2

I currently have a Windows Server 2008R2 box with a single physical NIC. For what I want to do I need two network adaptors in the box. To accomplish this, I added a legacy hardware device "Network Adaptor" and used the Microsoft Loopback Adaptor as the driver.

Now I have two network adaptors:

  1. NIC1 - Physical NIC 10.71.1.3 (network: 10.71.1.0/24)
  2. NIC2 - Virtual (Loopback) NIC 10.71.2.3 (network: 10.71.2.0/24)

My goal is to get NIC2 to piggyback off of NIC1 and be able to ping another server (10.71.2.2) on the same switch (there is only one switch involved in this scenario).

Currently I can ping a server (10.71.1.5) with no issues because it's using the physical NIC as its gateway. But I can't ping 10.71.2.2. I'm guessing because the driver I used (loopback) is creating an isolated network on NIC2.

Please Note: Normally one would just add a secondary IP to NIC1 (the physical NIC). If I did I could ping 10.71.2.2 with no issues (I have tried and it works). But in this case I need two network adaptors and not just a single one to make what I'm trying to do work.

Ideas?

Updated: 4/28/2015 enter image description here

Arvo Bowen
  • 805
  • 5
  • 17
  • 35
  • I think you need to enable ICS (Internet connection sharing) for the adapters. Also, what's the gateway setting on the loopback adapter, and how does the windows routing table look (open CMD and type "route print")? – Noobixide Apr 26 '15 at 19:27
  • On the loopback adaptor there is no gateway... I don't think there should be as the DEFAULT gateway is still the same gateway as it has always been. As far as the route goes there is a route in the table that manages all traffic on the subnet in question... "192.168.2.0 255.255.255.0 On-link 192.168.2.3 286" – Arvo Bowen Apr 26 '15 at 22:00
  • Never use full uppercase words (except in technical abbreviations), they look as yelling. Never begin all of your words with uppercase, it is bad. There is a close vote for your question, I will try to save it, but probably it won't succeed. – peterh Apr 26 '15 at 23:14
  • A few things... 1) Where could I see these "close votes" and the reason why someone would want to close it. 2) Your edits completely change my question and information! It does not mean what it was intended to mean now... 3) A topic is commonly typed as a "Start case" because it is in fact a "topic". If I was "yelling" I would MAKE THE TOPIC LOOK LIKE THIS. – Arvo Bowen Apr 27 '15 at 01:18

2 Answers2

2

You need to add the Routing and Remote Access role to the server and set it up for IP routing.

RRAS will handle the routing from Nic2 to the Nic1 network, but the other servers will need to know the route back to Nic2.

