Win2K3E & Multiple NICs

I have a Win2K3 Enterprise box with 2 NICs. I have each NIC on a
separate LAN segment, each with a different network (call it 10.23.1.x
and 10.23.2.x). I've set a metric of 1 and 2 respectively. Every so
often, the server just seems to vanish from the first segment. It also
sometimes just starts routing over the second segment for no readily
apparent reason.

This is my first attempt at have two different segments on the same
machine like this; the goal is redundancy of course, and ideally
transactions will come in across either to the system's various services
(call it load balancing, although it's more a matter of telling some
clients to use one, others to use the secondary).

Are there any particulars to setting such a design up? Clearly I'm
missing something, I'm just not sure what. Suggestions, white papers...?

James

Posting the result of ipconfig /all may help.

--
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com


"Noctaire" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
>I have a Win2K3 Enterprise box with 2 NICs. I have each NIC on a separate
>LAN segment, each with a different network (call it 10.23.1.x and
>10.23.2.x). I've set a metric of 1 and 2 respectively. Every so often,
>the server just seems to vanish from the first segment. It also sometimes
>just starts routing over the second segment for no readily apparent reason.
>
> This is my first attempt at have two different segments on the same
> machine like this; the goal is redundancy of course, and ideally
> transactions will come in across either to the system's various services
> (call it load balancing, although it's more a matter of telling some
> clients to use one, others to use the secondary).
>
> Are there any particulars to setting such a design up? Clearly I'm
> missing something, I'm just not sure what. Suggestions, white papers...?
>
> James

Robert L. (MS-MVP) wrote:
> Posting the result of ipconfig /all may help.

Ok...not sure how that will help, but I can do that. Primary has been
given a metric of 1, secondary a metric of 2. The two networks are not
bridged.

Windows IP Configuration

Host Name . . . . . . . . . . . . : myhost
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Primary:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
Ethernet #2
Physical Address. . . . . . . . . : XX-XX-XX-XX-XX-XX
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.23.1.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 10.23.1.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 10.23.1.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.23.1.1
DNS Servers . . . . . . . . . . . : 127.0.0.1
216.1.2.1

Ethernet adapter Secondary:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : XX-XX-XX-XX-XX-XX
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.23.2.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.23.2.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
192.168.1.2

Robert L. (MS-MVP) wrote:
> Posting the result of ipconfig /all may help.

Ok...not sure how that will help, but I can do that. Primary has been
given a metric of 1, secondary a metric of 2. The two networks are not
bridged.

Windows IP Configuration

Host Name . . . . . . . . . . . . : myhost
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Primary:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
Ethernet #2
Physical Address. . . . . . . . . : XX-XX-XX-XX-XX-XX
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.23.1.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 10.23.1.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 10.23.1.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.23.1.1
DNS Servers . . . . . . . . . . . : 127.0.0.1
216.1.2.1

Ethernet adapter Secondary:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : XX-XX-XX-XX-XX-XX
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.23.2.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.23.2.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
192.168.1.2

Hello Noctaire,

With this kind of ip configuration you must have problems. You have mixed
internal and external addresses on the NIC's. First remove the loopback address
127.0.0.1 and use the real one from the server. Also you have to configure
a forwarder to your ISP's DNS server on the DNS management console properties
under the forwarders tab. This is for NIC one.
On the second you have mixed to different ip ranges 10.x.x.x and 192.168.x.x
for the DNS, will also not work this way.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> Robert L. (MS-MVP) wrote:
>
>> Posting the result of ipconfig /all may help.
>>
> Ok...not sure how that will help, but I can do that. Primary has been
> given a metric of 1, secondary a metric of 2. The two networks are
> not bridged.
>
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : myhost
> Primary Dns Suffix . . . . . . . :
> Node Type . . . . . . . . . . . . : Unknown
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> Ethernet adapter Primary:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
> Ethernet #2
> Physical Address. . . . . . . . . : XX-XX-XX-XX-XX-XX
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 10.23.1.3
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> IP Address. . . . . . . . . . . . : 10.23.1.2
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> IP Address. . . . . . . . . . . . : 10.23.1.1
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 10.23.1.1
> DNS Servers . . . . . . . . . . . : 127.0.0.1
> 216.1.2.1
> Ethernet adapter Secondary:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
> Ethernet
> Physical Address. . . . . . . . . : XX-XX-XX-XX-XX-XX
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 10.23.2.2
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 10.23.2.1
> DNS Servers . . . . . . . . . . . : 192.168.1.1
> 192.168.1.2

