Multihomed Routing RRAS

Discussion in 'Server Networking' started by Dan, Apr 3, 2007.

  1. Dan

    Dan Guest

    I am stumped: Here is my question, I have a small network consisting of 60
    hosts, all on a class C private network 192.168.1.xxx etc. I have an active
    directory domain, and GPO's in place etc. All of my servers are Winodws
    Server 2003. I have added 2 new servers that send tons of data accross the
    LAN to another server that cause my LAN to come to a halt. So here is the
    question:
    I need to set up a 192.168.2.xxx network.
    I want to use RRAS with multihomed NIC's to send all of this data to the
    192.168.2.xxx /24 network. I set up a new switch, connected it to the
    192.168.2.xxx NIC, and the other NIC is connected to the 192.168.1.xxx
    /24network.
    I set up a test workstation XP and gave it a static of 192.168.2.5 and
    hooked it up to the switch connected to the 192.168.2.xxx NIC.
    The multihomed server configuration is
    NIC 1: 192.168.2.1 /24 no gateway???? I guess
    NIC 2: 192.168.1.50/24 Gateway 192.168.1.1 (to the internet)
    The workstation cannot ping anything on the 192.168.1.xxx side however it
    CAN see the 192.168.1.50 NIC.
    I added a Route Add command on the test client workstation
    route add 192.168.2.1 mask 255.255.255.0 192.168.2.1
    still no routing happening.....
    How do I set up RRAS to route this traffic. Any help on configuring this
    step by step would really help so much, its driving me crazy for days now.
    All I want to do is isolate these two new server onto this 192.168.2.xxx
    network and have them available for all to see on the LAN and utilize the
    routing capability of the multihomed server for this to happen...

    thanks, Dan
     
    Dan, Apr 3, 2007
    #1
    1. Advertisements

  2. Segmenting at Layer3 is not what you need to do. Layer3 Routing breaks up
    broadcast domains to reduce the effect of broadcasts,...this problem isn't
    caused by broadcasts, this is directed traffic. You could segment this at
    Layer3 and still have the same problem when you are done.

    What you need is Layer2 segmenting,...in other words replace the Hub with a
    Switch. Switches create virtual circuits between the two Switch ports used by
    the two communicating hosts. With a switch,.. traffic between two hosts on the
    switch is never seen by any other hosts even if they are plugged into the same
    switch. the reason people don't think of this is because after Hubs faded from
    the scene and were replced by switches, people never changed their thinking and
    still think in terms of how it was with Hubs.

    After getting the Switches in place, make sure that either:

    1. The involved Servers are all on the same switch together.

    Or...

    2. If they are on different switches then dedicate switches to the server for
    that purpose and don't wire them up to where the rest of the LAN's traffic
    shares a wire with the server traffic. But in the process of doing that don't
    create switching loops unless your switches are running STP to handle the loops.


    --
    Phillip Windell
    www.wandtv.com

    The views expressed, are my own and not those of my employer, or Microsoft, or
    anyone else associated with me, including my cats.
     
    Phillip Windell, Apr 3, 2007
    #2
    1. Advertisements

  3. Additional comments on STP. Just don't do it. No switching loops. Why?
    Because STP will shut down one of the redunant paths,...however it makes the
    decision, not you,..therefore if it shuts down the isolated link in favor of the
    other path the rest of the LAN uses you are now back in the same problem again.
    So make sure the comunicating servers have a "clean" Layer2 path between
    themselves.

    You may also want good quality switches,...don't buy "home user" stuff. good
    Switches have very fast processors and very fast Backplanes,..."home user"
    switches do not. Switches do have processors and do process tha packets, so the
    processor speed is important. You don't usually see it listed in the
    specs,...but just buy good quality switches and you won't have to worry about
    it.

