Can software choose which network adapter it wants to talk to?

deleyd
deleyd used Ask the Experts™
on
Can an application can choose which network adapter it wants to communicate with, and how would that be done?

I found the following on the Microsoft website:

Network List Manager
"The Network List Manager API enables applications to retrieve a list of available network connections. Applications can filter networks, based on attributes and signatures, and choose the networks best suited to their task."

Assume I have several network connections listed under "Control Panel\All Control Panel Items\Network Connections". Each network connection goes to it's own private LAN.

I would like to write a program which communicates with only one of my network adapters, instead of broadcasting my request to "The Network" in general.

And I would like another program to simultaneously communicate with only one different network adapter, and not "The Network" in general.

So I would like both network adapters to be working at the same time. But I don't want these two network adapters to be connected together -- I don't want any "networking" between these two adapters. In fact I would not like either network adapter to be connected to "The Network", because I cannot guarantee there will never be an IP Address Conflict between these two private LANs. In fact there is quite likely to be the same IP address found on each LAN. So I don't want to connect either of these network adapters together in any way.

The only three solutions I've come up with are:

1. Communicate with each Network Adapter separately. One program communicates with Network Adapter A, another program communicates with Network Adapter B. Neither network adapter A nor network adapter B are connected to "The Network", so a web browser for example has no path to either private LAN. (So I don't have any IP Address Conflict problems.)

(I'm a bit unclear on what "The Network" is. It's whatever other programs, such as a web browser connect to. There must be some part of the operating system that comes between the Network Adapters and a program that wants to connect to "The Network". I'm unclear on what that is and how it works. I believe there's a Routing Table involved.)

2. Or, somehow introduce a software NAT router between Network Adapter A and "The Network", and a second NAT router between Network Adapter B and "The Network". (I haven't quite found any software routers with Network Address Translation (NAT).)

3. Or, introduce a physical NAT router between each private network and me. Each private network has it's own real physical NAT router to isolate it from me, so I don't have any IP Address Conflicts. (This is the easiest conceptually, and the hardest to actually implement, which is why I'm researching alternative solutions.)

This is why I was intrigued when I saw the phrase, "Applications can choose the network best suited to its task." Is that possible?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
nociSoftware Engineer
Distinguished Expert 2018

Commented:
You cannot exactly choose the interface. What you can do is bind()  to a source address when creating a client socket.
Then that source will be used ==> hence it needs to leave through a compatible interface..
David FavorFractional CTO
Distinguished Expert 2018

Commented:
To summarize, any process can connect through any physical interface.

Either by default... or by IP... or by interface name...

How you arrange your routing between multiple interfaces on the same machine is generally a function of your routing, not application code.

If you try managing routing inside your application code, then your code become non-portable, because it has to "know things" about your networking.

Maybe describe why your application must connect through some specific physical interface.
Yes, I agree that a key question is "what are you wanting to accomplish?"

Here is an example of things that I've done along these lines:

I have a workstation that's in a network maintenance role.  It's connected to 4 or 5 NICs:
- one for the usual LAN network, internet access, etc.
- one each for network devices such as switch mirror ports (these have no IP addresses nor Windows protocols).
Then I use Wireshark to monitor one or more NICs.  In this case, Wireshark does the "connecting".

I have a workstation that's in a local network with only one NIC:
- the NIC is assigned a number of IP addresses:
192.168.12.0/24 is the LAN subnet for network connections and internet connections.
192.168.1.0/24 is a LAN subnet that allows me to connect to new or factory-default devices that use this subnet.
10.10.10.0/24 is a LAN subnet that allows me to connect to *configured* devices that use this subnet.
etc.
With this arrangement, I can plug into a new device and access it immediately with either a browser or puTTy or....
Then I can change it's IP address for production and access it immediately with either a browser or puTTy or....
All while not perturbing the local network or internet accesses.
In this case, it's the IP addresses that steer the traffic.

