none
LAN to LAN routing

    Question

  • Hello!

     

    I've decide to test the new windows server 2008 with hyper-v and sps and sql 2008 and so on....

    So I've installed a windows server 2008 server core to my pc: intel q6600 proc. 4 GB RAM.

    I've configured it to DC, Hyper-v, DNS, WINS.

    In my plan I wanted to build a testlab in virtual environment, with one windows server 2008 router:

    The host I named "SRV" can access my LAN (10.1.3.0/24), The router (one of several virtual machines on hyper-v) has two NICs, one for accessing my LAN (10.1.3.0/24), and one for the internal, virtual LAN (10.200.1.0/24), all of the rest virtual machines has only access to virtual LAN (10.200.1.0/24).

    So I've started with the router. I added the Network Policy and Access Services role, then configured the NICs, and the Routing and Remote Access server as plan router, no VPN or OnDemandDial. After that, I added the necessery static routes. In this state I can ping from router to both LAN and even to the Internet, from the LANs I can ping to the router only, but both sides of it. And I cannot ping from One LAN to the other. By the time I alredy disabled the firewall at all, and even enabled routing in registry (HKLM\...\Services\TCPIP\PARAMETERS\ipenableRoute->1 but it didn't solve the problem. Can anyone help?

    The configs:

    SRV: 1 NIC: IP:10.1.3.16,

                      SN: 255.255.255.0

                      GW: 10.1.3.1 (My internet router)

     

    SQL: 1 NIC IP: 10.200.1.2 (One of the virtual machines)

                     SN: 255.255.255.0

                     GW: 10.200.1.1

     

    router: 1 NIC: IP: 10.1.3.200

                        SN: 255.255.255.0

                        GW:--------------------

               2 NIC: IP: 10.200.1.1

                         SN: 255.255.255.0

                         GW: --------------------

     

    Static routes:

     

    Router: dest: 10.1.3.0/24  GW: 10.1.3.200 interface: NIC 1

               dest: 10.200.1.0/24 GW: 10.200.1.1 interface NIC 2

               dest: 0.0.0.0/0 GW: 10.1.3.1   interface NIC 1

     

    Internet GW:

               dest: 10.200.1.0/24 GW: 10.1.3.200 interface LAN

     

    If I change any of the static routes, my ability to ping will change worst.

     

    present state:

     

    pings:

    from                  to                 result

    SRV            10.1.3.200              OK.

    SRV            10.200.1.1              OK

    SQL            10.200.1.1              OK

    SQL            10.1.3.200              OK

    router          10.1.3.16                OK

    router          10.200.1.2              OK

    SRV            Internet                  OK

    router          Internet                  OK

    SRV           10.200.1.2              Timeout

    SQL           10.1.3.16                 Timeout

    SQL            Internet                   No name resolution, timeout

    Friday, April 04, 2008 6:09 PM

Answers

  •    I would not have made the host a DC. Microsoft recommends that you do not run any other role on the host, just Hyper-V. Run a vm as your DC. I find it best to leave the host out of the routing setup as well.

     

     The routing problem has nothing to do with Hyper-V, and you cannot fix it by adding routes to the router. The problem is to do with your default routes, and to fix it you need extra routing on your Internet gateway router at 10.1.3.1. 

     

      The default gateway of your internal network is the RRAS router, which is good. What is the default route for your machines in the 10.1.3.x network?  It is 10.1.3.1 .  Routing between the two subnets fails because the default router at 10.1.3.1 does not know where 10.200.1.0/24 is!  The traffic never gets to the RRAS router.

     

    If you add a static route to your gateway router to redirect traffic for 10.200.1.0/24 to the RRAS router it should work. This should also give you an Internet connction from the !0.1.3.0 subnet because the gateway router will now know how to deliver packets to that network (through the RRAS router).

     

     eg   10.200.1.0   255.255.255.0  10.1.3.200

     

    You do not need any static routes on the RRAS server. The default gateway on the "public" NIC should be 10.1.3.1 and the default gateway on the "private NIC should be blank. That is all the info it needs.

     

    The setup looks like this

     

    Internet

    |

    gateway router   10.1.3.1   (static route 10.200.1.0   255.255.255.0   10.1.3.200)

    |

    public NIC    10.1.3.200     dg   10.1.3.1

    RRAS

    private NIC     10.200.1.1    dg   blank

    |

    private LAN machines  10.200.1.x    dg   10.200.1.1

     

     

    Note that if you are using Active Directory, all domain members should use only the DC for DNS, and this DNS server should be configured to forward to a public DNS to resolve external URLs.