    --
    Phillip Windell
    www.wandtv.com

    The views expressed, are my own and not those of my employer, or Microsoft, or
    anyone else associated with me, including my cats.
    -----------------------------------------------------
     
    Phillip Windell, Apr 3, 2007
    #3
  4. Dan

    Dan Guest

    your answer makes perfect sense, perhaps I didnt explain everything in detail
    the 2 servers that are causing my network to come to a crawl are video
    servers that record data and store it on a Windows Server with mega TB space.
    So they are always sending data at this box. So without spending a ton of
    money, I wanted to see if creating a separate netowork from the 192.168.1.xxx
    LAN, calling it 192.168.2.xxx would isolate the problem from all the
    complaining end users. If I stop these video servers the network jumps back
    to its usual Gbps speed. All the servers are on Gbps switches, as well as
    the video servers that are writing the data to this box. End users are all
    10/100. Uggghhhhh. What can I do to solve this without restucturing, and a
    ton of $$$$$. Would RRAS help this?
     
    Dan, Apr 4, 2007
    #4
  5. Looks like I deleted the original post. Can you re-explain what you had planed
    to do originally?
    I'll continue below with what I already know.....

    Sounds like a TV station. That is what we are,..an NBC Affiliate.
    You can but it depends on exactly how you do that. You'd be better off trying
    to first solve it at Layer2 first,...then if all else fails,..create a Layer3
    solution.
    Creating separate Layer3 segments can isolate the traffic but I don't think that
    is what is needed, and even then it depends on how it was done. Which server
    actually runs RRAS and has the two nics will make a big difference.

    You have to carefully anylize your physical cabling structure to make sure that
    the physical path taken by the traffic does not "share" any physical cables the
    LAN needs for the rest of its traffic.

    Notice the two examples below. The links between switches is effectively the
    "backbone" of the LAN and that is where the trouble will happen. In the "bad"
    example the link between the switch-1 and switch-2 takes all the load of both
    the users and the video traffic. Then in the "good" examples they have separate
    virtual curcuits. They do share the switch-1 but the traffic is kept separated
    by the functionality of the switch and the only "shared" portion is the
    backplane of the switch and a good switch can handle that just fine.

    -Bad-
    LAN Server
    |
    <switch 1>---Vid Server B
    |
    <switch 2>---Vid Server A
    |
    <users>

    -Good-
    LAN Server
    |
    Vid Server A---<switch 1>---Vid Server B
    |
    <switch 2>
    |
    <users>

    -Also Good-
    LAN Server
    |
    Vid Server A---<switch 1>---Vid Server B
    |
    <users>


    There are ways to do two different physical LANs with a Router connecting the
    two but that introduces possibly complex "Naming" issues with multi homing. If
    more than one of these involved video serverhave two nics and sit on both LANs
    at the same then there is going to be big problems getting the machine to be
    identified by the proper IP# for each particular process which will in turn
    effect the physical path taken by traffic generated by that process.

    --
    Phillip Windell
    www.wandtv.com

    The views expressed, are my own and not those of my employer, or Microsoft, or
    anyone else associated with me, including my cats.
    -----------------------------------------------------
     
    Phillip Windell, Apr 4, 2007
    #5
  6. Dan

    Dan Guest

    My original post attached ofter this reply: Actually these are DV Servers
    that store surveillance video 24/7. There is a total of 32 PTZ cams, that
    are always recording. So the rest of my Domain suffers greatly due to our
    fine security dept. I actually built the video system as well as the domain
    and all things tech related. The recording on these servers is stored as
    ..avi data and wham, accross the pipes it goes at approx 400-500 GB per 24
    hour period uggghhh to a Windows Server 2003 R2 with multiple RAID 5 TB
    arrays. (Not Windows Storage Server) on a simple 192.168.1.xxx IP network
    (60 hosts).
    Here is first Post:
    Here is my question, I have a small network consisting of 60
     
    Dan, Apr 4, 2007
    #6
  7. Dan

    Dan Guest

    Oh my gosh, your in Decatur, I am in Boston but I grew up in Springfield!!!
    My family is all out there in your area, small world.
     
    Dan, Apr 4, 2007
    #7
  8. Dan

    Bill Grant Guest

    As Phillip has pointed out, it is vital that you get the network topology
    right. Let us know what you have in mind. NB Do not run RRAS on a DC!

