Multihomed Routing RRAS

I am stumped: Here is my question, I have a small network consisting of 60
hosts, all on a class C private network 192.168.1.xxx etc. I have an active
directory domain, and GPO's in place etc. All of my servers are Winodws
Server 2003. I have added 2 new servers that send tons of data accross the
LAN to another server that cause my LAN to come to a halt. So here is the
question:
I need to set up a 192.168.2.xxx network.
I want to use RRAS with multihomed NIC's to send all of this data to the
192.168.2.xxx /24 network. I set up a new switch, connected it to the
192.168.2.xxx NIC, and the other NIC is connected to the 192.168.1.xxx
/24network.
I set up a test workstation XP and gave it a static of 192.168.2.5 and
hooked it up to the switch connected to the 192.168.2.xxx NIC.
The multihomed server configuration is
NIC 1: 192.168.2.1 /24 no gateway???? I guess
NIC 2: 192.168.1.50/24 Gateway 192.168.1.1 (to the internet)
The workstation cannot ping anything on the 192.168.1.xxx side however it
CAN see the 192.168.1.50 NIC.
I added a Route Add command on the test client workstation
route add 192.168.2.1 mask 255.255.255.0 192.168.2.1
still no routing happening.....
How do I set up RRAS to route this traffic. Any help on configuring this
step by step would really help so much, its driving me crazy for days now.
All I want to do is isolate these two new server onto this 192.168.2.xxx
network and have them available for all to see on the LAN and utilize the
routing capability of the multihomed server for this to happen...

thanks, Dan

Segmenting at Layer3 is not what you need to do. Layer3 Routing breaks up
broadcast domains to reduce the effect of broadcasts,...this problem isn't
caused by broadcasts, this is directed traffic. You could segment this at
Layer3 and still have the same problem when you are done.

What you need is Layer2 segmenting,...in other words replace the Hub with a
Switch. Switches create virtual circuits between the two Switch ports used by
the two communicating hosts. With a switch,.. traffic between two hosts on the
switch is never seen by any other hosts even if they are plugged into the same
switch. the reason people don't think of this is because after Hubs faded from
the scene and were replced by switches, people never changed their thinking and
still think in terms of how it was with Hubs.

After getting the Switches in place, make sure that either:

1. The involved Servers are all on the same switch together.

Or...

2. If they are on different switches then dedicate switches to the server for
that purpose and don't wire them up to where the rest of the LAN's traffic
shares a wire with the server traffic. But in the process of doing that don't
create switching loops unless your switches are running STP to handle the loops.


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft, or
anyone else associated with me, including my cats.
-----------------------------------------------------


"Dan" <(E-Mail Removed)> wrote in message
newsCABB771-7E0A-4D0F-97CB-(E-Mail Removed)...
>I am stumped: Here is my question, I have a small network consisting of 60
> hosts, all on a class C private network 192.168.1.xxx etc. I have an active
> directory domain, and GPO's in place etc. All of my servers are Winodws
> Server 2003. I have added 2 new servers that send tons of data accross the
> LAN to another server that cause my LAN to come to a halt. So here is the
> question:
> I need to set up a 192.168.2.xxx network.
> I want to use RRAS with multihomed NIC's to send all of this data to the
> 192.168.2.xxx /24 network. I set up a new switch, connected it to the
> 192.168.2.xxx NIC, and the other NIC is connected to the 192.168.1.xxx
> /24network.
> I set up a test workstation XP and gave it a static of 192.168.2.5 and
> hooked it up to the switch connected to the 192.168.2.xxx NIC.
> The multihomed server configuration is
> NIC 1: 192.168.2.1 /24 no gateway???? I guess
> NIC 2: 192.168.1.50/24 Gateway 192.168.1.1 (to the internet)
> The workstation cannot ping anything on the 192.168.1.xxx side however it
> CAN see the 192.168.1.50 NIC.
> I added a Route Add command on the test client workstation
> route add 192.168.2.1 mask 255.255.255.0 192.168.2.1
> still no routing happening.....
> How do I set up RRAS to route this traffic. Any help on configuring this
> step by step would really help so much, its driving me crazy for days now.
> All I want to do is isolate these two new server onto this 192.168.2.xxx
> network and have them available for all to see on the LAN and utilize the
> routing capability of the multihomed server for this to happen...
>
> thanks, Dan

"Phillip Windell" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> 2. If they are on different switches then dedicate switches to the server for
> that purpose and don't wire them up to where the rest of the LAN's traffic
> shares a wire with the server traffic. But in the process of doing that don't
> create switching loops unless your switches are running STP to handle the
> loops.

