none
Router with one DHCP and one static IP doesn't route

    Question

  • Hi, all,

    this post I already published in the Windows 2012 General forum but I need more info or advice:

    http://social.technet.microsoft.com/Forums/windowsserver/en-US/add7b68c-ea88-434a-bb06-37edf524399a/router-with-one-dhcp-and-one-static-ip-doesnt-route?forum=winserver8gen

    I observed some strange behavior in my VM environment on my Laptop; perhaps somebody can give me a hint what I did wrong.

    Scenario:

    - Laptop "Host" (Alienware M18x, 32 GB RAM) with Windows Server 2012 R2, connected to Internet via WLAN
        - WLAN IP address supplied by DSL router via DHCP: 192.168.1.100/24, Gateway 192.168.1.1
        - HyperV Server
           - External Switch (Virtual Switch Manager: "External network" directing to the WLAN adapter)
           - Internal Switch (Virtual Switch Manager: "Internal network")
           - Bridge between external switch and WLAN adapter
           - Two virtual machines
              - "Router": Is intended to route network traffic between external switch/"Host" and the internal switch/private network and the machine called
                 - 1 NIC connected to External Switch with DHCP (right now: IP address 192.168.1.101/24, Gateway 192.168.1.1)
                 - 1 NIC connected to Internal Switch using a static IP address (10.0.0.1/8)
                 - Not member of the domain
                 - RRAS configured
              - "DC": Domain Controller
                 - 1 NIC connected to Internal Switch using a static IP address (10.0.0.2/8), Gateway (10.0.0.1)
     - DSL Router as WLAN access point, Gateway, IP address 192.168.1.1

    Scenario checked by four crying eyes!

    Problem:

    On machine "Router":

    ping 192.168.1.101 ("Router"): OK
     ping 192.168.1.101 ("Host"): OK
     ping 192.168.1.1 ("DSL Gateway"): OK
     ping 10.0.0.1 ("Router"): OK
     ping 10.0.0.2 ("DC"): OK

    On machine "Host":

    ping 192.168.1.100 ("Host"): OK
     ping 192.168.1.101 ("Router"): OK
     ping 10.0.0.1 ("Router"): fail
     ping 10.0.0.2 ("DC"): fail

    On machine "DC": Can also ping the external Network on "Router" but not more!

    ping 192.168.1.100 ("Host"): fail
    ping 192.168.1.101 ("Router"): OK
     ping 10.0.0.1 ("Router"): OK
     ping 10.0.0.2 ("DC"): OK

    So the router seems not to route the requests!

    If I provide only static IP addresses on "Router", everything works fine!

    Routing table on machine "Router":

    ===========================================================================
     Interface List
      14...00 15 5d 01 a6 12 ......Microsoft Hyper-V Network Adapter #2
      12...00 15 5d 01 a6 11 ......Microsoft Hyper-V Network Adapter
       1...........................Software Loopback Interface 1
      13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
      15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
     ===========================================================================

    IPv4 Route Table
     ===========================================================================
     Active Routes:
     Network Destination        Netmask          Gateway       Interface  Metric
               0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.101      5
              10.0.0.0        255.0.0.0         On-link          10.0.0.1    261
              10.0.0.1  255.255.255.255         On-link          10.0.0.1    261
        10.255.255.255  255.255.255.255         On-link          10.0.0.1    261
             127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
             127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
       127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
           192.168.1.0    255.255.255.0         On-link     192.168.1.101    261
         192.168.1.101  255.255.255.255         On-link     192.168.1.101    261
         192.168.1.255  255.255.255.255         On-link     192.168.1.101    261
             224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
             224.0.0.0        240.0.0.0         On-link          10.0.0.1    261
             224.0.0.0        240.0.0.0         On-link     192.168.1.101    261
       255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
       255.255.255.255  255.255.255.255         On-link          10.0.0.1    261
       255.255.255.255  255.255.255.255         On-link     192.168.1.101    261
     ===========================================================================
     Persistent Routes:
       None