    To answer your original question, just enabling IP routing doesn't mean
    that two subnets actually route. It works automatically in the (trivial)
    case where the router is the default gateway for both segments. eg

    192.168.1.x dg 192.168.1.254
    |
    192.168.1.254 dg blank
    RRAS
    192.168.2.254 dg blank
    |
    192.168.2.x dg 192.168.2.254

    If an existing subnet is using some other gateway, such as an Internet
    router, the two segments do not route. Traffic for the new subnet will go
    the Internet router by default. This router has no idea where this subnet is
    and will probably drop the packet because it has a private IP address. You
    need extra routing in this subnet to get traffic for the new subnet to the
    RRAS router instead of the Internet gateway.

    You could add a static route to every machine in the subnet to route
    traffic for 192.168.2.0/24 to the RRAS router. A simpler solution is to add
    the route to the gateway router. When this router receives a packet for the
    new private subnet it redirects it to the RRAS router (because it now knows
    how to do that). In addition it sends an ICMP redirect to the sending
    machine to tell it the correct router to use to find this machine. The LAN
    machines "learn" the correct router to use to find the "new" subnet. eg

    Internet
    |
    gateway router
    192.168.1.1 {static route 192.168.2.0 255.255.255.0 192.168.1.254}
    |
    192.168.1.x dg 192.168.1.1
    |
    192.168.1.254 dg 192.168.1.1
    RRAS
    192.168.2.254 dg blank
    |
    192.168.2.x dg 192.168.2.254

    Both subnets can access the Internet through the gateway router but they
    can also route from one private subnet to the other.
     
    Bill Grant, Apr 5, 2007
    #8
  9. Cool! And our Corp HQ is in your back yard (Providence, RI) and I may even be
    up that direction this summer, possibly even twice.


    --
    Phillip Windell
    www.wandtv.com

    The views expressed, are my own and not those of my employer, or Microsoft, or
    anyone else associated with me, including my cats.
    -----------------------------------------------------
     
    Phillip Windell, Apr 5, 2007
    #9
  10. Dan

    Dan Guest

    OK, so be that as it may.... Here is what I have in place now, basically your
    secornd scenario

    Internet
    |
    Gateway Router (192.168.1.1)
    |
    192.168.1.xxx LAN dg 192.168.1.1/24

    simple right.... ok so here is what I did setting up an RRAS box and please
    show me where I went wrong.

    Internet
    |
    Gateway Router (192.168.1.1)
    |
    192.168.1.xxx/24 dg 192.168.1.1
    |
    192.168.1.50/24 dg 192.168.1.1 (connnected to a LAN switch 192.168.1.xxx LAN)
    RRAS
    192.168.2.1/24 dg blank (connected to yet another LAN switch for this test
    client, switch NOT uplinked to above switch just test client and the
    192.168.2.1 NIC )
    |
    192.168.2.xxx/24 dg 192.168.2.1

    That being said, this is the exact IP config on my test box
    192.168.2.5 dg 192.168.2.1
    I cannot see the 192.168.1.xxx LAN whatsoever.
    I cannot ping the Internet router nor anything on that LAN.
    I did a route add 192.168.1.0 dg 192.168.2.1 thinkin that I will send the
    traffic to the 192.168.2.1 interface (which of course see's the 192.168.1.xxx
    segement)
    and still no go
    From the RRAS box however I can ping the 192.168.2.5 test box hmmmmmm??????
    What am I doing wrong, how should I configure my clients on the
    192.168.2.xxx network, how should I configure RRAS on the Server, and what
    needs to be done on the 192.168.1.xxx clients if anything.
    Any knowledge or help would benefit me greatly!!! Uggghhh
     
    Dan, Apr 5, 2007
    #10
  11. Dan

    Dan Guest

    I have tried all that Bill sugests and cannot see anything on the
    192.168.1.xxx LAN from the test box 192.168.2.5 dg 192.168.2.1 uggghhhh.
    Here is the test box's routes
    H:\>route print
    Interface List
    0x1 ........................... MS TCP Loopback interface
    0x10003 ...00 13 72 14 5c 99 ...... Broadcom NetXtreme 57xx Gigabit Controller
    Active Routes:
    Network Destination Netmask Gateway Interface Metric
    0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.5 1
    127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
    192.168.2.0 255.255.255.0 192.168.2.5 192.168.2.5 20
    192.168.2.0 255.255.255.0 192.168.2.1 192.168.2.5 1
    192.168.2.5 255.255.255.255 127.0.0.1 127.0.0.1 20
    192.168.2.255 255.255.255.255 192.168.2.5 192.168.2.5 20
    224.0.0.0 240.0.0.0 192.168.2.5 192.168.2.5 20
    255.255.255.255 255.255.255.255 192.168.2.5 192.168.2.5 1
    Default Gateway: 192.168.2.1
    ===========================================================================
    Persistent Routes:
    None
     
