Windows 2008+ Server and Multiple IP addresses.  Choosing the source IP based on longest prefix matching algorithm.

Posted on 2013-06-11
1 Endorsement
Last Modified: 2014-09-08
So I've recently discovered that with the TCP/IP stack changes that came with Vista/Server 2008 has changed how servers with multiple IPs operate.

I don't want to waste space articulating the changes, but this article should sum it up:

My question is regarding the selection of a source IP address using the longest prefix match method mentioned in that article from RFC 3484.

For example:

For example, consider the following addresses:

Client machine
IP Address /24 /24
Default Gateway

The server will use the address because it has the longest matching prefix.

To see this more clearly, consider the IP addresses in binary:

11000000 10101000 00000001 00001110 = (Bits matching the gateway = 25)
11000000 10101000 00000001 01000100 = (Bits matching the gateway = 26)
11000000 10101000 00000001 01111111 =

The address has more matching high order bits with the gateway address Therefore, it is used for off-link communication.

This makes sense to me, because you can clearly see that has more matching high order bits with the gateway.

What happens when the IPs addresses are and  

11000000 10101000 00000001 00001110 = (Bits matching the gateway = 25)
11000000 10101000 00000001 00001111 = (Bits matching the gateway = 25)
11000000 10101000 00000001 01111111 =

Which IP is chosen here?  They both have 25 matching bits.  The article doesn't really touch on this scenario.

Question by:mcdonamw79
  • 3
  • 2
  • 2
  • +1

Expert Comment

ID: 39239343
From my understanding of this, it may fall into the final rule which would be...

Rule 8 - Use longest matching Prefix is similar to rule 8a except the match
is with the destination IP address rather than the next hop IP address.

Expert Comment

ID: 39239354
So, you would see how many bits are matching the destination IP rather than the gateway.

Expert Comment

ID: 39239573
there is an address space overlap in your example.
all addresses /24 /24

are on the same subnet

if the OS allows you to configure overlapping IP addresses there must be a tiebreaker, like order of adapters (e.g. Lan0, Lan1).
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.


Author Comment

ID: 39239697
Thanks for the replies so far guys.

@babuse:  What if my destination is  In this case, there are still equal numbers of matching bits.

11000000 10101000 00000001 00001110 = (available source)
11000000 10101000 00000001 00001111 = (available source)
11000000 10101000 00000001 00010000 = (destination)

@Danj:  In most cases that I've used multiple IPs on a single adapter, they usually fall on the same network.  Windows does in fact allow this.  With that said, I agree I would assume there has to be a tiebreaker, which is the purpose of my post.  What *is* that tiebreaker, including official documentation for such.

Assisted Solution

DanJ earned 500 total points
ID: 39239781
the document states the selection is based on the routing table.
If this case check the output of the "route print" command and check the 4th field "Interface". that shall point you to the IP to use.

IPv4 Route Table
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric         On-link    266         On-link    266         On-link    266         On-link    266

Accepted Solution

mcdonamw79 earned 0 total points
ID: 39242790
@Danj... I think that may be the ticket.  At first I was concerned because with 2008+, the system automatically adds a *persistent* route, which I would assume overrides the network route and that persistent route does not specify the interface to use.

For example, my machine:

IPv4 Route Table
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
    266         On-link    266
      <snip for brevity>
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric

In that example, the only IP on my system is  If I add another IP, which introduces the same prefix length problem, my routing table remains the same and outbound packet sniffing shows my traffic continuing to come from .177.

I decided to break the prefix length issue by adding, which has more matching bits with my gateway.  

When I did this, all of a sudden my traffic started sourcing from the .127 address and my routing table changed to reflect the .127 address as my interface.

Author Closing Comment

ID: 39252608
My comment used actual testing to verify what would happen.  I am splitting the answer though as DanJ's post was helpful and lead me to that testing.

Expert Comment

ID: 40310054
So I have another situation where the above solution does not seemingly answer and I'm left again with my original question.  Microsoft drives me batty.

I have a server with 2 NICs, but with IPs on the same network.  It was done this way so that the "additional IPs" would not get registered into DNS.  Sure we could have put them all on one NIC and used the NETSH /SKIPASSOURCE command, but that feels very kludgy and can be easily undone by someone inadvertently viewing the IP via the GUI and clicking OK.  

At any rate, both NICs have the same gateway set.  This is necessary to insure outbound "answer" TCP packets associated with incoming packets from external networks on the "additional IP" NIC can find their way back to the source vs. the server accepting incoming packets on one NIC (additional IP) and sending outbound back out another (Primary).

In this scenario, I cannot understand why my system is choosing one IP over another.  The "primary" IP is /16 (Adapter #1) and the "additional IP" is /16 (Adapter #2), with the GW on both as (  

In this scenario, the two source IPs share the same prefix with the GW and also share the same prefix with my destination IP; /16.

For some reason my system is opting to use the "additional IP" as its source IP vs.  

Clearly there is some other logic here that is not explained in the original document and may perhaps stem solely around the fact that the two NICs both have the same gateway.  

I just want to understand the logic for which IP is chosen and why.

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question