Additional comments on STP. Just don't do it. No switching loops. Why?
Because STP will shut down one of the redunant paths,...however it makes the
decision, not you,..therefore if it shuts down the isolated link in favor of the
other path the rest of the LAN uses you are now back in the same problem again.
So make sure the comunicating servers have a "clean" Layer2 path between
themselves.

You may also want good quality switches,...don't buy "home user" stuff. good
Switches have very fast processors and very fast Backplanes,..."home user"
switches do not. Switches do have processors and do process tha packets, so the
processor speed is important. You don't usually see it listed in the
specs,...but just buy good quality switches and you won't have to worry about
it.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft, or
anyone else associated with me, including my cats.
-----------------------------------------------------

your answer makes perfect sense, perhaps I didnt explain everything in detail
the 2 servers that are causing my network to come to a crawl are video
servers that record data and store it on a Windows Server with mega TB space.
So they are always sending data at this box. So without spending a ton of
money, I wanted to see if creating a separate netowork from the 192.168.1.xxx
LAN, calling it 192.168.2.xxx would isolate the problem from all the
complaining end users. If I stop these video servers the network jumps back
to its usual Gbps speed. All the servers are on Gbps switches, as well as
the video servers that are writing the data to this box. End users are all
10/100. Uggghhhhh. What can I do to solve this without restucturing, and a
ton of $$$$$. Would RRAS help this?

"Phillip Windell" wrote:

> "Phillip Windell" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
> > 2. If they are on different switches then dedicate switches to the server for
> > that purpose and don't wire them up to where the rest of the LAN's traffic
> > shares a wire with the server traffic. But in the process of doing that don't
> > create switching loops unless your switches are running STP to handle the
> > loops.
>
> Additional comments on STP. Just don't do it. No switching loops. Why?
> Because STP will shut down one of the redunant paths,...however it makes the
> decision, not you,..therefore if it shuts down the isolated link in favor of the
> other path the rest of the LAN uses you are now back in the same problem again.
> So make sure the comunicating servers have a "clean" Layer2 path between
> themselves.
>
> You may also want good quality switches,...don't buy "home user" stuff. good
> Switches have very fast processors and very fast Backplanes,..."home user"
> switches do not. Switches do have processors and do process tha packets, so the
> processor speed is important. You don't usually see it listed in the
> specs,...but just buy good quality switches and you won't have to worry about
> it.
>
> --
> Phillip Windell
> www.wandtv.com
>
> The views expressed, are my own and not those of my employer, or Microsoft, or
> anyone else associated with me, including my cats.
> -----------------------------------------------------
>
>
>

Looks like I deleted the original post. Can you re-explain what you had planed
to do originally?
I'll continue below with what I already know.....

"Dan" <(E-Mail Removed)> wrote in message
news277DF73-D0A3-4DBA-AA31-(E-Mail Removed)...
> your answer makes perfect sense, perhaps I didnt explain everything in detail
> the 2 servers that are causing my network to come to a crawl are video

Sounds like a TV station. That is what we are,..an NBC Affiliate.

> servers that record data and store it on a Windows Server with mega TB space.
> So they are always sending data at this box. So without spending a ton of
> money, I wanted to see if creating a separate netowork from the 192.168.1.xxx
> LAN, calling it 192.168.2.xxx would isolate the problem from all the
> complaining end users.

You can but it depends on exactly how you do that. You'd be better off trying
to first solve it at Layer2 first,...then if all else fails,..create a Layer3
solution.

> If I stop these video servers the network jumps back
> to its usual Gbps speed. All the servers are on Gbps switches, as well as
> the video servers that are writing the data to this box. End users are all
> 10/100. Uggghhhhh. What can I do to solve this without restucturing, and a
> ton of $$$$$. Would RRAS help this?

Creating separate Layer3 segments can isolate the traffic but I don't think that
is what is needed, and even then it depends on how it was done. Which server
actually runs RRAS and has the two nics will make a big difference.

You have to carefully anylize your physical cabling structure to make sure that
the physical path taken by the traffic does not "share" any physical cables the
LAN needs for the rest of its traffic.

