none
How to stop Direct Access Server to advertise the Default Route, since this slows down IE Connections

    Question

  • Hi,

    we have the following problem.

    In our network we deployed IPv6 with Unicat Local Addresses. We deployed Server 2008 R2 with Direct Access. Connections all work fine.

    After Reboot the DA Server advertises the Default Route. And this slows down all IE Website Connections !

    PS C:\Windows\system32> netsh
    netsh>int ipv6
    netsh interface ipv6>sh route

    Veröff.  Typ       Met   Präfix                    Idx  Gateway/Schnittstelle
    -------  --------  ----  ------------------------  ---  ---------------------
    Ja       Manuell   1100  ::/0                       16  2002:c058:6301::c058:6301
    Nein     Manuell   256  ::1/128                     1  Loopback Pseudo-Interface 1
    Nein     Manuell   8    2001::/32                  14  Teredo Tunneling Pseudo-Interface
    Ja       Manuell   1000  2002::/16                  16  6TO4 Adapter
    Nein     Manuell   256  2002:c279:cb51::c279:cb51/128   16  6TO4 Adapter
    Ja       Manuell   256  2002:c279:cb51:2::/64      15  IPHTTPSInterface
    Nein     Manuell   256  2002:c279:cb51:2::/128     15  IPHTTPSInterface
    Nein     Manuell   256  2002:c279:cb51:2:f227:5217:dd63:dc27/128   15  IPHTTPSInterface
    .............

    I then stop this with:
    set route prefix="::/0" 16 publish=no store=pers

    with the result:

    Veröff.  Typ       Met   Präfix                    Idx  Gateway/Schnittstelle
    -------  --------  ----  ------------------------  ---  ---------------------
    Nein     Manuell   1100  ::/0                       16  2002:c058:6301::c058:6301

    BUT, after Reboot the route will still be advertised.

    I have in addition tried to delete the route. After Reboot still the same.

    How we can solve this problem ?

    What is the technical background?

    Thanks

    Ewald

    Monday, December 10, 2012 3:28 PM

Answers

  • Hi,

    I'm not familiar with direct access. But in VPN, there is an option "Use default gateway on remote network" which could be enabled or disabled on the client side. It could be set in the properties of the VPN connection on the client. If the option is enabled, there will be a default route which points to the VPN server created. If the option isn't disabled, there will not be such default route created. I suggest you can also check if there is also the option in the properties of the direct access connection.

    Best Regards

    Scott Xie


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Thursday, December 20, 2012 9:48 AM

All replies

  • Hi,

    Thank you for your question.
    I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.

    Thank you for your understanding and supports.


    Best Regards,
    Aiden


    Aiden Cao
    TechNet Community Support


    Friday, December 14, 2012 3:18 AM
    Moderator
  • Hi,

    I'm not familiar with direct access. But in VPN, there is an option "Use default gateway on remote network" which could be enabled or disabled on the client side. It could be set in the properties of the VPN connection on the client. If the option is enabled, there will be a default route which points to the VPN server created. If the option isn't disabled, there will not be such default route created. I suggest you can also check if there is also the option in the properties of the direct access connection.

    Best Regards

    Scott Xie


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Thursday, December 20, 2012 9:48 AM
  • I'm not sure that it still actual, but in my case I run following command:
    netsh int ipv6 set int 16 advertisedefaultroute=disabled store=persistent
    where "16" - interface index
    Sunday, January 18, 2015 5:50 PM
  • 1. You sould check Client's "route print -6" to find the correct IPv6 address of the Gateway.

    In my configuration it was ISATAP interface on DirectAccess router, which advertised ::/0 Default.

    2. Use these commands on DirectAccess server to define the right interface number this IPv6-address is attached to:

    ipconfig
    netsh int ipv6 show int

    Generally, ISATAP uses IfIndex 16.

    3. As proposed by Konstatin, this command permamently disables advertising IPv6 Default route on the interface.

    netsh int ipv6 set int X advertisedefaultroute=disabled store=persistent

    4. In my case it didn't change the running configuration. I checked it by command:

    netsh int ipv6 show int X
    Advertise default route : enabled

    So I had to double the effect with this command:

    netsh int ipv6 set int X advertisedefaultroute=disabled

    Restarting Client's interface confirmed there's no ::/0 in client's routing table and Google opens instantly via IPv4.  I think I just should have waited for a while :)

    • Proposed as answer by i3laze_ Tuesday, October 27, 2015 10:48 AM
    • Edited by i3laze_ Tuesday, October 27, 2015 10:55 AM
    Tuesday, October 27, 2015 10:43 AM