windows - multi-homed routing issue
I have a Windows 2008 R2 server with 2 NIC's - both have private IP's on different subnets. The server uses the "wrong" gateway for 1 public IP address.
NIC-1: 10.0.1.10/24, gateway 10.0.1.1
NIC-2: 10.0.100.10/24, gateway 10.0.100.1
Each NIC is NAT'd at its router to a different public IP in different public IP blocks
NIC-1: 66.66.66.114
NIC-2: 209.209.209.60 (only port 25/tcp)
Here's where it gets weird. From the server, if I tracert to every IP in the 209.209.209.56/29 block, the first hop is the NIC-1 gateway, as I would expect, *EXCEPT* one IP in the middle of the block.
There are no /32 routes, and this is all based on IP, not name. I've rebooted the server, cleared the ARp cache, and flushed DNS.
I don't know why this one public IP would "choose" a different gateway.
tracert 209.209.209.59
1. 10.0.1.1
2. 209.209.209.62
3. 209.209.209.59
tracert 209.209.209.60
1. 10.0.1.1
2. 209.209.209.62
3. 209.209.209.60
tracert 209.209.209.61
1. 10.0.100.1 <-- the first hop is the wrong gateway!
2. 209.209.209.62
3. 209.209.209.61
NIC-1: 10.0.1.10/24, gateway 10.0.1.1
NIC-2: 10.0.100.10/24, gateway 10.0.100.1
Each NIC is NAT'd at its router to a different public IP in different public IP blocks
NIC-1: 66.66.66.114
NIC-2: 209.209.209.60 (only port 25/tcp)
Here's where it gets weird. From the server, if I tracert to every IP in the 209.209.209.56/29 block, the first hop is the NIC-1 gateway, as I would expect, *EXCEPT* one IP in the middle of the block.
There are no /32 routes, and this is all based on IP, not name. I've rebooted the server, cleared the ARp cache, and flushed DNS.
I don't know why this one public IP would "choose" a different gateway.
tracert 209.209.209.59
1. 10.0.1.1
2. 209.209.209.62
3. 209.209.209.59
tracert 209.209.209.60
1. 10.0.1.1
2. 209.209.209.62
3. 209.209.209.60
tracert 209.209.209.61
1. 10.0.100.1 <-- the first hop is the wrong gateway!
2. 209.209.209.62
3. 209.209.209.61
rjanowsky
Windows uses only one gateway per server. Normally the second default gateway will be ignored. Best practice is to have a default gateway for one nic configured.
ASKER
Thanks, but in this case I need the 2nd gateway for the NAT to work on the 2nd NIC.
My question still remains - why would Windows "arbitrarily" choose a different gateway for a single public IP?
I manually set a higher metric on the 2nd gateway than the "primary", and that seems to satisfy Windows.
My question still remains - why would Windows "arbitrarily" choose a different gateway for a single public IP?
I manually set a higher metric on the 2nd gateway than the "primary", and that seems to satisfy Windows.
ASKER
However...with the higher metric, traffic coming in on the 2nd NIC is redirected out the 1st NIC - including ACK's.
So, my problem remains. Windows, for some unknown reason, is choosing a different gateway for an IP in the middle of a block (no matter how small it is divided)
So, my problem remains. Windows, for some unknown reason, is choosing a different gateway for an IP in the middle of a block (no matter how small it is divided)
Have a look into this book here at page 332 Default Gateways and Using multihomed servers. In the last part before "Using the route command". This describes clearly the behavior you are seeing at your system.
ASKER
sorry - I haven't had a moment to look into this. Will check that out and report back.
ASKER
Um..that is in German? And it's a dead link.
The book itself is in English and I can open the link. You might try this one http://books.google.com/bo
ASKER
Ok - i'm not looking for a book, I'm looking for an answer to my question.
Page 327 to 335 are "broken" - I don't see any text on those pages. Pages before and after appear fine, but nothing about the route command.
As I scroll the link, it talks about ping, tracert and how to add an IP to a NIC.
I am very well aware of those concepts. The issue eluding me is very specific: Windows uses a different NIC and gateway for a destination IP address in the middle of one specific public IP address block. 209.209.209.61 is not a boundary address (network ID or broadcast) in any standard IP subnet.
Again, here is what I see:
tracert 209.209.209.59
1. 10.0.1.1
2. 209.209.209.62
3. 209.209.209.59
tracert 209.209.209.60
1. 10.0.1.1
2. 209.209.209.62
3. 209.209.209.60
tracert 209.209.209.61
1. 10.0.100.1 <-- the first hop is the wrong gateway!
2. 209.209.209.62
3. 209.209.209.61
tracert 209.209.209.62
1. 10.0.1.1 <-- back to the "correct" gateway
2. 209.209.209.62
3. 209.209.209.61
Page 327 to 335 are "broken" - I don't see any text on those pages. Pages before and after appear fine, but nothing about the route command.
As I scroll the link, it talks about ping, tracert and how to add an IP to a NIC.
I am very well aware of those concepts. The issue eluding me is very specific: Windows uses a different NIC and gateway for a destination IP address in the middle of one specific public IP address block. 209.209.209.61 is not a boundary address (network ID or broadcast) in any standard IP subnet.
Again, here is what I see:
tracert 209.209.209.59
1. 10.0.1.1
2. 209.209.209.62
3. 209.209.209.59
tracert 209.209.209.60
1. 10.0.1.1
2. 209.209.209.62
3. 209.209.209.60
tracert 209.209.209.61
1. 10.0.100.1 <-- the first hop is the wrong gateway!
2. 209.209.209.62
3. 209.209.209.61
tracert 209.209.209.62
1. 10.0.1.1 <-- back to the "correct" gateway
2. 209.209.209.62
3. 209.209.209.61
I understood your problem from the start of your question. What I was trying to make clear is, Windows doesn't support multiple default gateways. That's simple a fact! I think that the observation of using a different gateway in the middle of a address range is by coincidence and not a specific fault in the routing logic of Windows.
ASKER
Thanks for clarification - so often people respond based on what they *assume* the problem is rather than reading and fully understanding the OP.
Perhaps a better question, then, is how I can have one IP address on a server accepting connections from one router/gateway, while the "main" IP address uses the "main" gateway IP.
In other words, maybe a different configuration will avoid the problem, rather than needing to solve the problem I currently have.
This secondary IP is specific to a "special case" mail NAT to a different point of egress on the LAN.
Thanks.
Perhaps a better question, then, is how I can have one IP address on a server accepting connections from one router/gateway, while the "main" IP address uses the "main" gateway IP.
In other words, maybe a different configuration will avoid the problem, rather than needing to solve the problem I currently have.
This secondary IP is specific to a "special case" mail NAT to a different point of egress on the LAN.
Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yeah, I was thinking the source of the incoming packets would dictate the response packets, and by binding the SMTP service to the one NIC, outgoing SMTP would use that gateway.
It's a mess either way, and probably needs a re-design.
Thanks for the input!
It's a mess either way, and probably needs a re-design.
Thanks for the input!
ASKER
Sometimes the answer is: it ain't gonna work.