Notice the two examples below. The links between switches is effectively the
"backbone" of the LAN and that is where the trouble will happen. In the "bad"
example the link between the switch-1 and switch-2 takes all the load of both
the users and the video traffic. Then in the "good" examples they have separate
virtual curcuits. They do share the switch-1 but the traffic is kept separated
by the functionality of the switch and the only "shared" portion is the
backplane of the switch and a good switch can handle that just fine.

-Bad-
LAN Server
|
<switch 1>---Vid Server B
|
<switch 2>---Vid Server A
|
<users>

-Good-
LAN Server
|
Vid Server A---<switch 1>---Vid Server B
|
<switch 2>
|
<users>

-Also Good-
LAN Server
|
Vid Server A---<switch 1>---Vid Server B
|
<users>


There are ways to do two different physical LANs with a Router connecting the
two but that introduces possibly complex "Naming" issues with multi homing. If
more than one of these involved video serverhave two nics and sit on both LANs
at the same then there is going to be big problems getting the machine to be
identified by the proper IP# for each particular process which will in turn
effect the physical path taken by traffic generated by that process.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft, or
anyone else associated with me, including my cats.
-----------------------------------------------------

My original post attached ofter this reply: Actually these are DV Servers
that store surveillance video 24/7. There is a total of 32 PTZ cams, that
are always recording. So the rest of my Domain suffers greatly due to our
fine security dept. I actually built the video system as well as the domain
and all things tech related. The recording on these servers is stored as
..avi data and wham, accross the pipes it goes at approx 400-500 GB per 24
hour period uggghhh to a Windows Server 2003 R2 with multiple RAID 5 TB
arrays. (Not Windows Storage Server) on a simple 192.168.1.xxx IP network
(60 hosts).
Here is first Post:
Here is my question, I have a small network consisting of 60
> hosts, all on a class C private network 192.168.1.xxx etc. I have an active
> directory domain, and GPO's in place etc. All of my servers are Winodws
> Server 2003. I have added 2 new servers that send tons of data accross the
> LAN to another server that cause my LAN to come to a halt. So here is the
> question:
> I need to set up a 192.168.2.xxx network.
> I want to use RRAS with multihomed NIC's to send all of this data to the
> 192.168.2.xxx /24 network. I set up a new switch, connected it to the
> 192.168.2.xxx NIC, and the other NIC is connected to the 192.168.1.xxx
> /24network.
> I set up a test workstation XP and gave it a static of 192.168.2.5 and
> hooked it up to the switch connected to the 192.168.2.xxx NIC.
> The multihomed server configuration is
> NIC 1: 192.168.2.1 /24 no gateway???? I guess
> NIC 2: 192.168.1.50/24 Gateway 192.168.1.1 (to the internet)
> The workstation cannot ping anything on the 192.168.1.xxx side however it
> CAN see the 192.168.1.50 NIC.
> I added a Route Add command on the test client workstation
> route add 192.168.2.1 mask 255.255.255.0 192.168.2.1
> still no routing happening.....
> How do I set up RRAS to route this traffic. Any help on configuring this
> step by step would really help so much, its driving me crazy for days now.
> All I want to do is isolate these two new server onto this 192.168.2.xxx
> network and have them available for all to see on the LAN and utilize the
> routing capability of the multihomed server for this to happen...
>
> thanks, Dan



"Phillip Windell" wrote:

