Solved

difference between Bridging interfaces and adding static route

Posted on 2014-07-27
16
299 Views
Last Modified: 2014-07-27
I have seen in an environment that uses Exchange 2013 email servers. Each of the email servers has 2 NICs, and each in different subnets (Mapi Network and Replication Network), the IP configuration of NIC for the Mapi is normal configuration (static IP address, Subnet mask,DG,DNS). However the IP configuration of the NIC for Network replication has only Static IP address (different subnet from Mapi Network) , and subnet mask, the DG is blank the DNS is blank, they also disable "Register this connection's address in DNS".

In addition to what have been described above, they add static route for the Network Replication subnet.
for instance I have  ExchangeServer1, NIC1=192.168.50.50, NIC2=10.10.10.50
On the Layer3 device there is IP 192.168.50.1 which is the DG for the 192.168.50.0 Network and IP 10.10.10.1 for the Network 10.10.10.0 Network


 and ExchangeServer2, NIC1=192.168.50.60, NIC2=10.10.10.60
On the Layer3 device there is IP 192.168.50.1 which is the DG for the 192.168.50.0 Network and IP 10.10.10.1 for the Network 10.10.10.0 Network

the way they add static route is through CMD:
in ExchangeServer1:
Route -p add 10.10.10.60 mask 255.255.255.255 10.10.10.1

in ExchangeServer2:
Route -p add 10.10.10.50 mask 255.255.255.255 10.10.10.1

*** First I would like an Expert in Exchange 2010/2013 to tell me if the settings I stated above make sense or I am wrong.
*** I also need to know the difference between Bridging 2 Network Adapters and creating the Static Route as I described it above.

Thank you
0
Comment
Question by:jskfan
  • 7
  • 7
  • 2
16 Comments
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 40222908
Well, there are a few things missing from your description, so I'll make some assumptions.

If the 10.10.10.x network is a /24 or larger and if both machines are on the same layer 2 link then you shouldn't need *any* static routes. Telling them to use the 10.10.10.1 device, which will have to loop the traffic back onto the LAN just adds an extra hop. These settings simply don't make sense.

As far as the difference between static routes and bridging. Static routes are used when automatic routes aren't sufficient for windows to determine where to send a packet. It is a simple matching rule type scenario.

Bridging is an entirely different concept and is intended to be used when a windows machine needs to "bridge" data across two networks. In most cases, there are more efficient ways of doing this than a full blown windows PC, so that is rare. Even with machines that have multiple NICs, such as your setup, usually each NIC is dedicated to specific traffic types such as cluster traffic, replication traffic, or SAN (iSCSI) traffic. Since each NIC handles its own data, there isn't a need to bridge traffic from the iSCSI NIC, for example, onto the NIC that handles client requests. Thus bridging in Windows is somewhat rare.

-Cliff
0
 
LVL 13

Assisted Solution

by:Greg Hejl
Greg Hejl earned 84 total points
ID: 40222916
in this scenario both servers communicate to the outside world via 192.168 network,  NIC2 does not have the default gateway configured as the server would get confused on which interface would be it's default gateway.

there is no need for the persistent routes as these other ip's would exist in the 10.10.10 LAN broadcast domain.

The setup and use of 10.10.10 network is normal for backend server communications.
0
 

Author Comment

by:jskfan
ID: 40223002
I  have just done some reading here:
http://technet.microsoft.com/en-us/library/dd638104(v=exchg.150).aspx#NR

on the Link above try to find these lines:
Use static routes to configure connectivity across Replication networks  
Network Adapter Configuration for DAGs

it talks about the same thing I was talking about
0
 
LVL 56

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 416 total points
ID: 40223010
"Use static routes to configure connectivity across Replication networks"

Note the plural "NETWORKS."  If your two servers were on separate networks then you'd need to add static routes. This would be required because you need to get replication traffic from point A to point B over a router, but you don't want that traffic traversing the client network where the default gateway is assigned. Thus a static route would be required so the server knew where to send the traffic for forwarding.

However the topology you describe (without clarifying if your 10.10.10.0 network is /24 or larger) does NOT involve multiple replication networks. (again, note the plural.) You have *ONE* replication network, therefore no traffic needs to be sent over a router, and therefore no static route needs to be declared.

That article does not contradict the advice given here. It actually supports it.
0
 

Author Comment

by:jskfan
ID: 40223062
Let 's make I simple.
we have 2 Exchange 2013 servers each with 2 NICs, one NIC for MAPI Network and one NIC for Network Replication.

