Best practices for building a private network between servers

I'm installing three new Windows 2003 servers. Each has two gigabit NICs.
The idea is that one NIC is for the LAN ("public" network) while the other
is for building a private network for inter-server communications (NLB,
SQL2005 mirroring, disk backups, domain controller updates, etc.). Server1
and Server2 function as software cluster (that's why they have NLB and an
SQL mirror). If server1 if offline, server2 can still be active for client
applications. Server3 is for internet access.
I have a gigabit switch for the private LAN.

This is the actual scenario:

* Public network: 192.168.0.1 to 192.168.0.255

* Private server network: 193.168.0.1 to 193.168.0.255

* Server1:
- first domain controller
- IIS + NLB
- SQL2005 with mirror to server2
- DNS
- DHCP
- NIC1: 192.168.0.1
- NIC2: 193.168.0.1

* Server2
- 2nd domain controller
- IIS + NLB
- SQL2005 with mirror to server1
- DNS
- DHCP
- NIC1: 192.168.0.2
- NIC2: 193.168.0.2

* Server3
- 3nd domain controller (???)
- ISA Server for internet access + firewall
- DNS (that passes requests to Internet provider's DNS)
- NIC1: 192.168.0.3
- NIC2: 193.168.0.3
- NIC3: 202.XXX.XXX.XXX (public internet ip)

My questions related to servers are:
1) How do I configure network connections to let all traffic between server1
... serverX pass through the high-speed private network ONLY (and not to use
the public network)?
2) which IPs should have as default gateway in servers?
3) which IPs should have as DNS?
4) should NIC2 be listed first in "Network Connections/Advanced settings"?

My questions related to clients are:
a) which IPs should have as default gateway?
b) which IPs should have as DNS?

Thanks for your time.
Gaspar.

Won't work.
The machines can only be "known" by a single Name associated to a single
IP#.

The second network will only work when machines are being references by IP#
only, which would eliminate much of what you desire and would elinimate
anything that is dependent on Active Directory.

The right way to do it would be to use only *one* nic (gigabit) in each
machine and connect them to a gigabit capable Switch, preferably the same
Switch. The Switch will isolate the traffic at Layer2 and create a "virtual
circuit" between each "pair" of Hosts during a communication session.

If the single cable between the Switch and the host isn't enough then you
would use Nic Teaming (which requires special nics capable of doing that).

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/t...dance/2004.asp
http://www.microsoft.com/isaserver/t...dance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/pro...isaserver.mspx
-----------------------------------------------------



"Gaspar" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> I'm installing three new Windows 2003 servers. Each has two gigabit NICs.
> The idea is that one NIC is for the LAN ("public" network) while the other
> is for building a private network for inter-server communications (NLB,
> SQL2005 mirroring, disk backups, domain controller updates, etc.). Server1
> and Server2 function as software cluster (that's why they have NLB and an
> SQL mirror). If server1 if offline, server2 can still be active for client
> applications. Server3 is for internet access.