    IPv6 Route Table
     ===========================================================================
     Active Routes:
      If Metric Network Destination      Gateway
       1    306 ::1/128                  On-link
      12    261 fe80::/64                On-link
      14    261 fe80::/64                On-link
      12    261 fe80::a563:3e0:59c2:dd43/128
                                         On-link
      14    261 fe80::bc08:ec19:6ec:39f8/128
                                         On-link
       1    306 ff00::/8                 On-link
      12    261 ff00::/8                 On-link
      14    261 ff00::/8                 On-link
     ===========================================================================
     Persistent Routes:
       None

    Goal:

    I want to grant "DC" Internet Access as well as access to network shares on "Host".

    But I need my external network to connect to any Network (DSL Router or other Interfaces), wherever I am working with my laptop. This means the IP address changes quite often. Still I do not want to check or reconfigure the router the moment I connect to a network.

    Does anyone have an idea what might have gone wrong? Any configuration I've missed?

    In my post in the Windows Server General forum the user Bill suggested me to configure extra routing. What do I have to do there?

    Best regards

    Jens-Peter


    None


    Thursday, December 26, 2013 12:09 PM

Answers

  • Hi,

    If I understand you correctly, the culprit might be the host PC or your DSL router. In this environment the host PC and DSL router don’t know the existence of network 10.0.0.0/8.

    So when you ping 10.0.0.x/8, the packet will be sent to DSL router. And I suppose the router do not have the ability of learning routing from neighbor routers. So the packets will be discarded.

    To resolve the issue, you can manually add a route entry on your host PC. Use parameter –p to add a permanent entry.

    Add a static IP route

    http://technet.microsoft.com/en-us/library/cc757323(v=ws.10).aspx

    In addition, command tracert or pathping may be helpful in this situation.

    Hope this helps.  

    Friday, December 27, 2013 6:55 AM
  •   To expand on what Daniel said, this is a common misconception of how IP routing works. Routing works fine by itself if there is only one router and all devices use that router as the default gateway. All traffic which is not local to the subnet is sent to the router, which  delivers it in the target subnet. As soon as you introduce multiple routers and multiple default gateways, default routing fails and you need additional routing information to get traffic where it needs to go. The basic way to do that is static routes.

      In your case, the default gateway of the 10. network is the RRAS router which is fine. The default gateway o the 192.168.1 network is the DSL router and its default route is out to the Internet, not to the RRAS router. Traffic will go from the 10. network to the 192.168.1 network by default routing but traffic from 192.168.1 will not go by default to the 10. network, so routing between them fails.

      As Daniel said you can get routing working by adding a static route to the Internet router to get traffic from 192.168.1 to 10. (this is how my home network is configured), but that ruins your plan to move the laptop to different networks using different routers.

      The way to get routing going without adding any static routes is to use NAT routing on the RRAS router. Routing now works because all traffic originating in the  10. network crossing the 192.168.1 network is using the 192.168.1 address of the NAT router. Similarly traffic to the 10. network from 192.168.1 is also using the NAT router's 192.168.1 address until it reaches that router. The NAT router then delivers the traffic in the 10. network.

      I am not sure why you want to transfer data between the host and the vms, but it will not work well across NAT. If you really want that to work, I would disconnect the host from the physical network and force it to use the NAT router. If your host only has one NIC you can do this by clearing the "Allow management..." checkbox on your external virtual switch. Only the RRAS router will now have direct access to the physical network and the Internet.

      To get Internet access for the host, configure a 10.0.0.0/8 IP on the internal interface of the host with a default gateway of 10.0.0.1 . The host will now be in the same IP subnet as the vms, so file sharing is simple, and it will have Internet access through the NAT router.

       There is a bit of fine tuning you can do with DNS but that should get it working.