    Dan, Apr 5, 2007
    #11
  12. Dan

    Bill Grant Guest

    There is nothing wrong with that config. But as I said, the routing
    problem isn't in that subnet. Everything in that subnet will go to the RRAS
    router by default.

    After you ensure that RRAS is enabled as a LAN router, add a static
    route to one of the workstations in the 192.168.1 subnet so that it sends
    traffic for 192.168.2.0 to the RRAS router. (192.168.2.0 255.255.255.0
    192.168.1.n)

    where 192.168.1.n is the local IP address of the RRAS router.

    You should now be able to ping that particular workstation by IP from your
    test box in the other subnet.
     
    Bill Grant, Apr 6, 2007
    #12
  13. You're still pursuing Layer3 Routing as the solution after all I have said. I
    am not "going there",...I don't think that is the right solution. A Layer3
    routing sollution is going to be a lot of work and will require a LAN Design
    change,...my solution does not, beyond maybe changing a cable run or two.

    --
    Phillip Windell
    www.wandtv.com

    The views expressed, are my own and not those of my employer, or Microsoft, or
    anyone else associated with me, including my cats.
    -----------------------------------------------------
     
    Phillip Windell, Apr 6, 2007
    #13
  14. Dan

    Dan Guest

    Noted, I am tending to fully agree. So, that being said our topology
    involves 2 buildings, same property. I have a fiber optic connection at 1
    Gbps between the two buildings and 1 Gbps media converters leading to Gbps
    switches on each side. Now obviously all LAN clients use this as their
    medium to the servers, so.....same wire correct??? One server lives in bldg.
    1 the Core servers all live in building 2. The one server that lives in bldg
    1 sends all this data accross the wire to bldg2 (core servers) where the data
    is being stored. The other video server of course lives with the storage
    server and on same switch so not really a complex fix there. I guess what I
    need is to figure out how to isolate the Server in bldg1 and Layer 2 switch
    it so that these server share the same wire. Ugggh how can I do this if the
    Fiber keeps them together and joins the LAN???? That data will always need
    that pipe. I cannot move that server in bldg 1, it is hardwired to a 32
    channel DVR, and tons o cable runs throughout complex. Im wondering if I
    should add another Fiber run accoss the property, and designate it as a
    "backbone" of sorts, still keeping uplinks to LAN of course...hmmmmmm any
    sugestion on this Philip, you seems quite knowledgable on this topic and your
    help is greatly appreciated Thanks,
     
    Dan, Apr 6, 2007
    #14
  15. Ok, I see what you are saying there. Unfortunately with only one physical link
    between the buildings with a relevant server (relevant to the problem) being on
    each end of the line you are kind of screwed. It doesn't matter if you do
    Layer2 or Layer3,...it is still the same physical wire. The Layer3 solution
    would be forced to be VLans because that is the only way to run multiple subnets
    over the same medium apart from Multi-Netting,...and VLans don't help,...because
    you are still running over the same physical wire and it is the physical wire
    that is being saturated.

    The only solution I see is to either have two lines between the buildings, or
    move the srver so that the relevant servers involving this video stuff are all
    in the same building so the line between the buldings is not being used for the
    traffic they generate.

    So it seems the problem boils down to a physical topology issue that is only
    going to be resolved by physical topology changes,...even if that change is
    nothing more than changing the physical location of a server. Once that is
    taken care of, a good Layer2 design will take care of the rest.

    --
    Phillip Windell
    www.wandtv.com

    The views expressed, are my own and not those of my employer, or Microsoft, or
    anyone else associated with me, including my cats.
    -----------------------------------------------------
     
    Phillip Windell, Apr 6, 2007
    #15
  16. If you are able to add a second fiber link dedicated for that purpose that
    sounds like a great solution. You just have to think through very carefully how
    it all wires up so you don't create and unintended loops anywhere. STP on the
    switches will take care of the accidental switching loops, but exactly how they
    do that is not likely to work in your favor, so you need to make sure it doesn't
    happen.

