long as you set the netmask accordingly (in your example it would be 255.255.255.0 for either lan). And as zawmo said, don't use dns for the backbone. If you use arcserve for backing up, you can select the nic (or IP address) to use without problems. Backupexec shouldn't be a problem either.
0
 

Author Comment

by:djharris
ID: 13820710
Am I really asking that odd a question?  Why would I NOT want to give the servers a more direct path to each other?  Maybe I'm missing something, but it doesn't seem like that odd of a request to me.  

I'd like server-to-server traffic (including replication, including backup of one server from another) to have dedicated bandwidth, possibly even through it's own dedicated switch (I have an 8-port gigabit switch I could place here...it's just not a managed switch). I'd like the traffic to route automatically, but I don't understand enough about how the routing would occur between the nics, if in fact that's what happens.  I assumed dynamic routing would handle this but I'm willing to learn or tweak or whatever.  I know the routing tables track hops and stuff, but there's really no hop difference between the two routes.  I'd just like the "backbone" or whatever I'm supposed to call it to be the priority route.

There are two scenarios I'd like to prepare for: 1) primary lan saturation by workstations causing problems for server-to-server communications and 2) primary lan saturation by servers (say during backup) causing problems for workstations.

As an example, if 172.20.1 is saturated, for whatever reason (let's say I have massive SQL transactions to my SQL server, massive file writes to my file server, and massive internet usage from workstations (which bypasses the servers), I'd like the servers to continue to talk to each other with no problems.  Using teamed nics would still go through the potentially bandwidth limited primary network.  I'd rather there be an alternate route for server-to-server traffic.

And to mikeleebrla...I stated my ultimate goal: I want to know also how to backbone them instead.  I'm seeking knowledge and  I'm willing to give points for it.  I've seen multiple times here where someone asked the same question and then the question was abandoned.  Often people hinted...oh just do that...with no follow through.  I've seen articles that mention it but that never give details about HOW to do it.  Just today I was listening to a presentation on setting up clustering with the second nic being used for communication between the cluster servers, and it mentioned turning off all the "extra" things like netbios over ip so that the path was able to handle all the clustering data being sent back and forth.  Why do I have to have more of a goal than wanting to know how to do it?

0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 13824069
djharris,,,, i think you are really misunderstanding what "backbone" means.  It sounds like from what you have described so far that these servers are physcially in the same room and even plugged directly into the same switch right? In that case there is no need "backbone" them.  A backone is the physical network circuit that is usually between buildings, floors of buildings or even can span longer distances like between cities.  The backbone speed is often faster than the LAN speed.  This is b/c traffic on the backbone consists of traffic from multiple individual LANS. As in the case of a 20 story building.  The backone woud run vertically up/down all 20 floors and traffic from all 20 floors would carry traffic from all 20 floors.  So you would want this backbone to be faster than the LAN speed on each individual floor. For example if you have 100MBS on the LAN you might want 1000MBS on the backnone.  Note however, that if any two computers were on the same floor and you were doing a file transfer between them, they would never go on the backone link at all (and you wouldn't want them to)  Why?  b/c say these are two servers plugged into the same gigabit switch,  they are already getting full DEDICATED 1gig speed between them, so why would you want to route the traffic on the "backbone" which has shared 1gig speed with the other 20 floors?

in your situation you mentioned putting these two servers on a dedicated switch to increase the speed between them. Again (no offence) but i think you are misunderstanding how a switch works. A switch isn't a bus like a hub is so you get the full speed of the switch between devices on a switch. This is just one of the benifits a switch has over a hub (since its not a bus, the bandwidth isn't shared between the devices that are plugged into it, it is already dedicated).  