Meinolf Weber wrote:
> Hello Noctaire,
>
> With this kind of ip configuration you must have problems. You have
> mixed internal and external addresses on the NIC's. First remove the
> loopback address 127.0.0.1 and use the real one from the server. Also
> you have to configure a forwarder to your ISP's DNS server on the DNS
> management console properties under the forwarders tab. This is for NIC
> one.
> On the second you have mixed to different ip ranges 10.x.x.x and
> 192.168.x.x for the DNS, will also not work this way.

Thanks for your suggestion, but DNS isn't really a concern here; I can
remove the DNS entries and simply point them directly at the box's IP
address (since DNS is run locally) such that we have....

************************************************** *********************

Windows IP Configuration

Host Name . . . . . . . . . . . . : myhost
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Primary:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
Ethernet #2
Physical Address. . . . . . . . . : XX-XX-XX-XX-XX-XX
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.23.1.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 10.23.1.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 10.23.1.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.23.1.1
DNS Servers . . . . . . . . . . . : 10.23.1.2


Ethernet adapter Secondary:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : XX-XX-XX-XX-XX-XX
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.23.2.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.23.2.1
DNS Servers . . . . . . . . . . . : 10.23.2.2

************************************************** *********************

Those were simply defaults that I haven't gotten around to changing (and
FWIW, they work fine) but as I mentioned, DNS isn't the issue -- routing
traffic in general is where things aren't working properly and that's IP
based, not hostname based.

With metrics established for each NIC, traffic should route accordingly.
Likewise, one segment shouldn't just seemingly vanish for no apparent
reason. This is why I'm wondering if there isn't something else that
needs to be done to make this sort of arrangement work properly.

James

"Noctaire" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Meinolf Weber wrote:
>> Hello Noctaire,
>>
>> With this kind of ip configuration you must have problems. You have mixed
>> internal and external addresses on the NIC's. First remove the loopback
>> address 127.0.0.1 and use the real one from the server. Also you have to
>> configure a forwarder to your ISP's DNS server on the DNS management
>> console properties under the forwarders tab. This is for NIC one.
>> On the second you have mixed to different ip ranges 10.x.x.x and
>> 192.168.x.x for the DNS, will also not work this way.
>
> Thanks for your suggestion, but DNS isn't really a concern here; I can
> remove the DNS entries and simply point them directly at the box's IP
> address (since DNS is run locally) such that we have....
>
> ************************************************** *********************
>
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : myhost
> Primary Dns Suffix . . . . . . . :
> Node Type . . . . . . . . . . . . : Unknown
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
>
> Ethernet adapter Primary:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
> #2
> Physical Address. . . . . . . . . : XX-XX-XX-XX-XX-XX
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 10.23.1.3
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> IP Address. . . . . . . . . . . . : 10.23.1.2
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> IP Address. . . . . . . . . . . . : 10.23.1.1
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 10.23.1.1
> DNS Servers . . . . . . . . . . . : 10.23.1.2
>
>
> Ethernet adapter Secondary:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
> Physical Address. . . . . . . . . : XX-XX-XX-XX-XX-XX
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 10.23.2.2
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 10.23.2.1
> DNS Servers . . . . . . . . . . . : 10.23.2.2
>
> ************************************************** *********************
>
> Those were simply defaults that I haven't gotten around to changing (and
> FWIW, they work fine) but as I mentioned, DNS isn't the issue -- routing
> traffic in general is where things aren't working properly and that's IP
> based, not hostname based.
>
> With metrics established for each NIC, traffic should route accordingly.
> Likewise, one segment shouldn't just seemingly vanish for no apparent
> reason. This is why I'm wondering if there isn't something else that
> needs to be done to make this sort of arrangement work properly.
>
> James

No, that in incorrect. You can only have one default gateway per machine,
not one per interface. If you specify more than one gateway, the machine
will only use one of them. The only redundancy you get is that, if that
gateway fails, the machine will switch to the other gateway. This depends on
dead gateway detection. It is very limited, because it will not switch back
when the original gateway comes back to like. You would have to do that
manually.