    Bill

    Friday, December 27, 2013 11:41 PM
  • I answered this in your other thread. Please try:

    ROUTE ADD 10.0.0.0 MASK 255.0.0.0 192.168.1.101

    ...on Host.

    I think this is what Bill said above.

    Thanks,

    -Greg

    Tuesday, December 31, 2013 10:50 AM

All replies

  • Hi,

    If I understand you correctly, the culprit might be the host PC or your DSL router. In this environment the host PC and DSL router don’t know the existence of network 10.0.0.0/8.

    So when you ping 10.0.0.x/8, the packet will be sent to DSL router. And I suppose the router do not have the ability of learning routing from neighbor routers. So the packets will be discarded.

    To resolve the issue, you can manually add a route entry on your host PC. Use parameter –p to add a permanent entry.

    Add a static IP route

    http://technet.microsoft.com/en-us/library/cc757323(v=ws.10).aspx

    In addition, command tracert or pathping may be helpful in this situation.

    Hope this helps.  

    Friday, December 27, 2013 6:55 AM
  •   To expand on what Daniel said, this is a common misconception of how IP routing works. Routing works fine by itself if there is only one router and all devices use that router as the default gateway. All traffic which is not local to the subnet is sent to the router, which  delivers it in the target subnet. As soon as you introduce multiple routers and multiple default gateways, default routing fails and you need additional routing information to get traffic where it needs to go. The basic way to do that is static routes.

      In your case, the default gateway of the 10. network is the RRAS router which is fine. The default gateway o the 192.168.1 network is the DSL router and its default route is out to the Internet, not to the RRAS router. Traffic will go from the 10. network to the 192.168.1 network by default routing but traffic from 192.168.1 will not go by default to the 10. network, so routing between them fails.

      As Daniel said you can get routing working by adding a static route to the Internet router to get traffic from 192.168.1 to 10. (this is how my home network is configured), but that ruins your plan to move the laptop to different networks using different routers.

      The way to get routing going without adding any static routes is to use NAT routing on the RRAS router. Routing now works because all traffic originating in the  10. network crossing the 192.168.1 network is using the 192.168.1 address of the NAT router. Similarly traffic to the 10. network from 192.168.1 is also using the NAT router's 192.168.1 address until it reaches that router. The NAT router then delivers the traffic in the 10. network.

      I am not sure why you want to transfer data between the host and the vms, but it will not work well across NAT. If you really want that to work, I would disconnect the host from the physical network and force it to use the NAT router. If your host only has one NIC you can do this by clearing the "Allow management..." checkbox on your external virtual switch. Only the RRAS router will now have direct access to the physical network and the Internet.

      To get Internet access for the host, configure a 10.0.0.0/8 IP on the internal interface of the host with a default gateway of 10.0.0.1 . The host will now be in the same IP subnet as the vms, so file sharing is simple, and it will have Internet access through the NAT router.

       There is a bit of fine tuning you can do with DNS but that should get it working.


    Bill

    Friday, December 27, 2013 11:41 PM
  • Hi, Daniel, Bill,

    thank you fot your replies! Right now I am very restricted in terms of Internet but I hope to try out what you told me tomorrow. In any case I will answer you in the next two days. Thanks a lot for

     the time you spent answering!!

    Best regards JP


    None

    Sunday, December 29, 2013 9:44 AM
  • To add, here's a "visual" of how routing works, or specifically where static routes would be placed. (Click on it to see a larger image in a new window.)


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Monday, December 30, 2013 7:08 AM
  • I answered this in your other thread. Please try:

    ROUTE ADD 10.0.0.0 MASK 255.0.0.0 192.168.1.101

    ...on Host.

    I think this is what Bill said above.

    Thanks,

    -Greg

    Tuesday, December 31, 2013 10:50 AM
  • Hi, Greg, it didn't work.

    Maybe I have to look somewhere else. Meanwhile I am in a different network.

    I observed that both "Host" and "Router" had the same IP.

