Multihoming Windows 2000

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Have a W2K Server, with 2 NICs....for multihoming with two different subnets,
what would be the steps I would need to do in order to implement TCP/IP
Properly?

rj3b
 
Rj,

are you going to be using the box as a router or do you just want it
available on both networks?

Best Regards,
G. Samuel Hays
 
Okay, can you give specifics of exactly what you want to do? For example,
IP Addresses, subnets and if there are any problems, what are they?

Best Regards,
G. Samuel Hays
 
Specifics are as follows,

Senerio 1 -
Two adapters, connected to the public network, one adapter into one switch
on a subnet. The second adapter is on a differnet subnet into a different
switch.

This is not implemented yet, so no problems, just want to know if any static
entries are needed in the routing table etc. Also, gateways, any metrics.
What would be the "best" way to implement.
 
rj3b said:
This is not implemented yet, so no problems, just want to know if any static
entries are needed in the routing table etc. Also, gateways, any metrics.
What would be the "best" way to implement.

One "public" Nic would always be the Default "outbound" path. The other
"public" nic would only work for "specified" routes/destinations. So, yes
you might need static routes to force certain "destinations" to go out the
second public Nic.

Keep in mind that "random" or "unknown" requests that my come inbound on the
second "public" Nic will *still* go out the first or "default" public Nic
even though that isn't the one they came in on. It is just the way TCP/IP
and Routing Tables work,...it is not MS's or Window's fault. Only
destinations that you statically specifiy in the Routing Table will use the
second public Nic for outbound. There is no "state" that is maintained
between the inbound and outbound paths, each works independently.
 
Hi Phillip,

I was glad to find your reponse on this topic. The company I work for
is looking to multihome the hosts that are part of a big project.
Most will be Windows Server 2003 boxes and IBM RISC server. After
reading your reponse, I wanted to get your take on this scenario.

They are looking to connect all hosts to the core network via 1 NIC.
They generally refer to this as the Public network. The second NIC
will connect to another switch and this network is considered the
Private network. They plan to totally isolate the Private network.
It will have no connection to the core network and the only route off
of the Private network will be via the hosts connected to it. You
make mention of the one part of multihoming that I'm a little
concerned about....and that is that some traffic is going to use the
adapter listed first in the connection order. Can you give me some
examples of when that might occur?

And, would it not be better to connect all hosts via one NIC to the
second switch and then connect that switch to the core network? That
way....all hosts only use one adapter and all the traffic is seperated
from the core switch. It just seems to me it would be better doing
that and allow the switches to control the data flows....expecially
since the core switch is a layer 3 Cisco 6509. The multihoming, to
me, just doesn't seem to be worth the trouble.

Thanks in advance Phillip,

Mike
 
Mikey said:
They are looking to connect all hosts to the core network via 1 NIC.
They generally refer to this as the Public network. The second NIC
will connect to another switch and this network is considered the
Private network. They plan to totally isolate the Private network.
It will have no connection to the core network and the only route off
of the Private network will be via the hosts connected to it.

Well, I'm not totally sure what you are describing, but what parts of it I
think I understand,...I don't like. I just don't like multi-homed servers
except for routers, nat boxes, and proxys,...I guess it is almost a
"religious" thing for me :-).
concerned about....and that is that some traffic is going to use the
adapter listed first in the connection order. Can you give me some
examples of when that might occur?

Not sure how it applies in this case,...partly because I am still unsure
what this case is.
And, would it not be better to connect all hosts via one NIC to the
second switch and then connect that switch to the core network? That
way....all hosts only use one adapter and all the traffic is seperated
from the core switch. It just seems to me it would be better doing
that and allow the switches to control the data flows....expecially
since the core switch is a layer 3 Cisco 6509. The multihoming, to
me, just doesn't seem to be worth the trouble.

Speaking in general...the only time any machine should have two active Nics
is when the machine is built to be a Router, a NAT Firewall, or a Proxy
Server. There is also "Nic Teaming", but that is "third party" and not a
function of, nor an "ability" of any Windows OS. But it is possible to have
several duel Nic Servers that do *not* have "routing" enabled and simply
"live" on two networks at the same time. There will still be a "default
network" that is reflected by the machine's Default Gateway (the subnet that
is in). Usually the Nic that is a member of that same subnet would also be
the first in the binding order (but maybe not always).

That may not help much, but it is the best I can do with what little I know
about what you are doing.