and not trying to be an a$$, but no you didn't mention your ultimate goal in your original question.  your original question doesn't mention anything about replication.  You first mentioned replication in your second post.  In that post you said "My goal is strictly to give the servers their own conduit for DC replication with no chance of regular lan traffic interferring" So that led me to believe that you only wanted replication traffic going across these links (since that is what you said).  Then in a later post you say "including replication, including backup of one server from another".  That changed your goal, since at first you said only replication, then later you changed it to replication AND backup, which is different.  Again, not trying to be an a$$, but the only thing we know about your situation, setup, and goals is what you tell us, and if you give us incomplete info and change your goal, or not state your goal it really makes it pretty hard to help you.  

definitions for backbone:

http://www.techweb.com/encyclopedia/defineterm.jhtml?term=backbone&_requestid=604969
http://www.webopedia.com/TERM/B/backbone.html
http://whatis.techtarget.com/definition/0,289893,sid9_gci211629,00.html
0
 

Author Comment

by:djharris
ID: 13825692
Okay, don't call it a backbone.  My bad.  You tell me what to call it.  For now I'll call it a "private" network.  And, I do understand how a switch works, but even a switch adds latency and can be overwhelmed with too much traffic (I know, not likely in my setup, but still).

Still, my ultimate goal remains the same.  I just want to know how to do this.  Any other goals I've given are because you guys seem to want them.  So just call it an exercise then.  I don't have access to a lab where I can play with this to my heart's content but I do have live servers with dual nics.  I've already stated that I can team the nics and that seems to be the general direction most other threads take this question.  I just wanted to know how to NOT team the nics but still use them for a speedy connection.  I was hoping the servers would pick their "private" lan instead of the "public" lan for the majority of their communication.

The whole reason this question even comes up in my mind is based on the limited information I saw in the clustering presentation about setting up the second lan cards between cluster members so they have a "private" network:

http://www.microsoft.com/technet/community/events/windows2003srv/tnt1-150.mspx

Here's the transcript for slide 35:

"Each computer should have at least two network cards, one for handling public network traffic, and a second for handling the private inter-node communications generated by the cluster service. All network cards must have a statically allocated IP address as Server Clusters do not currently support dynamic network addresses allocated using DHCP."

Here's the transcript for the demo part ("Using Cluster Administrator"):

"Both computers should also have at least two network cards-one configured for public communications that clients will use to access clustered resources, and the other intended for private communications such as heartbeat messages and other administrative data between nodes. It is good practice to name the adapters accordingly.
Both adapters must be configured to use the TCP/IP protocol, but both should have a fixed network address as Microsoft® Clustering Services do not currently support network adapters configured using DHCP. The IP addresses for the public and private interfaces should be on different subnets. The public adapter should be configured to use the domain controller, LON-DC-01, as its preferred DNS server. ,
The private adapter should be configured to generate as little extraneous traffic as possible, as its performance is critical to the response time of the cluster. Features such as WINS and NetBIOS should not be active on this adapter."

The problem is, this presentation doesn't go into all the necessary details, so I don't even know if there's more to setting this up or if it's specific to clustering.

Again, clustering, backup, replication...not my actual goal.  I just want to know how to do this so the servers have this high speed private link like Microsoft implied they need in clustering.  If this is a solution that ONLY works in clustering, then I guess I should just give up.
0
 
LVL 25

Accepted Solution

by:
mikeleebrla earned 400 total points
ID: 13826675
ok,, again, and i know you are going to disagree, but, WE NEED TO KNOW WHAT YOU ARE TRYING TO ACCOMPLISH!!!

you say in your last post "Still, my ultimate goal remains the same.  I just want to know how to do this."  the same as what? you never stated a goal anywhere.  then you say i want to know "this". this is a pronoun and doesn't describe anything at all.

what it sounds like want is what is called a frontnet (public) and a backnet (private) setup.  But then you started talking about a cluster which is something different all-together.  A cluster is when you want 2 machines to handle the same workload (either active/active or active passive)  What you definetly don't want is what is  nic teaming as nic teaming is when you have 2 physical nics that appaer as one logical nic to the OS and won't accomplish what you are tying to achieve at all.