    On machine "Host" I have four network adapters:

    Ethernet: disabled (no cable)
    External: Virtual Ethernet adapter
    Internal: Virtual Ethernet adapter
    WiFi: WLAN adapter

    To enable a connection between the External (Virtual) network and the internet I configured a bridge between External and WiFi. Was that correct?
    Apparently I misunderstood something. And mixed it thoroughly up!

    I checked the picture of Ace Fekay and I did not see any bridge there.

    What I will try now:

    - Remove the bridge
    - add RRAS to the "Host" machine
    - see what I can misconfigure on "Host" in RRAS :->
    - Find information about what a bridge is intended for.

    If I do something very wrong or if there are some whitepapers (up to know I didn't find any that helped me) please give me a hint. I will inform you about my results.

    Best regards Jens-Peter :-)


    • Edited by Jens-Peter Giersch Thursday, January 02, 2014 1:25 PM Reapplied formatting because IE removed all white spaces.
    Thursday, January 02, 2014 1:14 PM
  • Hi, Ace,

    thank you for that depiction of routing between subnets. I will try it out for my scenario; the only problem I see is that I cannot use too many static routes because of differing network addresses at the gateway network. Some gateways work in the 192.168.2 network, some in the 192.168.100, some others in 192.168.1 etc.

    I will check where I can implement static routes.

    Best regards

    Jens-Peter :-)


    None

    Thursday, January 02, 2014 1:30 PM
  • Hi, all,

    I will follow the instructions in this article:

    http://social.technet.microsoft.com/wiki/contents/articles/185.hyper-v-how-to-run-hyper-v-on-a-laptop.aspx

    The use of the bridge is recommended; I will follow the instructions there and check the result.

    But maybe I misconfigured the "External adapter": They recommend to configure it as "Internal only".

    Best regards

    JP


    None

    Thursday, January 02, 2014 2:17 PM
  • Now I have a very interesting effect:

    I made sure I configured the virtual adapter as recommended:

    - Network adapter called "External" but configured it as "Internal".

    Problem:

    Still the NIC in "Router" is configured for DHCP. On executing "ipconfig /renew" it returns the error message:

    "...The DHCP client has obtained an IP address that is already in use on the network."

    Sounds to me as if the Gateway/DHCP server thinks that the request coming from "Router" is coming from "Host" and therefore reserves the same IP address for the virtual machine.

    Has someone an idea why?


    None


    Thursday, January 02, 2014 3:05 PM
  • Hi, all,

    I reconfigured the External switch to: "External Network" and checked the option "Allow management operating system to share this network adapter".

    "Router" then had internet access.

    After that I executed the ROUTE ADD statement provided by Greg adapted to the actual IP range: From host now I can ping all machines inside the virtual network.

    So far so good, thank you, Greg! So I have to add another ROUTE from virtual network to "Host" or "Gateway"?

    I cannot ping into the internet from within the virtual network. I guess that is due to a missing routing entry, correct?

    I will now check whether Bills' explanation will work out: I will add NAT to my internal router.

    Anyway: I still need to avoid manual ROUTE table entries or I need to implement a mechanism that automatically removes invalid ROUTE table entries and creates the necessary ones.


    None

    Thursday, January 02, 2014 3:53 PM
  • Hi, Bill,

    that really was a great explanation. I am checking out if I can get that running. Feedback later!

    Jens-Peter


    None

    Thursday, January 02, 2014 8:32 PM
  • Hi, Bill, Daniel, Greg,

    I marked all your contributions as answers.

    1. The static route worked. I could implement a workaround by adding static routes for all new WLANs; the more WLANs I use the better the chance of already having configured the necessary static route.

    2. I marked Bill's contribution as an answer even if I wasn't capable to implement the solution without any error. It sounded remarkably competent and I will try to implement it with my growing networking knowledge (thanx to you all ;-)). I will now try to check out how I have to configure NAT.

    Best regards

    Jens-Peter


    None

    Saturday, January 04, 2014 7:20 PM