Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Win2012 Std dual-homed with 2 routers for IP Persistence

Posted on 2014-02-07
12
Medium Priority
?
274 Views
Last Modified: 2014-02-26
Thank you for reading our posting.

We have a Win2012 Std server that has 2 network cards, going to two different routers on two different subnets (where ever the request comes in, we want it to go back out).
Server: SERVER
IP 1: 192.168.0.202   gw: 192.168.0.1
IP 2: 192.168.10.203    gw: 192.168.10.1
If someone gets port forwarded on IP1 to the server, their request should return back out that network gateway. But if someone requests port forwarding on IP2 those requests should return back out only that network gateway.
This way we can host from two separate internet IP's, back into either network card.
Currently IP1 works great. but everything on IP2 just hangs or intermittently works.


IDEAS: we weren't sure if this was proper:
- setup RRAS, set default static routes, but this didn't help
- perhaps this is called "IP Persistence" ?? we can't find anything on setting that on the network cards in windows 2012
- WE JUST WANT THE REQUESTS WHEN THEY COME IN ON ONE NETWORK CARD TO ALWAYS GO BACK OUT THE SAME NETWORK CARD (we tried by adding RRAS and static routes but that didn't help maybe we didn't set it up correctly)
0
Comment
Question by:plexusdev
  • 3
  • 3
  • 2
  • +3
11 Comments
 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 1500 total points
ID: 39843138
You can't have two default gateways; this is basic routing.  Set one network to have the default gateway, then set a static route for the other network to make sure that all traffic on that network goes out through the correct router.
0
 

Author Comment

by:plexusdev
ID: 39843161
This is possible. RRAS is one way to do it but we can't seem to get it functioning. Or to have persistence return on the network card per IP. Thats how bandwidth sharing works on multi-WAN routers
0
 
LVL 47

Expert Comment

by:Craig Beck
ID: 39843855
It won't work.

Let's say you have a default gateway configured on NIC1, but a static default route configured for the link via NIC2.

ALL traffic would follow either ONLY the default gateway or via the static default route - whichever had the lowest metric.  Usually this is the static route, but it doesn't always have to be.

Multi-WAN routers maintain a NAT translation table which tells the router which port the request came in on, and to which destination.  When the packet returns from the internal host with the reverse source and destination the router knows which interface to send the packet out of, thus maintaining the correct traffic-path.  With client devices this doesn't happen though as there is no translation table.  All you get with a client device is a lookup in its routing table.  It checks how to get to a particular host, then sends the traffic based on the result - it's that simple.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 20

Expert Comment

by:agonza07
ID: 39889141
I concur with craigbeck, you'll need a multi-wan router to handle what you are trying to do.
0
 

Author Comment

by:plexusdev
ID: 39889169
hmm, ok thank you so much for both reviewing, and eenookami for reelevating. I had seen this before a couple years ago so perhaps if I ever do find it I will come post it. Appologizes
0
 
LVL 26

Expert Comment

by:Fred Marshall
ID: 39889188
Just be careful that the multi-WAN router will actually behave as suggested.

For example:
The Cisco RV0xx series of Small Business Routers are Dual WAN.
The WANs can be set up to work in "Load Balancing" mode or "Failover" mode.
You would only use Load Balancing mode in your case.
The issue here is whether packets will be returned to the appropriate WAN port.
I can think of any number of reasons why this must be the case but can't prove it.
So I would exercise a little caution in selecting the device.
Perhaps someone can explain why it MUST work for fundamental and not device-specific reasons.

Of course, the suggestion involves dealing with the site internet gateway which may also be the site firewall which may be one of the more expensive and complex items.  So, depending on what you would need to do, this could be a fairly substantial change and the RV0xx may not suffice.
0
 
LVL 47

Expert Comment

by:Craig Beck
ID: 39889230
The issue here is whether packets will be returned to the appropriate WAN port.
I can think of any number of reasons why this must be the case but can't prove it.
When the packet leaves the WAN port toward the internet that is the source address.  When the internet host sends the traffic back toward the router it will always send the traffic back to the source address.

The issue is actually different to that.  When the client's packet enters the WAN router from the LAN, the WAN router decides which WAN port to send the packet out of (in load-balancing mode).  This could be either port and is usually completely random.  This does strange things to your traffic, but mainly it's bad for TCP-based traffic such as HTTPS (SSL).

As an example, let's say you have a WAN router with two links to the internet; WAN1 is 1.1.1.1 and WAN2 is 2.2.2.2

A client tries to get to a HTTPS site.  The first packet goes via 1.1.1.1 to the webserver.  The webserver logs the connection and login in a server-side cookie.  Now, the WAN router gets a bit of load on WAN1 and decides to start sending some traffic from the client via WAN2.  That means that the webserver doesn't know about a connection from 2.2.2.2 (the new source address) so it redirects the client back to the login page.

Connection broken!

You see the issue?

It's not a problem for UDP traffic though as that is connectionless (not tracked).
0
 
LVL 26

Expert Comment

by:Fred Marshall
ID: 39889257
craigbeck: I guess you agree then with the caution.

Yes.  Those are good examples.  Often https is tied to a single WAN to avoid this type of disruption.  Probably means the RV0xx is not the right multi-WAN device then for this application if I understand it.
0
 
LVL 47

Expert Comment

by:Craig Beck
ID: 39889342
Absolutely agree - and it's better to go with a router which can 'fix' which interface certain types of traffic uses.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 39889812
Just to add, if addressing specifically the RV0xx series, or at least the RV042 I don't believe you can access (use port forwarding) on the WAN2 connection.  Only WAN1 accepts incoming traffic as I recall.  I Am not as familiar with the newer firmware, perhaps it is possible with it.
0
 
LVL 26

Expert Comment

by:Fred Marshall
ID: 39890378
On the RV0xx, as far as I know, it depends which dual-WAN mode it's set in.  If it's set in Smart Link Backup (i.e. failover) mode then it will only be getting incoming traffic and sending outgoing traffic through one of the WAN ports.  Which one is sometimes hard to know or control even when one is designated the Primary.  (I've had them switch to the Secondary to never return to the Primary).

But, if it's in Load Balance mode then both WAN ports will work and port forwarding is all about the LAN ports really isn't it?  It shouldn't matter which WAN port the traffic comes in on in that case.  But, if you tell me it ain't so then I would likely believe you because these little devices are a bit strange.  Maybe it would be that way to alleviate the issue of WAN swapping .. which is the next subject:

Then, if it's in Load Balance, you can bind protocols each to one of the WANs.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…
Suggested Courses

782 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question