If you want to do a frontnet/backnet then you need to setup vlans (true it is possible to do it without them but vlans are the standard way).   As mentioned earlier you can then use arcserve or backupexec to do backups over the "backnet" IP address. Basically YOU tell the traffic which nic you want it to hit.  For example if this server is a WWW server open to the public, you would route the www traffic to the servers public IP NIC and then you would do the backups on the other backnet NIC. This way the traffic would be split between the 2 nics.  But again, since we dont know your setup or goal, i am forced to speak hypothetically.

again, nic teaming, frontnet/backnet and clustering are all COMPLETELY seperate things. Before we can tell you how to set one of them up, we obviously have to know which one you want.
0
 

Author Comment

by:djharris
ID: 13827907
Yes, I want a frontnet/backnet.  I've setup vlans on my switch with card 1 connected to the default vlan (1) and card 2 connected to the vlan I added (2).  All workstations are also on the default vlan (1).  There seems to be some communication between the servers, but not as much as I expected.  Pings work between the servers using the backnet addresses but I don't know that they are originating from the backnet addresses.

I'm guessing from your comments that I need to ceorce traffic over the backnet and that the method is dependent on the software/service.  I was hoping this could be done generically (maybe through routing and/or DNS changes) but it sounds like that's not the case.  Right?

If this can't be done generically, then I'd like to know if at least the following services can work over the backnet: file shares (for SQL log dumps from one server to another), replication, any other AD services that are server-server.  And if so, how to set them up.  I can already see how to do this through Veritas for backups.
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 13828032
"Pings work between the servers using the backnet addresses but I don't know that they are originating from the backnet addresses."  if you dont have a route setup between the 2 vlans, then no traffic should be able to go between vlan1 and vlan2. so if you pinged from serverA to serverB using ServerB's backnet address and you got a reply then it would have to originate from ServerA's backnet NIC.  Also, if you still unsure about which nic the ping originated from, you can "tell" ping which interface to use by setting up proper routes on the servers themselves. run the route -? command for info on setting up routes. you use the "interface" command to tell the OS what interface/nic to use when it attempts to reach a certain network.  Remember that 2 vlans are seperate networks since they should be on different subnets.


0
 

Author Comment

by:djharris
ID: 13828250
As best I can tell, the routes look correct without me doing anything.  There's 2 specific entries regarding network 2 on each server:

On server1:

Network Destination        Netmask          Gateway       Interface  Metric
       172.20.2.0    255.255.255.0      172.20.2.98      172.20.2.98     10
      172.20.2.98  255.255.255.255        127.0.0.1        127.0.0.1     10
On server2:

Network Destination        Netmask          Gateway       Interface  Metric
       172.20.2.0    255.255.255.0      172.20.2.99      172.20.2.99     10
      172.20.2.99  255.255.255.255        127.0.0.1        127.0.0.1     10

Which tells me, on server1, that any packet sent to 172.20.2.xx OTHER THAN 172.20.2.98 will go through 172.20.2.98.

Does that look right to you?
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 13833601
looks right to me
0
 

Author Comment

by:djharris
ID: 13837643
Any idea how to change the priority of the non-source routes?  I would like all "other" traffic to always go through 172.20.1 first.

  255.255.255.255  255.255.255.255      172.20.1.98      172.20.1.98      1
  255.255.255.255  255.255.255.255      172.20.2.98      172.20.2.98      1
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 13837698
255.255.255.255 isn't a network address so it can't be in the first field. to change the "other" is to set the default route.

the default route is 0.0.0.0 with a MASK of 0.0.0.0

0
 
LVL 6

Assisted Solution

by:BILJAX
BILJAX earned 400 total points
ID: 13863583
mikeleebria, you are being very patient.

djharris has the soltion, just won't recognize it.