> Looks like I deleted the original post. Can you re-explain what you had planed
> to do originally?
> I'll continue below with what I already know.....
>
> "Dan" <(E-Mail Removed)> wrote in message
> news277DF73-D0A3-4DBA-AA31-(E-Mail Removed)...
> > your answer makes perfect sense, perhaps I didnt explain everything in detail
> > the 2 servers that are causing my network to come to a crawl are video
>
> Sounds like a TV station. That is what we are,..an NBC Affiliate.
>
> > servers that record data and store it on a Windows Server with mega TB space.
> > So they are always sending data at this box. So without spending a ton of
> > money, I wanted to see if creating a separate netowork from the 192.168.1.xxx
> > LAN, calling it 192.168.2.xxx would isolate the problem from all the
> > complaining end users.
>
> You can but it depends on exactly how you do that. You'd be better off trying
> to first solve it at Layer2 first,...then if all else fails,..create a Layer3
> solution.
>
> > If I stop these video servers the network jumps back
> > to its usual Gbps speed. All the servers are on Gbps switches, as well as
> > the video servers that are writing the data to this box. End users are all
> > 10/100. Uggghhhhh. What can I do to solve this without restucturing, and a
> > ton of $$$$$. Would RRAS help this?
>
> Creating separate Layer3 segments can isolate the traffic but I don't think that
> is what is needed, and even then it depends on how it was done. Which server
> actually runs RRAS and has the two nics will make a big difference.
>
> You have to carefully anylize your physical cabling structure to make sure that
> the physical path taken by the traffic does not "share" any physical cables the
> LAN needs for the rest of its traffic.
>
> Notice the two examples below. The links between switches is effectively the
> "backbone" of the LAN and that is where the trouble will happen. In the "bad"
> example the link between the switch-1 and switch-2 takes all the load of both
> the users and the video traffic. Then in the "good" examples they have separate
> virtual curcuits. They do share the switch-1 but the traffic is kept separated
> by the functionality of the switch and the only "shared" portion is the
> backplane of the switch and a good switch can handle that just fine.
>
> -Bad-
> LAN Server
> |
> <switch 1>---Vid Server B
> |
> <switch 2>---Vid Server A
> |
> <users>
>
> -Good-
> LAN Server
> |
> Vid Server A---<switch 1>---Vid Server B
> |
> <switch 2>
> |
> <users>
>
> -Also Good-
> LAN Server
> |
> Vid Server A---<switch 1>---Vid Server B
> |
> <users>
>
>
> There are ways to do two different physical LANs with a Router connecting the
> two but that introduces possibly complex "Naming" issues with multi homing. If
> more than one of these involved video serverhave two nics and sit on both LANs
> at the same then there is going to be big problems getting the machine to be
> identified by the proper IP# for each particular process which will in turn
> effect the physical path taken by traffic generated by that process.
>
> --
> Phillip Windell
> www.wandtv.com
>
> The views expressed, are my own and not those of my employer, or Microsoft, or
> anyone else associated with me, including my cats.
> -----------------------------------------------------
>
>
>

Oh my gosh, your in Decatur, I am in Boston but I grew up in Springfield!!!
My family is all out there in your area, small world.

"Dan" wrote:

> My original post attached ofter this reply: Actually these are DV Servers
> that store surveillance video 24/7. There is a total of 32 PTZ cams, that
> are always recording. So the rest of my Domain suffers greatly due to our
> fine security dept. I actually built the video system as well as the domain
> and all things tech related. The recording on these servers is stored as
> .avi data and wham, accross the pipes it goes at approx 400-500 GB per 24
> hour period uggghhh to a Windows Server 2003 R2 with multiple RAID 5 TB
> arrays. (Not Windows Storage Server) on a simple 192.168.1.xxx IP network
> (60 hosts).
> Here is first Post:
> Here is my question, I have a small network consisting of 60
> > hosts, all on a class C private network 192.168.1.xxx etc. I have an active
> > directory domain, and GPO's in place etc. All of my servers are Winodws
> > Server 2003. I have added 2 new servers that send tons of data accross the
> > LAN to another server that cause my LAN to come to a halt. So here is the
> > question:
> > I need to set up a 192.168.2.xxx network.
> > I want to use RRAS with multihomed NIC's to send all of this data to the
> > 192.168.2.xxx /24 network. I set up a new switch, connected it to the
> > 192.168.2.xxx NIC, and the other NIC is connected to the 192.168.1.xxx
> > /24network.
> > I set up a test workstation XP and gave it a static of 192.168.2.5 and
> > hooked it up to the switch connected to the 192.168.2.xxx NIC.
> > The multihomed server configuration is
> > NIC 1: 192.168.2.1 /24 no gateway???? I guess
> > NIC 2: 192.168.1.50/24 Gateway 192.168.1.1 (to the internet)
> > The workstation cannot ping anything on the 192.168.1.xxx side however it
> > CAN see the 192.168.1.50 NIC.
> > I added a Route Add command on the test client workstation
> > route add 192.168.2.1 mask 255.255.255.0 192.168.2.1
> > still no routing happening.....
> > How do I set up RRAS to route this traffic. Any help on configuring this
> > step by step would really help so much, its driving me crazy for days now.
> > All I want to do is isolate these two new server onto this 192.168.2.xxx
> > network and have them available for all to see on the LAN and utilize the
> > routing capability of the multihomed server for this to happen...
> >
> > thanks, Dan
>
>
>
> "Phillip Windell" wrote:
>
> > Looks like I deleted the original post. Can you re-explain what you had planed
> > to do originally?
> > I'll continue below with what I already know.....
> >
> > "Dan" <(E-Mail Removed)> wrote in message
> > news277DF73-D0A3-4DBA-AA31-(E-Mail Removed)...
> > > your answer makes perfect sense, perhaps I didnt explain everything in detail
> > > the 2 servers that are causing my network to come to a crawl are video
> >
> > Sounds like a TV station. That is what we are,..an NBC Affiliate.
> >
> > > servers that record data and store it on a Windows Server with mega TB space.
> > > So they are always sending data at this box. So without spending a ton of
> > > money, I wanted to see if creating a separate netowork from the 192.168.1.xxx
> > > LAN, calling it 192.168.2.xxx would isolate the problem from all the
> > > complaining end users.
> >
> > You can but it depends on exactly how you do that. You'd be better off trying
> > to first solve it at Layer2 first,...then if all else fails,..create a Layer3
> > solution.
> >
> > > If I stop these video servers the network jumps back
> > > to its usual Gbps speed. All the servers are on Gbps switches, as well as
> > > the video servers that are writing the data to this box. End users are all
> > > 10/100. Uggghhhhh. What can I do to solve this without restucturing, and a
> > > ton of $$$$$. Would RRAS help this?
> >
> > Creating separate Layer3 segments can isolate the traffic but I don't think that
> > is what is needed, and even then it depends on how it was done. Which server
> > actually runs RRAS and has the two nics will make a big difference.
> >
> > You have to carefully anylize your physical cabling structure to make sure that
> > the physical path taken by the traffic does not "share" any physical cables the
> > LAN needs for the rest of its traffic.
> >
> > Notice the two examples below. The links between switches is effectively the
> > "backbone" of the LAN and that is where the trouble will happen. In the "bad"
> > example the link between the switch-1 and switch-2 takes all the load of both
> > the users and the video traffic. Then in the "good" examples they have separate
> > virtual curcuits. They do share the switch-1 but the traffic is kept separated
> > by the functionality of the switch and the only "shared" portion is the
> > backplane of the switch and a good switch can handle that just fine.
> >
> > -Bad-
> > LAN Server
> > |
> > <switch 1>---Vid Server B
> > |
> > <switch 2>---Vid Server A
> > |
> > <users>
> >
> > -Good-
> > LAN Server
> > |
> > Vid Server A---<switch 1>---Vid Server B
> > |
> > <switch 2>
> > |
> > <users>
> >
> > -Also Good-
> > LAN Server
> > |
> > Vid Server A---<switch 1>---Vid Server B
> > |
> > <users>
> >
> >
> > There are ways to do two different physical LANs with a Router connecting the
> > two but that introduces possibly complex "Naming" issues with multi homing. If
> > more than one of these involved video serverhave two nics and sit on both LANs
> > at the same then there is going to be big problems getting the machine to be
> > identified by the proper IP# for each particular process which will in turn
> > effect the physical path taken by traffic generated by that process.
> >
> > --
> > Phillip Windell
> > www.wandtv.com
> >
> > The views expressed, are my own and not those of my employer, or Microsoft, or
> > anyone else associated with me, including my cats.
> > -----------------------------------------------------
> >
> >
> >

As Phillip has pointed out, it is vital that you get the network topology
right. Let us know what you have in mind. NB Do not run RRAS on a DC!

To answer your original question, just enabling IP routing doesn't mean
that two subnets actually route. It works automatically in the (trivial)
case where the router is the default gateway for both segments. eg

192.168.1.x dg 192.168.1.254
|
192.168.1.254 dg blank
RRAS
192.168.2.254 dg blank
|
192.168.2.x dg 192.168.2.254

If an existing subnet is using some other gateway, such as an Internet
router, the two segments do not route. Traffic for the new subnet will go
the Internet router by default. This router has no idea where this subnet is
and will probably drop the packet because it has a private IP address. You
need extra routing in this subnet to get traffic for the new subnet to the
RRAS router instead of the Internet gateway.