Based on what Microsoft is saying here:

<<<<•Replication networks typically don't have default gateways, and if the MAPI network has a default gateway, no other networks should have default gateways. Routing of network traffic on a Replication network can be configured by using persistent, static routes to the corresponding network on other DAG members using gateway addresses that have the ability to route between the Replication networks. All other traffic not matching this route will be handled by the default gateway that's configured on the adapter for the MAPI network.>>>

how are you going to get the Replication Network to do what is supposed to do ?
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 40223065
Are the two replication NICs on the same layer 2 network (same switch or stacked switches, etc?)
0
 
LVL 13

Expert Comment

by:Greg Hejl
ID: 40223214
If all your replication happens in the same LAN you have no need for routing.  

The article you reference indicates replication targets in different networks - you would need static routing to communicate between different networks.  

routing, in this case, is if you have multiple replication networks and you need to point replication traffic to a different LAN.

Having route commands pointing to devices in the same LAN doesn't do anything as communication between devices on the same lan use the MAC layer and ARP protocols to establish communication.  the purpose of a GW is to point traffic that has to move outside the LAN at the GateWay device that will route traffic that doesn't belong in the LAN.
0
 

Author Comment

by:jskfan
ID: 40223231
**What is the reason the second adapter is not configured with DG ? and they had to use static route ?

** let's say it is not Exchange server, if you have a server with 2 NICs each configured for  different subnet.
 I mean the server needs to talk to 2 networks 192.168.50.0/24 and 10.10.10/24 networks.
Will you  configure on each NIC , the IP address, subnet mask, DG, DNS  ?

*** I have seen ,in the past, where the second NIC is configured with only IP address and Subnet mask, but it was for Windows 2003 cluster , that was for heartbeat, not for Exchange Replication Network
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 56

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 416 total points
ID: 40223245
You should almost *never* put a default gateway on two different NICs. The default gateway tells windows how to create several "default" routes, and putting one on multiple NICs creates conflicts. The system would not know which gateway to route non-local traffic. This is basic networking. It isn't specific to windows or exchange.

The short of it is, your configuration is very likely wrong. If your exchange servers are on the same local network (which you *STILL* haven't confirmed despite several probes) then you don't need a gateway (default or otherwise) and therefore don't need static routes.

If your exchange servers are on *different* networks, such as two sites connected via WAN link separated by routers, then your IP addresses are wrong on one server as to properly route you need to have the second server NICs on different subnets than the first.

So regardless how you slice it, your implementation is wrong. ...unless you subnetted at /30 so that .50 and .60 for each network were on different subnets and these servers really are on different LANs. Then...technically....your implementation would be correct. But based on how you've been discussing the issue, I find this hypothetical topology highly unlikely. I only mention it because...well....I felt I should explain why I've said "likely" in all of my responses.
0
 

Author Comment

by:jskfan
ID: 40223324
I might agree with you Guys, that  link was talking about different networks, and that's the reason they use static routes.

Well in case I have just 2 Exchange servers, and still want to separate Replication Network from MAPI Network,  
Based on what element, should I pick which NIC that will have full IP configuration(IP address, subnet mask, DG, DNS), and which NIC will have just IP address and Subnet mask...
Also, do I need to select the one with full IP configuration as the top list in Control panel/Network connections/advanced/advanced settings ? or this step is not important ?

Thanks
0
 
LVL 56

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 416 total points
ID: 40223326
That depends entirely on the topology at your network edges and how you want traffic to flow. Presumably though, based on where you were placing static routes, you'd want to leave the DG on the 192.168.x.x. And i'd out that at the top of the adapter binding lost as well to have the most predictable behavior.
0
 

Author Comment

by:jskfan
ID: 40223341
I thought you said no static routes
0
 
LVL 56

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 416 total points
ID: 40223346
I did! You asked which NICs should get a default gateway and which ones shouldn't. So my answer was to put the default gateway on the NIC that you didn't want for replication. I only mentioned static routes as a reference to your old (and broken) configuration so you knew why I recommended what I did. I wasn't recommending to actually put in static routes.
0
 

Author Comment

by:jskfan
ID: 40223354
<<<So my answer was to put the default gateway on the NIC that you didn't want for replication>>>
you mean the one that is used for MAPI Network will have full IP configuration, the one used for Network Replication will have only IP address and Default gateway..

I do not want to make this thread longer.....
But if Replication network NIC will be configured with Full IP configuration and the MAPI Network NIC will be configured only with IP address and subnet mask...would that work ? if not, then why ?

Thanks for your efforts !!
0
 
LVL 56

Accepted Solution

by:
Cliff Galiher earned 416 total points
ID: 40223362
Now we are back to "it depends on your network topology." It may work. It may not. It is usually a bad idea to put replication data on the same network as other network, so even if it works, it wouldn't be a good idea. But that is where good network planning and basic TCP/IP knowledge is essential. You should study networking such as the Network+ certification exam if you are going to be doing this stuff. It sounds like you have some knowledge gaps.
0
 

Author Closing Comment

by:jskfan
ID: 40223365
Still Learning (:)

Thank you for your help and patience !!
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now