How about you install a 2nd switch, take each adaptor, assign a different IP subnet (out of your default domain).   like 10.10.10.1 for serverA-card2(subnet 255.255.255.250), 10.10.10.2(subnet 255.255.255.250)for serverB-card2, 192.168.10.10 for ServerA-Card1 and 192.168.10.11 for ServerB-Card1........  That would give you the traffic you need.  As far as telling DC/GC propigation to use those NICs,
0
 

Author Comment

by:djharris
ID: 13863942
You guys amaze me.  After so many entries being pedantic about  what I call it and "what I want" I finally give you what I want and there's no answer for it.  So far I've learned nothing new.  So what changes do I need to make to dns and/or whatever to get the active directory services to work over the backnet?
0
 
LVL 6

Assisted Solution

by:BILJAX
BILJAX earned 400 total points
ID: 13863955
Actually, the service replication that occurs in among the DC/GC servers doesn't take up too much bandwidth.   What I would suggest is getting a gigabit switch, put the servers as teamed NICS (failover protection) and give each server 1 Static IP.   You don't need to divide the replication services from the regular LAN traffic.  
0
 
LVL 88

Assisted Solution

by:rindi
rindi earned 200 total points
ID: 13864031
I don't think windows is clever enough for you to be able to tell it which nic to do AD replication on. You need a real networkin Server OS, like netware or linux to do something like that.
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 13866370
Biljax,,, thank you for recognizing how patient ive been,,, it hasn't been easy let me tell you that
djharris,, your attitude is 100% wrong. You should never ridicule those who are trying to help you. Especially since we aren't even getting paid for it. Even if we were getting paid you shouldn't "talk" to people the way you have been talking to us here with comments like "you guys amaze me".  You say you haven't learned anything? Well thats your fault, not ours.  You didn't even know what the difference was between nic teaming, frontnet/backnet, a cluster, how to make a default gateway etc etc, before this forum got started.  If you actually read, i stated VERY early in this post that i didn't think that you could tell Windows to replicate over a particular nic. Rindi's last post says the same thing.
0
 
LVL 6

Expert Comment

by:BILJAX
ID: 13866451
That's why I left my replication statement open, because to my knowledge, there's no implementation.
0
 

Author Comment

by:djharris
ID: 13869002
Thank you biljax and rindi, at least you're not talking down to me.

Yes mikeleebrla, you're really smart.  You've put me in my place and 'learned' me what a backbone is.  But the negativity started with you, not me.  I admit I was getting defensive, but your "holier than thou" attitude comes across loud and clear in your off-topic comments.  You've basically preached to me in half the comment entries you've made.

You also said: "You didn't even know what the difference was between nic teaming, frontnet/backnet, a cluster, how to make a default gateway etc etc, before this forum got started."  You're right on the frontnet/backnet...whole point of the topic really.  And you're right on the routing...at least partially.  However, I do understand what a cluster is and don't see how you can determine from anything I've said that I don't.  I also stated in the first post that I could already team them.  I just wanted to understand how to do things differently.

I guess what I should have done is already know the answer to the question so that I could express it plainly enough for you to be nice enough to help.  Oh, wait, then why would I post it?  

So, let me summarize the answer to my question: a backnet CAN be setup between servers but only for specific applications that understand how to take those direct routes.  Some applications that can use them include certain tape backup software (including Arcserve and Backup Exec), Microsoft's clustering solution, and the file system (by specifying the backnet address in the unc path OR having a separate DNS entry for the backnet address).  No one that has participated in this discussion can think of a way to make AD replication go over this backnet.
0
 
LVL 88

Expert Comment

by:rindi
ID: 13869148
thanx
0
 
LVL 6

Expert Comment

by:BILJAX
ID: 13869171
Thanks harris, good luck.
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Unable to change the program that handles the scan event from a network attached Canon/Brother printer/scanner. This means you'll always have to choose which program handles this action, e.g. ControlCenter4 (in the case of a Brother).
LinkedIn blogging is great for networking, building up an audience, and expanding your influence as well. However, if you want to achieve these results, you need to work really hard to make your post worth liking and sharing. Here are 4 tips that ca…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question