The only way to ensure traffic for a particular destination uses a
gateway other than the default is to use static routes. Otherwise the only
traffic going out the non-default gateway will be to traffic in the directly
connected subnet.

Having two NICs in a server is a great idea in principle but it has
major problems in practice. These involve name resolution and browsing. The
cause of this is that there are two IP addresses associated with the
server's name.

> No, that in incorrect. You can only have one default gateway per
> machine, not one per interface. If you specify more than one gateway,
> the machine will only use one of them. The only redundancy you get is
> that, if that gateway fails, the machine will switch to the other
> gateway. This depends on dead gateway detection. It is very limited,
> because it will not switch back when the original gateway comes back to
> like. You would have to do that manually.
>
> The only way to ensure traffic for a particular destination uses a
> gateway other than the default is to use static routes. Otherwise the
> only traffic going out the non-default gateway will be to traffic in the
> directly connected subnet.
>
> Having two NICs in a server is a great idea in principle but it has
> major problems in practice. These involve name resolution and browsing.
> The cause of this is that there are two IP addresses associated with the
> server's name.

So the addition of static routes should correct the issue then, right?

Without specifying routes, I expected traffic destined for the
non-default gateway to go over the directly connected subnet. Problem
is, windows ignored the metrics and went the other way -- using the
secondary connection (with metric 2) as the default. That behavior
doesn't SOUND correct...?

This box will also be used to host virtual servers so having the ability
to route across multiple networks is required. Surely Microsoft
realized that...?

"Noctaire" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> This box will also be used to host virtual servers so having the ability
> to route across multiple networks is required. Surely Microsoft realized
> that...?

It isn't Microsoft. It is the way TCP/IP works

Virtual machines have nothing to do with the Nic's TCP/IP config on the Host
machine. The Nics just have to physically be there and the drivers must be
loaded and functional. The actual TCP/IP Config can be totally bogus or even
left blank. The Virtual Machines function based on the TCP/IP specs you
give *them* on their Virtual Nic and which Physical Nic you associate the
Virtual Nic to,.. which represents the Physical "wire" that the Virtual Nic
functions with.

Disclaimer:
I do no have any of the previous posts,...so I may not have the full context
of the discussion.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

"Phillip Windell" <(E-Mail Removed)> wrote in message
news:eRwuXx$(E-Mail Removed)...
> "Noctaire" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> This box will also be used to host virtual servers so having the ability
>> to route across multiple networks is required. Surely Microsoft realized
>> that...?
>
> It isn't Microsoft. It is the way TCP/IP works
>
> Virtual machines have nothing to do with the Nic's TCP/IP config on the
> Host machine. The Nics just have to physically be there and the drivers
> must be loaded and functional. The actual TCP/IP Config can be totally
> bogus or even left blank. The Virtual Machines function based on the
> TCP/IP specs you give *them* on their Virtual Nic and which Physical Nic
> you associate the Virtual Nic to,.. which represents the Physical "wire"
> that the Virtual Nic functions with.
>
> Disclaimer:
> I do no have any of the previous posts,...so I may not have the full
> context of the discussion.
>
> --
> Phillip Windell
> www.wandtv.com
>
> The views expressed, are my own and not those of my employer, or
> Microsoft,
> or anyone else associated with me, including my cats.
> -----------------------------------------------------
>
>

I agree with Philip. The virtual machine issue is a red herring. If you
want the virtual machines to communicate with the physical networks you will
need to link them to one physical NIC or the other. Or do you plan to have
multiple NICs in the virtual machines as well? If, on the other hand, you
want one vm to connect to one NIC and another to connect to a different NIC,
that is no trouble. You can do that without the host being in both networks.
The virtual machine's NICs will have their own IP addresses and their own
MAC addresses. As far as TCP/IP is concerned they are separate machines with
no link to the host.

Stick to one NIC per server and let your routers do the routing. Trying to
out-think TCP/IP is a recipe for disaster.