A variant on the above would be to use multiple NICS, each with their own separate IP address - but there's no need for that.
If you did, the IP addresses would steer the traffic.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

deleydSoftware Engineer

Author

Commented:
Say i have network adapters 1.1.1.1 and 2.2.2.2

Each network adapter connects to a device with ip 9.9.9.9

Now say i want to talk with the device with IP 9.9.9.9 connected to network adapter 1.1.1.1

Is there a way i can do that?

I can't just specify the IP address 9.9.9.9, because it won't know if i'm talking about the device network adapter 1.1.1.1 is connected to, or the device connected to network adapter 2.2.2.2, since they both have identical devices with IP address 9.9.9.9

I somehow need to also specify which network adaptet i want to be used, as that detetmines which of the two identical devices i'm talking about.

(Each device probably has its own unique MAC number though, i hope.)
nociSoftware Engineer
Distinguished Expert 2018

Commented:
That only makes sense if the 9.9.9.9 is the same device on both links....
Any destination address NEEDS to be unique / device addressed.

(Any packet is sent through the routing chain, so only one of the 9.9.9.9 will be chosen).

You may be able to Not use any IP based protocol and use a Lowlevel 802.1 protocol in stead.
There are some available for remote serial links (LAT), there is a protocol very similar to Fibre Channel over Ethernet....
Those may be useful. in this case.
It concerns me a bit that deleyd wants to write a program and some of the responses are about systems aspects which might well be dealt with IF a program is to be written.  If one isn't a programmer then perhaps we miss the opportunities. From the original question, it appears that anything that's going to work is going to have to talk to individual NICs.  Maybe the question really is: "how to do that?".  
... but I don't know the answer.
deleydSoftware Engineer

Author

Commented:
Yes i am a programmer.
deleydSoftware Engineer

Author

Commented:
I see I wasn't clear in my description: I have two devices both with the same IP address 9.9.9.9

(Yes I know. I unfortunately don't have control over them both having the same IP address. They seem to think that since they both connect via different wires, that I can keep them apart. However both devices are expecting to communicate using TCP/IP. In fact they want to transfer files using FTP.)

I somehow need two separate networks on the same computer that don't "network" together.
nociSoftware Engineer
Distinguished Expert 2018

Commented:
In that case you need somthing in between the devices with the same address that will do NAT....


[EndPointA]9.9.9.9  <------>9.9.9.1 [ROUTER]1.1.1.2 <------> 1.1.1.1 { Your Box ] 2.2.2.2 <----> 2.2.2.1[Router]9.9.9.1 <----->9.9.9.9 [EndPointB]

Now your system can address 1.1.1.2 and 2.2.2.1 (which are both clearly distinguishable).
The is no other way for IP without very troublesome reliable configuration.
deleydSoftware Engineer

Author

Commented:
Is there a software NAT i could install?
nociSoftware Engineer
Distinguished Expert 2018

Commented:
Yes if it is on a DIFFERENT system outside of the computer with 1.1.1.1 & 2.2.2.2.
The computer you depart from should at least THINK it goes to different locations. Any solution on the central system.... tough luck....
You you create VLAN's the central system  cannot reach by itself then you can create VM's running a lightwaight linux system smallest distro would do) and use the iptables firewall on it for NAT.

Those VM's should then be able to access the VLAN's though.
nociSoftware Engineer
Distinguished Expert 2018

Commented:
Think like YOU are the postman, you get an Enveloppe with the address: (nothing else than):

Main street 9999.

Now which main street....  if there were 10 Mainstreets in your town district.... How to choose
If a network address is NOT unique then you will have trouble to reliably address any system.

Now on your system you can send to backstreet 1, backstreet 2, backstreet 3... And on the other end of those houses they do have mainstreets that happen to be in different districts (for each house).
Then you can send to backstreet 1...., and in that house someone will write oh, that should be going to mainstreet 9999 on it and push out the other door.
same happens in all other houses.... Due to their different mainstreets no problem.  (unless they have multiple houses all with mainstreet 9999 as address).

It is a "real bad idea "(tm) to have endpoint equipent all with the same address.
There is another way of addressing if one is going to write a program anyway:

We might send US Mail to:
John Smith
PO Box A
yourtown, yourstate
and we might get away with this UNLESS there is more than one Post Office in yourtown and both have PO Box A.
I think this is an appropriate analogy.