On the other servers you will need

route add 10.71.2.0 mask 255.255.255.0 10.71.1.3

This will let the other servers know to route return traffic via 10.71.1.3

ChadH360
  • 414
  • 2
  • 3
  • I was trying to test this on my windows 7 box before setting it up on my remote server... Is it not possible with win 7? I don't see that feature. – Arvo Bowen Apr 26 '15 at 21:56
  • Windows 7 doesn't have this as a role, but you can enable IP Routing in the registry by going to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\Tcpip\Parameters\IPEnableRouter and changing the 0 to a 1 – ChadH360 Apr 26 '15 at 21:59
  • Nice! After I do that how can I configure it? – Arvo Bowen Apr 26 '15 at 22:01
  • You shouldn't need to do anything else. You can check the routing table with 'route print' and if necessary can add any new routes there. If you need to add a route to a specific interface, you can do so using the route add command and specifying the interface at the end of the command - check route /? from a command prompt for full details. – ChadH360 Apr 26 '15 at 22:27
  • Obviously, testing this in a win 7 machine is going to be quite different to a win2k8 r2 machine. If you do need to test before rollout, I would recommend setting up a similar test environment - ie test this on win2k8 r2 first. – ChadH360 Apr 26 '15 at 22:29
  • Your answer was marked as "low quality", probably because it is short. I suggest to integrate your comments into your answer, or it will be deleted. – peterh Apr 26 '15 at 22:58
  • The answer applies to the windows 2008 r2 question. It is precise and to the point. The comments apply to the additional query about doing the same thing on windows 7 and have no relevance to the original question. @peterh i would prefer that you delete your comment rather than a perfectly suitable answer to a question! – ChadH360 Apr 26 '15 at 23:05
  • @ChadH360 I voted to let it in peace, because I think you will do this change in your post before the 5 delete votes is collected. – peterh Apr 26 '15 at 23:11
  • @ChadH360 I have been trying to get this to work and can NOT seem to get anything to work right. I have added the RARA role and no matter what I do NIC2 can not gain access to the servers on the switch NIC1 is connected to! I have tried all kinds of variations of routes telling it to use different interfaces etc... Any suggestions that might help me? – Arvo Bowen Apr 28 '15 at 04:02
  • Have you configured routes on the other servers? RRAS will handle the routing from Nic2 to the Nic1 network, but the other server will need to know the route back to Nic2. On the other servers you will need route add 10.71.2.0 mask 255.255.255.0 10.71.1.3. This will let the other servers know to route return traffic via 10.71.1.3. I've edited the answer to include this info – ChadH360 Apr 28 '15 at 06:44
  • Thanks for the help! To elaborate a little more I actually have 3 servers trying to do the same thing (piggyback off of their NIC1, all servers have the same setup). Would I need to set up the RRAS role for all three servers? Also, to make sure I set up RRAS correctly on server1, I installed the role and in the wizard I was unsure what to choose. Should I choose "Network address translation" or "Secure connection between two private networks"? I could see where both would be valid. – Arvo Bowen Apr 28 '15 at 17:19
  • 1
    Whenever you have a server connected to two networks and you want traffic to flow between the networks, you will need to set up RRAS with IP routing. In this case, you won't want network address translation - there are several scenarios where you might want this, but in this case, secure connection between two private networks would be the preferred choice. Once you've got your routing between networks setup, you then need to make sure that devices/clients in the network know how to find each of the networks. This can be done at your default gateway or with the route add command on each device – ChadH360 Apr 28 '15 at 18:03
  • OK so now I have RRAS setup on all three servers using "secure connection between two private networks". I have not made any changes to the RRAS (it's all stock). Currently on server1(10.71.2.2) I can NOT ping server2(10.71.2.3). Outside of the servers (routers, etc) I know the path (routes) to and from is in place and working because if I add the IP address 10.71.2.15 to NIC1 on server1 and the IP address 10.71.2.16 to NIC1 on server2 I can ping one another. So do I need to add routes/nats or something to the RRAS? – Arvo Bowen Apr 28 '15 at 19:39
  • Can you draw a network map of the three servers and nics and add it to your question. In the drawing, can you include IP addresses and subnets. You mention above that you can't ping from 10.71.2.2 to 10.71.2.3. Assuming a subnet mask of 255.255.255.0, those two addresses are on the same subnet, so the traffic won't be routed. If those two servers aren't physically connected to the same subnet, then there will be no communication between them when using those addresses. – ChadH360 Apr 28 '15 at 19:55
  • Let us [continue this discussion in chat](http://chat.stackexchange.com/rooms/23271/discussion-between-arvo-bowen-and-chadh360). – Arvo Bowen Apr 29 '15 at 01:03
  • Sorry - I can't dedicate the time to a live chat. It sounds as though you are trying to use the same subnet in physical different locations. I'm assuming your three servers are physically connected together via NIC1 on the 10.71.1.0 subnet. Your NIC2 addresses cannot share the 10.71.2.0 subnet - one server will need to be (for example) 10.71.2.2, one server will need to be 10.71.3.2 and the last server will need to be 10.71.4.2. The necessary routes will need to be put in place to allow traffic to flow. – ChadH360 Apr 29 '15 at 07:05
  • Yes, three servers are physically connected to a switch using the 10.71.1.0/24 subnet. So you are saying there is NO way for the three different servers to have virtual NICs sharing the same subnet (10.71.2.0/24)? For some reason this all just seems as too much complication has been added. I would think it would be a simple issue of NOT having RRAS installed and just adding routes to tell the servers to use their 10.71.1.x interface to find the 10.71.2.0/24 network. My only issue is that I could never get the NIC2 (virtual) to share the NIC1 (physical) connection. – Arvo Bowen Apr 29 '15 at 16:47
  • NIC2 is already on the 10.71.2.0/24 network, so it wouldn't even attempt to route. If you need to use 10.71.2.x, then you could subnet even further. You might get away with using a 32 bit subnet mask, then whatever 10.71.2.x address you try to access (except local), it will be forced to route. Obviously this is not the sort of setup one would see often (if ever), so I can't comment on the feasibility of it. If windows gripes about a 32bit subnet then you could get away with a 30bit subnet allowing you to use .1,.5,.9,etc. You need RRAS to allow remote traffic to be routed between NIC1 and NIC2 – ChadH360 Apr 29 '15 at 17:37
0

In the end I decided to go a different route (no pun intended). I actually have multiple physical NICs installed and was using them for other things.

I since have learned something new about clustering. I have always in the past dedicated a NIC for the sole purpose of the cluster heartbeat. We my heartbeat always had a single point of failure. That never seemed to be an issue for me but the more I read up on it the more I realized that you don't have to dedicate a NIC just for the heartbeat. There is actually very little traffic that is used for the heartbeat itself and just incase that NIC goes down you should always have another NIC that is allowed to be utilized by the cluster and permitted to send/receive cluster data. This can be found by right clicking then going to "Properties" for each of the "Networks" from within the cluster config itself. Just make sure "Allow cluster network communication..." is ticked. You can allow clicks to if you wish but this is intended for things like VMs in the cluster etc and is not needed for the heartbeat.

So I ended up with 2 NICs with different subnets and both are being used as a heartbeat and that way they each show up as segregated networks in the cluster.

Arvo Bowen
  • 805
  • 5
  • 17
  • 35