Windows 2008+ Server and Multiple IP addresses.  Choosing the source IP based on longest prefix matching algorithm.

Posted on 2013-06-11
1 Endorsement
Last Modified: 2014-09-08
So I've recently discovered that with the TCP/IP stack changes that came with Vista/Server 2008 has changed how servers with multiple IPs operate.

I don't want to waste space articulating the changes, but this article should sum it up:

My question is regarding the selection of a source IP address using the longest prefix match method mentioned in that article from RFC 3484.

For example:

For example, consider the following addresses:

Client machine
IP Address /24 /24
Default Gateway

The server will use the address because it has the longest matching prefix.

To see this more clearly, consider the IP addresses in binary:

11000000 10101000 00000001 00001110 = (Bits matching the gateway = 25)
11000000 10101000 00000001 01000100 = (Bits matching the gateway = 26)
11000000 10101000 00000001 01111111 =

The address has more matching high order bits with the gateway address Therefore, it is used for off-link communication.

This makes sense to me, because you can clearly see that has more matching high order bits with the gateway.

What happens when the IPs addresses are and  

11000000 10101000 00000001 00001110 = (Bits matching the gateway = 25)
11000000 10101000 00000001 00001111 = (Bits matching the gateway = 25)
11000000 10101000 00000001 01111111 =

Which IP is chosen here?  They both have 25 matching bits.  The article doesn't really touch on this scenario.

Question by:mcdonamw79
  • 3
  • 2
  • 2
  • +1

Expert Comment

ID: 39239343
From my understanding of this, it may fall into the final rule which would be...

Rule 8 - Use longest matching Prefix is similar to rule 8a except the match
is with the destination IP address rather than the next hop IP address.

Expert Comment

ID: 39239354
So, you would see how many bits are matching the destination IP rather than the gateway.

Expert Comment

ID: 39239573
there is an address space overlap in your example.
all addresses /24 /24

are on the same subnet

if the OS allows you to configure overlapping IP addresses there must be a tiebreaker, like order of adapters (e.g. Lan0, Lan1).
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why


Author Comment

ID: 39239697
Thanks for the replies so far guys.

@babuse:  What if my destination is  In this case, there are still equal numbers of matching bits.

11000000 10101000 00000001 00001110 = (available source)
11000000 10101000 00000001 00001111 = (available source)
11000000 10101000 00000001 00010000 = (destination)

@Danj:  In most cases that I've used multiple IPs on a single adapter, they usually fall on the same network.  Windows does in fact allow this.  With that said, I agree I would assume there has to be a tiebreaker, which is the purpose of my post.  What *is* that tiebreaker, including official documentation for such.

Assisted Solution

DanJ earned 500 total points
ID: 39239781
the document states the selection is based on the routing table.
If this case check the output of the "route print" command and check the 4th field "Interface". that shall point you to the IP to use.

IPv4 Route Table
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric         On-link    266         On-link    266         On-link    266         On-link    266

Accepted Solution

mcdonamw79 earned 0 total points
ID: 39242790
@Danj... I think that may be the ticket.  At first I was concerned because with 2008+, the system automatically adds a *persistent* route, which I would assume overrides the network route and that persistent route does not specify the interface to use.

For example, my machine:

IPv4 Route Table
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
    266         On-link    266
      <snip for brevity>
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric

In that example, the only IP on my system is  If I add another IP, which introduces the same prefix length problem, my routing table remains the same and outbound packet sniffing shows my traffic continuing to come from .177.

I decided to break the prefix length issue by adding, which has more matching bits with my gateway.  

When I did this, all of a sudden my traffic started sourcing from the .127 address and my routing table changed to reflect the .127 address as my interface.

Author Closing Comment

ID: 39252608
My comment used actual testing to verify what would happen.  I am splitting the answer though as DanJ's post was helpful and lead me to that testing.

Expert Comment

ID: 40310054
So I have another situation where the above solution does not seemingly answer and I'm left again with my original question.  Microsoft drives me batty.

I have a server with 2 NICs, but with IPs on the same network.  It was done this way so that the "additional IPs" would not get registered into DNS.  Sure we could have put them all on one NIC and used the NETSH /SKIPASSOURCE command, but that feels very kludgy and can be easily undone by someone inadvertently viewing the IP via the GUI and clicking OK.  

At any rate, both NICs have the same gateway set.  This is necessary to insure outbound "answer" TCP packets associated with incoming packets from external networks on the "additional IP" NIC can find their way back to the source vs. the server accepting incoming packets on one NIC (additional IP) and sending outbound back out another (Primary).

In this scenario, I cannot understand why my system is choosing one IP over another.  The "primary" IP is /16 (Adapter #1) and the "additional IP" is /16 (Adapter #2), with the GW on both as (  

In this scenario, the two source IPs share the same prefix with the GW and also share the same prefix with my destination IP; /16.

For some reason my system is opting to use the "additional IP" as its source IP vs.  

Clearly there is some other logic here that is not explained in the original document and may perhaps stem solely around the fact that the two NICs both have the same gateway.  

I just want to understand the logic for which IP is chosen and why.

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The reason that corporations and businesses use Windows servers is because it supports custom modifications to adapt to the business and what it needs. Most individual users won’t need such powerful options. Here I’ll explain how you can enable Wind…
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question