Sign in
 
HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums
Windows Server TechCenter >
Packet forwarding with 2 NICs and a router: subnet mismatch

Unanswered Packet forwarding with 2 NICs and a router: subnet mismatch

  • Saturday, January 03, 2009 2:09 AM
     
     
    Sign In to Vote
    0

    A server has 2 NICs for Load Balancing.

    THE PROBLEM: replies come back from NIC1 using IP of NIC2, which is on a different subnet with the gateway, so the gateway drops the packet. A packet capture on the router looks like this:

    src=[user ip], dest=[wan ip], port-src=4568, port-dest=80, action=forward to 192.168.2.5 (to NLB IP by NAT rule)
    src=[192.168.2.5], dest=[192.168.1.1], port-src=80, port-dest=4568, action=drop (diff. subnet)

    How can I force NIC1 to forward the packet using its own IP (192.168.1.2)?
    Any better ideas? 


    NIC1 is the primary NIC
    IP: 192.168.1.2
    DNS: 192.168.1.10
    Gateway: 192.168.1.1
    NetBIOS: yes

    NIC2 used for NLB
    IP: 192.168.2.2(dedicated), 192.168.2.5 (NLB)
    DNS:
    Gateway:
    NetBIOS: no
    Packet forwarding: enabled

    Both sit behind a firewall with 2 LAN interfaces: IntA (192.168.1.1) and IntB (192.168.2.1).
    All port 80 traffic goes like this:
    User IP -> WAN -> IntB ->SwitchB-> [NIC2 -> NIC1] ->SwitchA -> IntA -> WAN -> User IP
    The reason it's split into 2 segments is because of the flooding NLB creates. To minimise the load all replies are sent back via a different switch.
     

All Replies

  • Wednesday, January 07, 2009 4:17 PM
     
     
    Sign In to Vote
    0
    Hi,

    let me see if I have understood your packet flow correctly.

    Incoming:

                                      NAT - Firewall
                                        |
    User IP --> WanIP:80  |  Internal-IP (192.168.2.5:80)
                                        |

    Here the incoming flow ends. Your packet is than replied using its default gateway (192.168.1.1) but from (192.168.2.5) that is correct, because it is the adressed IP->wrong Subnet-> packet dropped.

    You are saying you have flooding problems, so I guess you are using unicast mode. You will reduce your flooding by using multicast and if your switches are capable, you can additionally activate IGMP.

    You can modify your gateway to 192.168.2.5 and team your second nic, if possible.

    Hope this helps.
    ThorstenWujek
     
  • Tuesday, January 13, 2009 2:12 AM
     
     
    Sign In to Vote
    1
       xminet,

          Here is a posting from the server.networking ng about a similar problem which may help you.

       

    Quote:

    I figured out with a call to Microsoft Tech support.

    Windows 2008 introduces a "strong host model" that doesn't allow the
    different NICs to talk to each other.  For example, if a request comes in on
    the 2nd NIC and there's no default gateway setup, then the NIC will not use
    the 1st NIC to reply to the requests.  (even though there's a default gateway
    setup on that 1st NIC). 

    In order to change that behaviour and go back to a 2003 model, you go to the
    command prompt and then you type:

    netsh interface ipv4 set interface NLB weakhostreceive=enable
    netsh interface ipv4 set interface NLB weakhostsend=enable

    (where NLB is the name of the network interface... default is Local Area
    Connection)

    As an alternative, you can set a default gateway on the 2nd NIC but that can
    introduce more problems where the system doesn't know which way to send
    traffic.  MS said that I could set the metric to 2 on the 2nd NIC and that
    way it will only be used if the 1st NIC is unavailable.

    http://technet.microsoft.com/en-us/magazine/2007.09.cableguy.aspx

    Unquote:

    Bill