W7 routing - traffic not going to default gateway

Question

I have a really strange Windows 7 IPv4 routing issue that I can't get to the bottom of.

The summary of the issue is that the default gateway is set to 192.168.254.253, but that it is actually using a default gateway of 192.168.254.254.

Here's a network diagram:

                     .-,(  ),-.    
                  .-(          )-. 
           .-----(    internet    )----.--------------------------.
           |      '-(          ).-'    |                          |
           |          '-.( ).-'        |                          |
           v                           v                          v
    .------------.                 .------.                   .------.
    | 10mb Fibre |                 | ADSL |                   | ADSL |
    '------------'                 '------'                   '------'
           |                           |                          |
           |                           |                          |
           v                           v                          v
.---------------------.     .--------------------.     .--------------------.
|     Juniper Box     |     | Draytek DSL Router |     | Draytek DSL Router |
|---------------------|     |--------------------|     |--------------------|
| (public IP address) |     | 172.16.0.x         |     | 172.16.0.x         |
'---------------------'     '--------------------'     '--------------------'
           |                           |                          |
           |                           |      .-------------------'
           |                           v      v
           v              .-------------------------.
  .-----------------.     | Draytek Dual WAN Router |
  |   Untangle GW   |     |-------------------------|
  |-----------------|     | 192.168.254.254         |
  | 192.168.254.253 |     '-------------------------'
  '-----------------'                  |
           |                           |
           |                           |
           v                           v
       ===================================
                       LAN                
       ===================================
         |                    |
         |                    |
         v                    v
.----------------.   .----------------.
| Windows 7 W/S  |   | Windows 7 W/S  |
|----------------|   |----------------|
| 192.168.254.38 |   | 192.168.254.77 |
'----------------'   '----------------'

This is a recently (a few weeks ago) converted fibre site with the original 2 DSL lines still attached and running. An Untangle (firewall) was installed with the fibre line.

Here is the affected PC network configuration:

C:\>ipconfig /allcompartments /all

Windows IP Configuration


==============================================================================
Network Information for Compartment 1 (ACTIVE)
==============================================================================
   Host Name . . . . . . . . . . . . : COMP36
   Primary Dns Suffix  . . . . . . . : XXXXXX.local
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : XXXXXX.local

Ethernet adapter Local Area Connection 2:

   Connection-specific DNS Suffix  . : XXXXXX.local
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller #2
   Physical Address. . . . . . . . . : C8-9C-DC-33-F1-65
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . :
   fe80::3925:86a5:7066:ab92%15(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.254.38(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 22 August 2012 10:20:32
   Lease Expires . . . . . . . . . . : 30 August 2012 10:20:31
   Default Gateway . . . . . . . . . : 192.168.254.253
   DHCP Server . . . . . . . . . . . : 192.168.254.200
   DHCPv6 IAID . . . . . . . . . . . : 315137244
   DHCPv6 Client DUID. . . . . . . . :
   00-01-00-01-14-4A-17-8D-10-78-D2-74-2F-8A

   DNS Servers . . . . . . . . . . . : 192.168.254.200
   Primary WINS Server . . . . . . . : 192.168.254.200
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.XXXXXX.local:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : XXXXXX.local 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No 
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No 
   Autoconfiguration Enabled . . . . : Yes

The routing table:

C:\>route print
===========================================================================
Interface List
 15...c8 9c dc 33 f1 65 ......Realtek PCIe GBE Family Controller #2
  1...........................Software Loopback Interface 1
 10...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0  192.168.254.253   192.168.254.38     10
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
    192.168.254.0    255.255.255.0         On-link    192.168.254.38    266
   192.168.254.38  255.255.255.255         On-link    192.168.254.38    266
  192.168.254.255  255.255.255.255         On-link    192.168.254.38    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link    192.168.254.38    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link    192.168.254.38    266
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 15    266 fe80::/64                On-link
 15    266 fe80::3925:86a5:7066:ab92/128   
                                    On-link
  1    306 ff00 ::/8                On-link
 15    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

And the strange routing as demonstrated by tracert:

C:\>tracert -d www.bbc.co.uk

Tracing route to www.bbc.net.uk [212.58.246.95]
over a maximum of 30 hops:

  1     1 ms     1 ms    <1 ms  192.168.254.254
  2     1 ms     1 ms     1 ms  172.16.0.254   
  3    17 ms    18 ms    16 ms  XXXXXXXXXXXXXXX
  4    18 ms    19 ms    19 ms  XXXXXXXXXXXXXXX
  5    22 ms    22 ms    22 ms  XXXXXXXXXXXXXXX
  6    22 ms    21 ms    22 ms  XXXXXXXXXXXXXXX
  7    21 ms    21 ms    22 ms  217.41.169.109 
  8    30 ms    32 ms    57 ms  109.159.251.227
  9    46 ms    39 ms    35 ms  109.159.251.137
 10    27 ms    66 ms    30 ms  109.159.254.116
^C