By-the-way, the Cisco 6509, I believe, is a switch and router combined into
the same device. We use a similar HP device. To avoid confusion, refer to it
as a Router instead of a switch unless you are referring specifically and
only to the Layer2 functionality. I know what it is because I run something
similar but others will probably get tripped up on that. Anytime you are
dealing with IP#s, networks, and subnets [all Layer3 terms] then the 6509 is
a "router". If you are dealing with MAC addresses and hosts within the same
subnet [Layer2 concepts], then the 6509 is a "switch".
 
Thanks so much for your reply Phillip. Let me see if I can describe my
situation a little better....

We have an application that is going to be deployed that involves about
5 Windows 2003 servers and 1 IBM RISC server. Our current core network
involves a 6509, which is where servers are usually connected. This new
project could involve some heavy traffic between some of the servers.
The thinking by some folks was to isolate the traffic by putting 2 NICS
in each server. 1 NIC from each host would be connected to the current
core network, the 6509. This they refer to as the public network. The
2nd NIC in each host is to be connected to a switch that only connects
the second NICs from all hosts. This they refer to as the private
network. This second switch will not be connected to the 6509. In
other words the second switch and the 2 NICs on each host that makeup
this so called private network, will be isolated. There will be no
gateway connected to the private network. The only way off of the
private network is through one of the hosts. The thinking is that
traffic between the application related hosts will be isolated to the
second switch and anybody needing access to any one of those hosts must
come through the 6509, or the public network.

My thinking is like yours though...I don't really see the need for the 2
NICs in each server. It would seem to me that if the desire was to
isolate the traffic, that each host should have only 1 NIC and that NIC
should be connected to the second switch and the second switch should
then be connected to the 6509. That way, all the hosts would be on
their own VLAN and rather than depending on the hosts for routing, any
off network traffic to or from the servers would be via the 6509. It
just seems that the multihomed approach leaves the possiblity for
undesirable traffic flows.

Mikey said:
They are looking to connect all hosts to the core network via 1 NIC.
They generally refer to this as the Public network. The second NIC
will connect to another switch and this network is considered the
Private network. They plan to totally isolate the Private network.
It will have no connection to the core network and the only route off
of the Private network will be via the hosts connected to it.

Well, I'm not totally sure what you are describing, but what parts of
it I think I understand,...I don't like. I just don't like multi-homed
servers except for routers, nat boxes, and proxys,...I guess it is
almost a "religious" thing for me :-).
concerned about....and that is that some traffic is going to use the
adapter listed first in the connection order. Can you give me some
examples of when that might occur?

Not sure how it applies in this case,...partly because I am still
unsure what this case is.
And, would it not be better to connect all hosts via one NIC to the
second switch and then connect that switch to the core network? That
way....all hosts only use one adapter and all the traffic is
seperated from the core switch. It just seems to me it would be
better doing that and allow the switches to control the data
flows....expecially since the core switch is a layer 3 Cisco 6509.
The multihoming, to me, just doesn't seem to be worth the trouble.

Speaking in general...the only time any machine should have two active
Nics is when the machine is built to be a Router, a NAT Firewall, or a
Proxy Server. There is also "Nic Teaming", but that is "third party"
and not a function of, nor an "ability" of any Windows OS. But it is
possible to have several duel Nic Servers that do *not* have "routing"
enabled and simply "live" on two networks at the same time. There
will still be a "default network" that is reflected by the machine's
Default Gateway (the subnet that is in). Usually the Nic that is a
member of that same subnet would also be the first in the binding
order (but maybe not always).

That may not help much, but it is the best I can do with what little I
know about what you are doing.

By-the-way, the Cisco 6509, I believe, is a switch and router combined
into the same device. We use a similar HP device. To avoid confusion,
refer to it as a Router instead of a switch unless you are referring
specifically and only to the Layer2 functionality. I know what it is
because I run something similar but others will probably get tripped
up on that. Anytime you are dealing with IP#s, networks, and subnets
[all Layer3 terms] then the 6509 is a "router". If you are dealing
with MAC addresses and hosts within the same subnet [Layer2 concepts],
then the 6509 is a "switch".
 
CiscoKid said:
The thinking by some folks was to isolate the traffic by putting 2 NICS
in each server. 1 NIC from each host would be connected to the current
core network, the 6509.
.............<shortened>.................
other words the second switch and the 2 NICs on each host that makeup
this so called private network, will be isolated. There will be no
gateway connected to the private network.

