Solved

Win2012 Std dual-homed with 2 routers for IP Persistence

Posted on 2014-02-07
12
265 Views
Last Modified: 2014-02-26
Thank you for reading our posting.

We have a Win2012 Std server that has 2 network cards, going to two different routers on two different subnets (where ever the request comes in, we want it to go back out).
Server: SERVER
IP 1: 192.168.0.202   gw: 192.168.0.1
IP 2: 192.168.10.203    gw: 192.168.10.1
If someone gets port forwarded on IP1 to the server, their request should return back out that network gateway. But if someone requests port forwarding on IP2 those requests should return back out only that network gateway.
This way we can host from two separate internet IP's, back into either network card.
Currently IP1 works great. but everything on IP2 just hangs or intermittently works.


IDEAS: we weren't sure if this was proper:
- setup RRAS, set default static routes, but this didn't help
- perhaps this is called "IP Persistence" ?? we can't find anything on setting that on the network cards in windows 2012
- WE JUST WANT THE REQUESTS WHEN THEY COME IN ON ONE NETWORK CARD TO ALWAYS GO BACK OUT THE SAME NETWORK CARD (we tried by adding RRAS and static routes but that didn't help maybe we didn't set it up correctly)
0
Comment
Question by:plexusdev
  • 3
  • 3
  • 2
  • +3
12 Comments
 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 500 total points
ID: 39843138
You can't have two default gateways; this is basic routing.  Set one network to have the default gateway, then set a static route for the other network to make sure that all traffic on that network goes out through the correct router.
0
 

Author Comment

by:plexusdev
ID: 39843161
This is possible. RRAS is one way to do it but we can't seem to get it functioning. Or to have persistence return on the network card per IP. Thats how bandwidth sharing works on multi-WAN routers
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 39843855
It won't work.

Let's say you have a default gateway configured on NIC1, but a static default route configured for the link via NIC2.

ALL traffic would follow either ONLY the default gateway or via the static default route - whichever had the lowest metric.  Usually this is the static route, but it doesn't always have to be.

Multi-WAN routers maintain a NAT translation table which tells the router which port the request came in on, and to which destination.  When the packet returns from the internal host with the reverse source and destination the router knows which interface to send the packet out of, thus maintaining the correct traffic-path.  With client devices this doesn't happen though as there is no translation table.  All you get with a client device is a lookup in its routing table.  It checks how to get to a particular host, then sends the traffic based on the result - it's that simple.
0
 
LVL 20

Expert Comment

by:agonza07
ID: 39889141
I concur with craigbeck, you'll need a multi-wan router to handle what you are trying to do.
0
 

Author Comment

by:plexusdev
ID: 39889169
hmm, ok thank you so much for both reviewing, and eenookami for reelevating. I had seen this before a couple years ago so perhaps if I ever do find it I will come post it. Appologizes
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 25

Expert Comment

by:Fred Marshall
ID: 39889188
Just be careful that the multi-WAN router will actually behave as suggested.

For example:
The Cisco RV0xx series of Small Business Routers are Dual WAN.
The WANs can be set up to work in "Load Balancing" mode or "Failover" mode.
You would only use Load Balancing mode in your case.
The issue here is whether packets will be returned to the appropriate WAN port.
I can think of any number of reasons why this must be the case but can't prove it.
So I would exercise a little caution in selecting the device.
Perhaps someone can explain why it MUST work for fundamental and not device-specific reasons.

Of course, the suggestion involves dealing with the site internet gateway which may also be the site firewall which may be one of the more expensive and complex items.  So, depending on what you would need to do, this could be a fairly substantial change and the RV0xx may not suffice.
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 39889230
The issue here is whether packets will be returned to the appropriate WAN port.
I can think of any number of reasons why this must be the case but can't prove it.
When the packet leaves the WAN port toward the internet that is the source address.  When the internet host sends the traffic back toward the router it will always send the traffic back to the source address.

The issue is actually different to that.  When the client's packet enters the WAN router from the LAN, the WAN router decides which WAN port to send the packet out of (in load-balancing mode).  This could be either port and is usually completely random.  This does strange things to your traffic, but mainly it's bad for TCP-based traffic such as HTTPS (SSL).

As an example, let's say you have a WAN router with two links to the internet; WAN1 is 1.1.1.1 and WAN2 is 2.2.2.2

A client tries to get to a HTTPS site.  The first packet goes via 1.1.1.1 to the webserver.  The webserver logs the connection and login in a server-side cookie.  Now, the WAN router gets a bit of load on WAN1 and decides to start sending some traffic from the client via WAN2.  That means that the webserver doesn't know about a connection from 2.2.2.2 (the new source address) so it redirects the client back to the login page.

Connection broken!

You see the issue?

It's not a problem for UDP traffic though as that is connectionless (not tracked).
0
 
LVL 25

Expert Comment

by:Fred Marshall
ID: 39889257
craigbeck: I guess you agree then with the caution.

Yes.  Those are good examples.  Often https is tied to a single WAN to avoid this type of disruption.  Probably means the RV0xx is not the right multi-WAN device then for this application if I understand it.
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 39889342
Absolutely agree - and it's better to go with a router which can 'fix' which interface certain types of traffic uses.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 39889812
Just to add, if addressing specifically the RV0xx series, or at least the RV042 I don't believe you can access (use port forwarding) on the WAN2 connection.  Only WAN1 accepts incoming traffic as I recall.  I Am not as familiar with the newer firmware, perhaps it is possible with it.
0
 
LVL 25

Expert Comment

by:Fred Marshall
ID: 39890378
On the RV0xx, as far as I know, it depends which dual-WAN mode it's set in.  If it's set in Smart Link Backup (i.e. failover) mode then it will only be getting incoming traffic and sending outgoing traffic through one of the WAN ports.  Which one is sometimes hard to know or control even when one is designated the Primary.  (I've had them switch to the Secondary to never return to the Primary).

But, if it's in Load Balance mode then both WAN ports will work and port forwarding is all about the LAN ports really isn't it?  It shouldn't matter which WAN port the traffic comes in on in that case.  But, if you tell me it ain't so then I would likely believe you because these little devices are a bit strange.  Maybe it would be that way to alleviate the issue of WAN swapping .. which is the next subject:

Then, if it's in Load Balance, you can bind protocols each to one of the WANs.
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
The reason that corporations and businesses use Windows servers is because it supports custom modifications to adapt to the business and what it needs. Most individual users won’t need such powerful options. Here I’ll explain how you can enable Wind…
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now