However, when done from another Windows 7 workstation:

C:\Users\administrator>ipconfig /allcompartments /all

Windows IP Configuration


==============================================================================
Network Information for Compartment 1 (ACTIVE)  
==============================================================================
   Host Name . . . . . . . . . . . . : PABX-BACKUP
   Primary Dns Suffix  . . . . . . . : XXXXXX.local
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : XXXXXX.local

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : XXXXXX.local
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 8C-89-A5-94-43-84
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . :
   fe80::9479:1c11:6f9f:ae0b%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.254.77(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0  
   Lease Obtained. . . . . . . . . . : 15 August 2012 08:27:18
   Lease Expires . . . . . . . . . . : 27 August 2012 08:27:31
   Default Gateway . . . . . . . . . : 192.168.254.253
   DHCP Server . . . . . . . . . . . : 192.168.254.200
   DHCPv6 IAID . . . . . . . . . . . : 244091301
   DHCPv6 Client DUID. . . . . . . . :
   00-01-00-01-16-C2-79-BE-8C-89-A5-94-43-84  

   DNS Servers . . . . . . . . . . . : 192.168.254.200
   Primary WINS Server . . . . . . . : 192.168.254.200
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.XXXXXX.local:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : XXXXXX.local
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

C:\Users\administrator>

And finally, doing a tracert from the 2nd workstation yields expected results:

C:\Users\administrator>tracert -d www.bbc.co.uk

Tracing route to www.bbc.net.uk [212.58.244.67]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  192.168.254.253
  2     1 ms     1 ms     1 ms  141.0.xxx.xxx
  3     2 ms     2 ms     2 ms  141.0.xxx.xxx
  4     7 ms     2 ms     2 ms  109.204.xxx.xxx
  5     2 ms     2 ms     2 ms  95.177.0.7
  6     3 ms     2 ms     2 ms  95.177.0.9
  7    30 ms     2 ms     2 ms  95.177.0.2
  8     2 ms     2 ms     2 ms  195.66.224.103
  9  ^C

As expected, it is routing via .253, and the 2nd hop is the inside interface of the Juniper NTU.

I've not inspected the traffic yet. In particular, I was going to look for ICMP redirects, though why there would be an ICMP redirect at all is not really sensible?

.254 used to be the default gateway before the fibre was installed.

Any ideas? Doesn't make sense to me why there should be this routing issue :(

The Draytek Dual WAN Router was rebooted, the PC was rebooted. The PC had the network disabled and then re-enabled. All the standard stuff when Windows looses the plot.

Hopefully somebody recognises the symptoms!

PS: Sorry for the long post, but I didn't want to leave something potentially relevant out.

PPS: No iSCSI involved on/at this or any other workstation so Windows 7 routing traffic through the gateway for local addresses isn't the issue.

The metric on the routing table differs between the two workstations, but this doesn't seem to be part of the issue. Here's how Microsoft sets the metric: http://support.microsoft.com/kb/299540 — Ian Macintosh, Aug 22 '12 at 13:24
The routing table shows the metric on the working PC as 20 for the default gateway, whereas the one doing the funny routing has a metric of 10 for it's default gateway. — Ian Macintosh, Aug 22 '12 at 13:31
Looking at this again this morning, examining the output from 'netsh dump' - I see that by default 'set global icmpredirects=enabled' is on. Still seems like icmp redirect is a likely candidate for the issue though I still can't see why they would be generated. The reason for suspecting something 'lower' in the stack is because ipconfig shows the correct default gateway, but the traffic goes to the old default gateway instead, ignoring the current so called active configuration. Either that, or ipconfig isn't really displaying the active configuration but only what it assumes is active. — Ian Macintosh, Aug 23 '12 at 09:32
Excellent diagram by the way - makes understanding the question so much easier — Dan, Aug 24 '12 at 12:51

score 2 · Accepted Answer · answered Aug 24 '12 at 12:42

This problem has repaired itself when the workstation in question acquired a new, different, IP address (I suspect the original lease expired).

Apart from a different IP address, the "ipconfig /allcompartments /all" output is identical, the "route print" is identical, and everything else I looked at was identical.

In retrospect I think something is faulty with the Windows 7 release & renew code where it does not actually seem to reset the TCP stack correctly or entirely. I have on other occasions noted that if you bring up a new DHCP server on a Windows network then the workstations seem to stick to the original DHCP server and do not do a full search, ie, first finding who the DHCP server on the network currently is.

If I come across a similar situation in future I'll try fiddling with DHCP first.

If you're struggling with the same, maybe check the lease time and then change the date/time into the future so that the workstation expires the lease? Alternatively you might be able to expire the lease from the server?

Kindly add an answer here if you find a good working method.

W7 routing - traffic not going to default gateway

1 Answers1