Whether there is a Gateway or not is almost irrelevant. There is more to it
than hooking a bunch of cables and Nics together (the Physical Layer). The
issue is that any machine, no matter if you stick a dozen Nics in it, is
still only going to have its machine name resolve to a *single* IP# and the
Nic associated with that IP# is going to be the one that the traffic will
use.
My thinking is like yours though...I don't really see the need for the 2
NICs in each server. It would seem to me that if the desire was to
isolate the traffic, that each host should have only 1 NIC and that NIC
should be connected to the second switch and the second switch should
then be connected to the 6509. That way, all the hosts would be on
their own VLAN and rather than depending on the hosts for routing, any

Yes, although you won't even need VLANs or additional subnets. It would work
on a single subnet. Now I'm not saying you can't have subnets, I'm only
saying they aren't required. We are actually working with Layer2, not
Layer3. You only have to deal with Layer3 when protecting from excessive
Broadcasts. You are actually wanting to avoid excessive
Collisions/Congestion which is a Layer2 thing. Remember that Switches create
Collision Domains while Routers create Broadcast Domains.

So...

LANs function by Ethernet Addresses (MAC addresses) not IP#s. IP only
navigates you to the proper subnet then it is Ethernet (MAC) after that
point. You place the Servers on thier own dedicated Switch which would then
be linked to another switch (or a router then another switch) with other
rmachines on it. Any traffic between the servers will never leave their own
switch because the switch will "switch" the packets based on MAC addresses
and therefore the packets with pass *only* between the exact ports on the
Switch that the Servers are connected to. The other switches & routers on
the LAN will never see that traffic.

Think about it....that is why "network sniffers" don't work on "switched"
LANs unless you use Agents or configure monitoring ports on the Switches to
overcome the "seggregation" created by the Switches.

The Server's Switch will bear the whole load on it's "backplane". There
isn't much chance you would over load that, but if you are worried about it
you can use a Gigabit switch with Gigabit Nics in the Servers. Just make
sure your cables are high enough quality to handle it or it might run even
slower than a 100mbps switch would have.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com


Mikey said:
They are looking to connect all hosts to the core network via 1 NIC.
They generally refer to this as the Public network. The second NIC
will connect to another switch and this network is considered the
Private network. They plan to totally isolate the Private network.
It will have no connection to the core network and the only route off
of the Private network will be via the hosts connected to it.

Well, I'm not totally sure what you are describing, but what parts of
it I think I understand,...I don't like. I just don't like multi-homed
servers except for routers, nat boxes, and proxys,...I guess it is
almost a "religious" thing for me :-).
concerned about....and that is that some traffic is going to use the
adapter listed first in the connection order. Can you give me some
examples of when that might occur?

Not sure how it applies in this case,...partly because I am still
unsure what this case is.
And, would it not be better to connect all hosts via one NIC to the
second switch and then connect that switch to the core network? That
way....all hosts only use one adapter and all the traffic is
seperated from the core switch. It just seems to me it would be
better doing that and allow the switches to control the data
flows....expecially since the core switch is a layer 3 Cisco 6509.
The multihoming, to me, just doesn't seem to be worth the trouble.

Speaking in general...the only time any machine should have two active
Nics is when the machine is built to be a Router, a NAT Firewall, or a
Proxy Server. There is also "Nic Teaming", but that is "third party"
and not a function of, nor an "ability" of any Windows OS. But it is
possible to have several duel Nic Servers that do *not* have "routing"
enabled and simply "live" on two networks at the same time. There
will still be a "default network" that is reflected by the machine's
Default Gateway (the subnet that is in). Usually the Nic that is a
member of that same subnet would also be the first in the binding
order (but maybe not always).

That may not help much, but it is the best I can do with what little I
know about what you are doing.

By-the-way, the Cisco 6509, I believe, is a switch and router combined
into the same device. We use a similar HP device. To avoid confusion,
refer to it as a Router instead of a switch unless you are referring
specifically and only to the Layer2 functionality. I know what it is
because I run something similar but others will probably get tripped
up on that. Anytime you are dealing with IP#s, networks, and subnets
[all Layer3 terms] then the 6509 is a "router". If you are dealing
with MAC addresses and hosts within the same subnet [Layer2 concepts],
then the 6509 is a "switch".
 
Back
Top