You could add a static route to every machine in the subnet to route
traffic for 192.168.2.0/24 to the RRAS router. A simpler solution is to add
the route to the gateway router. When this router receives a packet for the
new private subnet it redirects it to the RRAS router (because it now knows
how to do that). In addition it sends an ICMP redirect to the sending
machine to tell it the correct router to use to find this machine. The LAN
machines "learn" the correct router to use to find the "new" subnet. eg

Internet
|
gateway router
192.168.1.1 {static route 192.168.2.0 255.255.255.0 192.168.1.254}
|
192.168.1.x dg 192.168.1.1
|
192.168.1.254 dg 192.168.1.1
RRAS
192.168.2.254 dg blank
|
192.168.2.x dg 192.168.2.254

Both subnets can access the Internet through the gateway router but they
can also route from one private subnet to the other.

"Dan" <(E-Mail Removed)> wrote in message
news:4951D0A2-A8AB-467B-A5E2-(E-Mail Removed)...
> Oh my gosh, your in Decatur, I am in Boston but I grew up in Springfield!!!
> My family is all out there in your area, small world.

Cool! And our Corp HQ is in your back yard (Providence, RI) and I may even be
up that direction this summer, possibly even twice.


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft, or
anyone else associated with me, including my cats.
-----------------------------------------------------

OK, so be that as it may.... Here is what I have in place now, basically your
secornd scenario

Internet
|
Gateway Router (192.168.1.1)
|
192.168.1.xxx LAN dg 192.168.1.1/24

simple right.... ok so here is what I did setting up an RRAS box and please
show me where I went wrong.

Internet
|
Gateway Router (192.168.1.1)
|
192.168.1.xxx/24 dg 192.168.1.1
|
192.168.1.50/24 dg 192.168.1.1 (connnected to a LAN switch 192.168.1.xxx LAN)
RRAS
192.168.2.1/24 dg blank (connected to yet another LAN switch for this test
client, switch NOT uplinked to above switch just test client and the
192.168.2.1 NIC )
|
192.168.2.xxx/24 dg 192.168.2.1

That being said, this is the exact IP config on my test box
192.168.2.5 dg 192.168.2.1
I cannot see the 192.168.1.xxx LAN whatsoever.
I cannot ping the Internet router nor anything on that LAN.
I did a route add 192.168.1.0 dg 192.168.2.1 thinkin that I will send the
traffic to the 192.168.2.1 interface (which of course see's the 192.168.1.xxx
segement)
and still no go
From the RRAS box however I can ping the 192.168.2.5 test box hmmmmmm??????
What am I doing wrong, how should I configure my clients on the
192.168.2.xxx network, how should I configure RRAS on the Server, and what
needs to be done on the 192.168.1.xxx clients if anything.
Any knowledge or help would benefit me greatly!!! Uggghhh


"Bill Grant" wrote:

> As Phillip has pointed out, it is vital that you get the network topology
> right. Let us know what you have in mind. NB Do not run RRAS on a DC!
>
> To answer your original question, just enabling IP routing doesn't mean
> that two subnets actually route. It works automatically in the (trivial)
> case where the router is the default gateway for both segments. eg
>
> 192.168.1.x dg 192.168.1.254
> |
> 192.168.1.254 dg blank
> RRAS
> 192.168.2.254 dg blank
> |
> 192.168.2.x dg 192.168.2.254
>
> If an existing subnet is using some other gateway, such as an Internet
> router, the two segments do not route. Traffic for the new subnet will go
> the Internet router by default. This router has no idea where this subnet is
> and will probably drop the packet because it has a private IP address. You
> need extra routing in this subnet to get traffic for the new subnet to the
> RRAS router instead of the Internet gateway.
>
> You could add a static route to every machine in the subnet to route
> traffic for 192.168.2.0/24 to the RRAS router. A simpler solution is to add
> the route to the gateway router. When this router receives a packet for the
> new private subnet it redirects it to the RRAS router (because it now knows
> how to do that). In addition it sends an ICMP redirect to the sending
> machine to tell it the correct router to use to find this machine. The LAN
> machines "learn" the correct router to use to find the "new" subnet. eg
>
> Internet
> |
> gateway router
> 192.168.1.1 {static route 192.168.2.0 255.255.255.0 192.168.1.254}
> |
> 192.168.1.x dg 192.168.1.1
> |
> 192.168.1.254 dg 192.168.1.1
> RRAS
> 192.168.2.254 dg blank
> |
> 192.168.2.x dg 192.168.2.254
>
> Both subnets can access the Internet through the gateway router but they
> can also route from one private subnet to the other.
>
>
>