     

     

     

    Saturday, April 05, 2008 5:59 AM

All replies

  •    I would not have made the host a DC. Microsoft recommends that you do not run any other role on the host, just Hyper-V. Run a vm as your DC. I find it best to leave the host out of the routing setup as well.

     

     The routing problem has nothing to do with Hyper-V, and you cannot fix it by adding routes to the router. The problem is to do with your default routes, and to fix it you need extra routing on your Internet gateway router at 10.1.3.1. 

     

      The default gateway of your internal network is the RRAS router, which is good. What is the default route for your machines in the 10.1.3.x network?  It is 10.1.3.1 .  Routing between the two subnets fails because the default router at 10.1.3.1 does not know where 10.200.1.0/24 is!  The traffic never gets to the RRAS router.

     

    If you add a static route to your gateway router to redirect traffic for 10.200.1.0/24 to the RRAS router it should work. This should also give you an Internet connction from the !0.1.3.0 subnet because the gateway router will now know how to deliver packets to that network (through the RRAS router).

     

     eg   10.200.1.0   255.255.255.0  10.1.3.200

     

    You do not need any static routes on the RRAS server. The default gateway on the "public" NIC should be 10.1.3.1 and the default gateway on the "private NIC should be blank. That is all the info it needs.

     

    The setup looks like this

     

    Internet

    |

    gateway router   10.1.3.1   (static route 10.200.1.0   255.255.255.0   10.1.3.200)

    |

    public NIC    10.1.3.200     dg   10.1.3.1

    RRAS

    private NIC     10.200.1.1    dg   blank

    |

    private LAN machines  10.200.1.x    dg   10.200.1.1

     

     

    Note that if you are using Active Directory, all domain members should use only the DC for DNS, and this DNS server should be configured to forward to a public DNS to resolve external URLs.

     

     

     

    Saturday, April 05, 2008 5:59 AM
  • I already set that stac route at my internet gw, as You can read in the static routes section of my orig post. But the rest I will try

    Sunday, April 06, 2008 4:43 PM
  • I set the rest :

    "You do not need any static routes on the RRAS server. The default gateway on the "public" NIC should be 10.1.3.1 and the default gateway on the "private NIC should be blank. That is all the info it needs."

     

    But it ain't working!

     

    Ping results with this settings:

    from              to               result

    10.1.3.200    10.1.3.16         OK.

    10.1.3.200    10.200.1.2       OK.

    10.200.1.2    10.1.3.16         Timeout

    10.1.3.16      10.200.1.2       Reply from 10.1.3.200: TTL expired in transit

     

    from 10.1.3.16

    tracert 10.200.1.2

    1ms         1ms       1ms      10.1.3.1

    1ms          *           1ms      10.1.3.200

    1ms          *           1ms      10.1.3.1

    1ms          *           1ms      10.1.3.200

    and so on while I press CTRL-C

     

    Sunday, April 06, 2008 4:55 PM
  •   Very odd! tracert going into a loop is a bad sign.

     

    Have you tried disabling RRAS and running the setup wizard again to enable just LAN routing?

     

    RRAS works fine on my 2008x64 server for both LAN routing and NAT.

     

     The only other thing I can think of to try is to disable TCP offloading on the NICs of the router. This has caused problems with some folks. 

    Monday, April 07, 2008 2:36 AM
  •  rrasguy wrote:

     

     The only other thing I can think of to try is to disable TCP offloading on the NICs of the router. This has caused problems with some folks. 

     

    How can I set this one?

    Monday, April 07, 2008 6:58 AM
  • From Device Manager|Nic Properties|Advanced

     

    Monday, April 07, 2008 8:13 AM
  • In the Device manager among NICs I have only Microsoft VMBus network adapters, and in its advanced tab there is only Network address, and nothing else.

    Monday, April 07, 2008 4:57 PM
  •    Sorry about that.  You are correct, you can't do it that way on a VMBus NIC. You would probably need to do it from the registry.

     

    I have seen postings about Receive Side Scaling and Task offload also causing problems with router NICs. This was a problem with SP2 for Servr 2003 in RRAS and ISA server. 

     

      

    Thursday, April 10, 2008 2:37 AM