 |
| Register | FAQ | Members List | Calendar | Links | Search | Today's Posts | Mark Forums Read |
|
||||||||
|
|
|||||||
 |
|
|
Thread Tools | Display Modes |
|
#1
05-01-2007, 03:57 PM
|
Multihomed Server with 2 Internet Connections
I know a bunch of people have posted in regards to multi-homing, but I
haven't seen our particular issue asked, so I apologize if I missed it somewhere along the way. We are running a web site on a fully patched Windows Server 2003 SP2 with two NICs connected to the Internet through two different firewall/routers. Below is a sample configuration: ISP #1 ISP #2 | | Router 1 Router 2 (X.X.X.X public/ (Y.Y.Y.Y public/ 192.168.2.1 private 192.168.3.1 private) | | Web Server Web Server NIC 1 NIC 2 (IP: 192.168.2.2 (IP: 192.168.3.2 DG: 192.168.2.1) DG: 192.168.3.1) When the server is configured with dual default gateways, it responds correctly for some period of time, and then, it begins responding to inbound TCP requests on NIC 1 by going outbound on NIC 2 (or vice-versa), thereby terminating the connection with the remote host. Obviously, removing the default gateway on the second NIC eliminates this issue, but makes the web server unavailable via ISP #2. What is the correct method to enable connectivity on both NICs and ensure that traffic is appropriately routed and that the cross-NIC response doesn't occur? Thanks in advance for your help. Tim 
|
|
#2
05-01-2007, 05:01 PM
|
|||
|
|||
|
Re: Multihomed Server with 2 Internet Connections
I'm no expert by far but I have had better success using VLAN's to isolate
the traffic going to different NIC's in a multi-homed server. Only real problem I ever had doing this was trying to multi-home a DC, other than that it seems to work well for me. Granted I am not using a router with public addressing, just an internal one between nets. "Tim" <(E-Mail Removed)> wrote in message news:67614BAB-1DB3-44C2-87AF-(E-Mail Removed)... >I know a bunch of people have posted in regards to multi-homing, but I > haven't seen our particular issue asked, so I apologize if I missed it > somewhere along the way. > > We are running a web site on a fully patched Windows Server 2003 SP2 with > two NICs connected to the Internet through two different firewall/routers. > Below is a sample configuration: > > ISP #1 ISP #2 > | | > Router 1 Router 2 > (X.X.X.X public/ (Y.Y.Y.Y public/ > 192.168.2.1 private 192.168.3.1 private) > | | > Web Server Web Server > NIC 1 NIC 2 > (IP: 192.168.2.2 (IP: 192.168.3.2 > DG: 192.168.2.1) DG: 192.168.3.1) > > When the server is configured with dual default gateways, it responds > correctly for some period of time, and then, it begins responding to > inbound > TCP requests on NIC 1 by going outbound on NIC 2 (or vice-versa), thereby > terminating the connection with the remote host. Obviously, removing the > default gateway on the second NIC eliminates this issue, but makes the web > server unavailable via ISP #2. > > What is the correct method to enable connectivity on both NICs and ensure > that traffic is appropriately routed and that the cross-NIC response > doesn't > occur? Thanks in advance for your help.
|
|
#3
05-01-2007, 05:08 PM
|
|||
|
|||
|
Re: Multihomed Server with 2 Internet Connections
"Tim" <(E-Mail Removed)> wrote in message news:67614BAB-1DB3-44C2-87AF-(E-Mail Removed)... >I know a bunch of people have posted in regards to multi-homing, but I > haven't seen our particular issue asked, so I apologize if I missed it > somewhere along the way. > > When the server is configured with dual default gateways, it responds > correctly for some period of time, and then, it begins responding to inbound > TCP requests on NIC 1 by going outbound on NIC 2 (or vice-versa), thereby > terminating the connection with the remote host. Obviously, removing the > default gateway on the second NIC eliminates this issue, but makes the web > server unavailable via ISP #2. > > What is the correct method to enable connectivity on both NICs and ensure > that traffic is appropriately routed and that the cross-NIC response doesn't > occur? Thanks in advance for your help. It is acting exactly like it is supposed to do. It is bad, it is ugly, and that is why for years and years we have been preaching "Don't do it!". If you want redundant connections then bring both connections into the same routing device. That is what routers are for. If these are "home user" broadband connections (DSL, CableTV) then buy a broadband "router" that has two WAN ports and has the native ability to load balance two connections. ----The good (sort of)------- 128978 - Dead Gateway Detection in TCP/IP for Windows NT http://support.microsoft.com/default...b;EN-US;128978 171564 - TCP/IP Dead Gateway Detection Algorithm Updated for Windows NT http://support.microsoft.com/default...b;EN-US;171564 -----The bad (sort of)---- 157025 - Default Gateway Configuration for Multihomed Computers http://support.microsoft.com/default...roduct=win2000 Default gateways http://www.microsoft.com/technet/pro...d3859f5b1.mspx Default Gateway Behavior for Windows TCP/IP http://www.microsoft.com/technet/com...uy/cg0903.mspx ------The ugly----- 159168 - Multiple Default Gateways Can Cause Connectivity Problems http://support.microsoft.com/kb/159168/EN-US/ 272294 - Active Directory Communication Fails on Multihomed Domain Controllers http://support.microsoft.com/default...b;en-us;272294 191611 - Symptoms of Multihomed Browsers http://support.microsoft.com/default...b;EN-US;191611 -- Phillip Windell www.wandtv.com The views expressed, are my own and not those of my employer, or Microsoft, or anyone else associated with me, including my cats. -----------------------------------------------------
|
|
#4
05-01-2007, 08:22 PM
|
|||
|
|||
|
Re: Multihomed Server with 2 Internet Connections
I hadn't thought about VLANs, per Mac's post, so I'll take a look into that.