So, a proper address would be
John Smith
PO Box A
yourtown, yourstate ZIP
where the ZIP code differentiates albeit with the PO Box extension included perhaps.

In this case, the NIC differentiates.
So a perfectly good address would be:
NIC A
9.9.9.9
You just have to have some way of doing that - and that's where the program comes in.  
But, it surely seems feasible.
Then, of course, "NIC A" might be translated into anything that's useful for the purpose and for the programmer.
nociSoftware Engineer
Distinguished Expert 2018

Commented:
@Fred, please show the API call to do so.... , which ALSO bypasses the routing done in the TCPIP/Stack.
(I know WinPCAP can provide this services, in that case you need to run the your private TCP stack on that for each link you have as that only handles raw Ethernet/Tokenring/wire frames)
noci:  Sorry, I already said that *I* don't know how to do it.  I'm not sure that bypassing the TCP/IP entirely would necessarily be the case - but it's surely a good point.
deleydSoftware Engineer

Author

Commented:
I found an image here:
https://docs.microsoft.com/en-us/windows/desktop/fwp/windows-filtering-platform-architecture-overview
and in the lower right it says, "3rd Party NAT Callout". I'm wondering if that's the device driver I need to write, or find already written.
Software Engineer
Distinguished Expert 2018
Commented:
You will probably have to write it. (as a part of a virus ptorection feature), so you may also need the other grey blocks.
I doubt you can add more than one of such a set of drivers so if a Visrus protection tool has been installed it already might provide a driver that cannot be replaced.
You will also have to verify this works with ALL updates & versions of windows that are available. And be prepared to RUSH out a new version tested etc.when Microsoft releases a new version (every tuesday?).

Creative use of interfaces for other purposes might haunt you later. Try to fit the standard profile.
noci makes a very good point.  Since this is such an odd requirement, I rather was thinking in the context of an odd implementation for, perhaps, some special purpose.  While it may be possible, I too would not recommend it.
deleydSoftware Engineer

Author

Commented:
Thank you everyone!

I keep asking if we can modify the remote units to use DHCP like any reasonable device does, and I keep being told "No, we should assume that's not possible."

I will attempt a software solution. If the remote unit code never changes (since "that's not possible") then it only has to work with the unit as it is now.

If the code on the remote unit ever changes in the future, then hey throw in some DHCP support while you're at it. Or hire me again to do the impossible again.

My backup plan is to... umm... ask them once again if we can modify the code on the units so they support DHCP, I guess.
nociSoftware Engineer
Distinguished Expert 2018

Commented:
Or insert a Raspberry PI with it (to NAT a real life address, or even do the Serial connection for it.).
I keep asking if we can modify the remote units to use DHCP like any reasonable device does, and I keep being told "No, we should assume that's not possible."
You must have been asking your colleagues because that question doesn't seem to appear in this question thread.  Right?  

Maybe turn this around to make some sense of it.  If your computer were somewhere out on the internet and:
 it needed to talk to some of my computers on some of my LANs
AND each of "my computers" had the same exact IP address and network mask (but on different LANs)
AND each LAN were connected to the internet
THEN you'd expect each LAN to connect to the internet with NAT.
Each NATting device has it's own public IP address as presented to the internet and to your computer.

I think this summarizes, in a somewhat different way, the situation you have:
For this, you wouldn't need two NICs if you do the job in hardware.  Then, what you need are two different NAT devices each with their own IP address on your LAN.
Then, each NAT device can connect to their own separate network that have identical IP addresses.
Each NAT device is like a Post Office in the earlier analogy with its own IP address on your LAN.

Now, if you can figure out how to implement two NAT devices in software on your computer, then that would be another approach in place of these hardware devices.  Then, two NICs to be the "other side" of the NAT.  AND, likely a 3rd NIC for your normal LAN connection.

Probably others have suggested this and I apologize to them if I repeat what should be obvious....

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial