Go Premium for a chance to win a PS4. Enter to Win


Windows 2008+ Server and Multiple IP addresses.  Choosing the source IP based on longest prefix matching algorithm.

Posted on 2013-06-11
Medium Priority
1 Endorsement
Last Modified: 2014-09-08
So I've recently discovered that with the TCP/IP stack changes that came with Vista/Server 2008 has changed how servers with multiple IPs operate.

I don't want to waste space articulating the changes, but this article should sum it up:  http://blogs.technet.com/b/networking/archive/2009/04/24/source-ip-address-selection-on-a-multi-homed-windows-computer.aspx

My question is regarding the selection of a source IP address using the longest prefix match method mentioned in that article from RFC 3484.

For example:

For example, consider the following addresses:

Client machine
IP Address /24 /24
Default Gateway

The server will use the address because it has the longest matching prefix.

To see this more clearly, consider the IP addresses in binary:

11000000 10101000 00000001 00001110 = (Bits matching the gateway = 25)
11000000 10101000 00000001 01000100 = (Bits matching the gateway = 26)
11000000 10101000 00000001 01111111 =

The address has more matching high order bits with the gateway address Therefore, it is used for off-link communication.

This makes sense to me, because you can clearly see that has more matching high order bits with the gateway.

What happens when the IPs addresses are and  

11000000 10101000 00000001 00001110 = (Bits matching the gateway = 25)
11000000 10101000 00000001 00001111 = (Bits matching the gateway = 25)
11000000 10101000 00000001 01111111 =

Which IP is chosen here?  They both have 25 matching bits.  The article doesn't really touch on this scenario.

Question by:mcdonamw79
  • 3
  • 2
  • 2
  • +1

Expert Comment

ID: 39239343
From my understanding of this, it may fall into the final rule which would be...

Rule 8 - Use longest matching Prefix is similar to rule 8a except the match
is with the destination IP address rather than the next hop IP address.

Expert Comment

ID: 39239354
So, you would see how many bits are matching the destination IP rather than the gateway.


Expert Comment

ID: 39239573
there is an address space overlap in your example.
all addresses /24 /24

are on the same subnet

if the OS allows you to configure overlapping IP addresses there must be a tiebreaker, like order of adapters (e.g. Lan0, Lan1).
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.


Author Comment

ID: 39239697
Thanks for the replies so far guys.

@babuse:  What if my destination is  In this case, there are still equal numbers of matching bits.

11000000 10101000 00000001 00001110 = (available source)
11000000 10101000 00000001 00001111 = (available source)
11000000 10101000 00000001 00010000 = (destination)

@Danj:  In most cases that I've used multiple IPs on a single adapter, they usually fall on the same network.  Windows does in fact allow this.  With that said, I agree I would assume there has to be a tiebreaker, which is the purpose of my post.  What *is* that tiebreaker, including official documentation for such.

Assisted Solution

DanJ earned 1500 total points
ID: 39239781
the document states the selection is based on the routing table.
If this case check the output of the "route print" command and check the 4th field "Interface". that shall point you to the IP to use.

IPv4 Route Table
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric         On-link    266         On-link    266         On-link    266         On-link    266

Accepted Solution

mcdonamw79 earned 0 total points
ID: 39242790
@Danj... I think that may be the ticket.  At first I was concerned because with 2008+, the system automatically adds a *persistent* route, which I would assume overrides the network route and that persistent route does not specify the interface to use.

For example, my machine:

IPv4 Route Table
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
    266         On-link    266
      <snip for brevity>
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric

In that example, the only IP on my system is  If I add another IP, which introduces the same prefix length problem, my routing table remains the same and outbound packet sniffing shows my traffic continuing to come from .177.

I decided to break the prefix length issue by adding, which has more matching bits with my gateway.  

When I did this, all of a sudden my traffic started sourcing from the .127 address and my routing table changed to reflect the .127 address as my interface.

Author Closing Comment

ID: 39252608
My comment used actual testing to verify what would happen.  I am splitting the answer though as DanJ's post was helpful and lead me to that testing.

Expert Comment

ID: 40310054
So I have another situation where the above solution does not seemingly answer and I'm left again with my original question.  Microsoft drives me batty.

I have a server with 2 NICs, but with IPs on the same network.  It was done this way so that the "additional IPs" would not get registered into DNS.  Sure we could have put them all on one NIC and used the NETSH /SKIPASSOURCE command, but that feels very kludgy and can be easily undone by someone inadvertently viewing the IP via the GUI and clicking OK.  

At any rate, both NICs have the same gateway set.  This is necessary to insure outbound "answer" TCP packets associated with incoming packets from external networks on the "additional IP" NIC can find their way back to the source vs. the server accepting incoming packets on one NIC (additional IP) and sending outbound back out another (Primary).

In this scenario, I cannot understand why my system is choosing one IP over another.  The "primary" IP is /16 (Adapter #1) and the "additional IP" is /16 (Adapter #2), with the GW on both as (  

In this scenario, the two source IPs share the same prefix with the GW and also share the same prefix with my destination IP; /16.

For some reason my system is opting to use the "additional IP" as its source IP vs.  

Clearly there is some other logic here that is not explained in the original document and may perhaps stem solely around the fact that the two NICs both have the same gateway.  

I just want to understand the logic for which IP is chosen and why.

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An article on effective troubleshooting
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

782 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question