    Also with two links between the buildings, a Layer3 solution may become a good
    idea,..but right now I really can't say for sure. If the cabling gets very
    complex I doubt I would ever get a clear view of it in my mind to be able to
    deal with it "blind" with a newsgroup message.


    --
    Phillip Windell
    www.wandtv.com

    The views expressed, are my own and not those of my employer, or Microsoft, or
    anyone else associated with me, including my cats.
    -----------------------------------------------------
     
    Phillip Windell, Apr 6, 2007
    #16
  17. Here are some crude diagrams if the email reader don't destroy them....

    It could mean that you'd have to sever the users in building1 from the DVR
    equipment and then have them go across to building2 over the original fiber then
    come back to building1 over the second fiber. It actually makes more sense if
    you ignore the fact that you have two buildings and just look at the LAN
    Topology itself.

    [DVR Server] [core servers]
    \ /
    <switch>
    / \
    [---building #2---]
    | |
    new fib orig fiber
    | |
    [---building #1---]
    | |
    <switch> <switch>
    | |
    [DVR stuff] [users]

    The link that would have existed in building #1 directly between the users and
    the DVR stuff would have to be severed:

    [DVR stuff]-----xx severed xx-----[users]

    So any users trying to get specifically to the DVR stuff (assuming very many
    even do that) would have to travel in a "U" shape over to #2 and then back to
    #1. Since most of what the bulk of the users would probably do would only
    involve them and the Core Servers in building#2 over the original link,...the
    DVR traffic on Link#2 would not effect them.

    And in the end,...this could still be all done at Layer2 so no Routers need to
    be created or deployed. But I don't deny that there may come a time when a
    Layer3 solution is justified.

    If you strip out the comlexity that the buildings introduce into the diagram
    what you really have is just this which is the Layer2 "view" of it:

    [DVR Server] [core servers]
    \ /
    <switch> <---Virtual circuits within
    / \ switch separate traffic
    <switch> <switch>
    | |
    [DVR stuff] [users]



    When you used to have this:

    [DVR Server]--<switch>--[core servers]
    |
    | <---overload here
    |
    [DVR stuff]--<switch>--[users]


    --
    Phillip Windell
    www.wandtv.com

    The views expressed, are my own and not those of my employer, or Microsoft, or
    anyone else associated with me, including my cats.
    -----------------------------------------------------
     
    Phillip Windell, Apr 6, 2007
    #17
  18. Dan

    Dan Guest

    Im slowly going over your response in detail...I guess my description of
    topology was fine becuase you painted a very accurate picture. I am creating
    a "new" fiber tunnel with media converters 10/100. I will keep the existing
    at 1 Gbps, which will be used as a "backbone" of sorts. The 10/100 tunnel is
    in place now, I am trying to get a fix on the best place to dump the users so
    thaty they are not using the Gbps whatsoever. I guess Ill drop the 10/100
    entire segment on the Core switch in Bldg2. So of course there will be a
    circuit for this uplink (10/100). So all LAN traffic will ultimately be
    using the 10/100 segment, while the backbone will be talking in Gbps. So in
    essence the U shape takes effect here ahhhh haaaa. Perfect!!! All that DVR
    stuff will now come over on the Gbps pipe. So if I look at this as you say,
    in a flat fashion as opposed to 2 bldgs it makes absolute perfect sense. I
    guess I was doing "Heart surgery on a hangnail".....Your expertise is
    absolutely outstanding, and hopefully I can put an end to all of my users
    misery!!!!! Im going to throw the switch sometime today, and Ill keep you
    posted Phillip on my progress here. Many many thanks!!!!

     
    Dan, Apr 9, 2007
    #18
  19. Ok, very good! Good luck with it Dan!

    --
    Phillip Windell
    www.wandtv.com

    The views expressed, are my own and not those of my employer, or Microsoft, or
    anyone else associated with me, including my cats.
    -----------------------------------------------------

     
    Phillip Windell, Apr 9, 2007
    #19
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.