Phillip - Thanks for the feedback. I have looked at most of the resources you mention, but I guess I'm just confused as this worked with no issues for years with Windows 2000, and now doesn't work in Windows 2003. We want to ensure that we have a solution whereby there isn't a single point of failure, in terms of equipment, in the path (that we control) to the servers so as to have the highest availability and reliability. While we do use enterprise class routers/firewalls that support multiple WAN connections and use them accordingly, we are still looking for a way to have redundancy across hardware for this purpose. Thus, the dual homed servers. Is there no work around within Windows 2003 to enable the behavior that we desire? Thanks again for your help. "Phillip Windell" wrote: > > "Tim" <(E-Mail Removed)> wrote in message > news:67614BAB-1DB3-44C2-87AF-(E-Mail Removed)... > >I know a bunch of people have posted in regards to multi-homing, but I > > haven't seen our particular issue asked, so I apologize if I missed it > > somewhere along the way. > > > > When the server is configured with dual default gateways, it responds > > correctly for some period of time, and then, it begins responding to inbound > > TCP requests on NIC 1 by going outbound on NIC 2 (or vice-versa), thereby > > terminating the connection with the remote host. Obviously, removing the > > default gateway on the second NIC eliminates this issue, but makes the web > > server unavailable via ISP #2. > > > > What is the correct method to enable connectivity on both NICs and ensure > > that traffic is appropriately routed and that the cross-NIC response doesn't > > occur? Thanks in advance for your help. > > It is acting exactly like it is supposed to do. It is bad, it is ugly, and that > is why for years and years we have been preaching "Don't do it!". > > If you want redundant connections then bring both connections into the same > routing device. That is what routers are for. If these are "home user" > broadband connections (DSL, CableTV) then buy a broadband "router" that has two > WAN ports and has the native ability to load balance two connections. > > ----The good (sort of)------- > 128978 - Dead Gateway Detection in TCP/IP for Windows NT > http://support.microsoft.com/default...b;EN-US;128978 > > 171564 - TCP/IP Dead Gateway Detection Algorithm Updated for Windows NT > http://support.microsoft.com/default...b;EN-US;171564 > > > -----The bad (sort of)---- > 157025 - Default Gateway Configuration for Multihomed Computers > http://support.microsoft.com/default...roduct=win2000 > > Default gateways > http://www.microsoft.com/technet/pro...d3859f5b1.mspx > > Default Gateway Behavior for Windows TCP/IP > http://www.microsoft.com/technet/com...uy/cg0903.mspx > > > ------The ugly----- > 159168 - Multiple Default Gateways Can Cause Connectivity Problems > http://support.microsoft.com/kb/159168/EN-US/ > > 272294 - Active Directory Communication Fails on Multihomed Domain Controllers > http://support.microsoft.com/default...b;en-us;272294 > > 191611 - Symptoms of Multihomed Browsers > http://support.microsoft.com/default...b;EN-US;191611 > > > -- > Phillip Windell > www.wandtv.com > > The views expressed, are my own and not those of my employer, or Microsoft, or > anyone else associated with me, including my cats. > ----------------------------------------------------- > > >
|
|
#5
05-02-2007, 07:46 PM
|
|||
|
|||
|
Re: Multihomed Server with 2 Internet Connections
"Tim" <(E-Mail Removed)> wrote in message
news:EAC0CDF1-C8FF-4784-8CE3-(E-Mail Removed)... >I hadn't thought about VLANs, per Mac's post, so I'll take a look into that. No. Multi-homing is still multi-homing,...it doesn't matter if it is virtual or physical,...same rules apply. > Phillip - Thanks for the feedback. I have looked at most of the resources > you mention, but I guess I'm just confused as this worked with no issues for > years with Windows 2000, and now doesn't work in Windows 2003. 2000 is irrelvant,...it didn't work "because" it was 2000. It worked because you got lucky for a period of time. > We want to ensure that we have a solution whereby there isn't a single point > of failure, in terms of equipment, in the path (that we control) to the > servers so as to have the highest availability and reliability. While we do > use enterprise class routers/firewalls that support multiple WAN connections > and use them accordingly, we are still looking for a way to have redundancy > across hardware for this purpose. Thus, the dual homed servers. > > Is there no work around within Windows 2003 to enable the behavior that we > desire? Option #1 Nic Teaming. Has nothing to do with Windows. Requires Nics designed to do that. Requires software to make it happen. Requires Switches compatible with it due to the MAC Address confusion it may cause. Option #2 http://www.emc-rainwall.com/products/rainconnect.html -- Phillip Windell www.wandtv.com The views expressed, are my own and not those of my employer, or Microsoft, or anyone else associated with me, including my cats. -----------------------------------------------------
|
|
| Tags |
| connections, internet, multihomed, server |
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
