Multihomed Terminal Server

  • Thread starter Thread starter nhance
  • Start date Start date
N

nhance

Guest
Hi,

I have a requirement for a terminal server to have 2 network cards both
going to different internet interfaces

NIC 1 - 192.168.1.2
SM - 255.255.255.0
DG - 192.168.1.254
General Netowrk with ProCurve Router, plugs into Procurve switch
Internet Interface 165.72.109.45 (fake)


NIC 2 - 10.0.10.2
SM - 255.255.255.0
DG - 10.0.10.254
Has a Netcomm NB9 and only plugged into this nic
Internet Interface 165.72.118.12 (fake)

My main NIC 1 has always worked well, both router have the ports forwarded
correctly and on Nic1 i can access remotely, on NIC 2 i cannot access from
extrernally on NIC2

Is it a routing issue, a Gateway issue? I want all traffic to go in and out
on the interfaces they come in on as this has been done due to bandwith
requirements for remote users.

Matthew
 
Re: Multihomed Terminal Server

"nhance" <nhance@discussions.microsoft.com> wrote in message
news:0FFACCDA-8683-435E-928D-A1C7BB4C06FB@microsoft.com...
> I have a requirement for a terminal server to have 2 network cards both
> going to different internet interfaces

Then the "requirement" needs to change. That is a very bad idea.

> My main NIC 1 has always worked well, both router have the ports forwarded
> correctly and on Nic1 i can access remotely, on NIC 2 i cannot access from
> extrernally on NIC2
>
> Is it a routing issue, a Gateway issue?

Yes. You cannot have two Default Gateways. That's why it is called a
*Default* Gateway. Default Gateways are "global" for the entire machine and
that is what creates the "0.0.0.0" entry in the Routing Table. The OS
would have warned you about this with a popup dialog when you tried
it,...you would have had to ignore the warning to proceed.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
 
Re: Multihomed Terminal Server

You need to manually configure the routes for the NIC that won't have
the default gateway. Route.exe will be your friend in this case and
don't forget to make them persistent otherwise they won't stay when you
reboot/shutdown the server.

Jeff Pitsch
Microsoft MVP - Terminal Server
Citrix Technology Professional
Provision Networks VIP

Forums not enough?
Get support from the experts at your business
http://jeffpitschconsulting.com

Phillip Windell wrote:
> "nhance" <nhance@discussions.microsoft.com> wrote in message
> news:0FFACCDA-8683-435E-928D-A1C7BB4C06FB@microsoft.com...
>> I have a requirement for a terminal server to have 2 network cards both
>> going to different internet interfaces
>
> Then the "requirement" needs to change. That is a very bad idea.
>
>> My main NIC 1 has always worked well, both router have the ports forwarded
>> correctly and on Nic1 i can access remotely, on NIC 2 i cannot access from
>> extrernally on NIC2
>>
>> Is it a routing issue, a Gateway issue?
>
> Yes. You cannot have two Default Gateways. That's why it is called a
> *Default* Gateway. Default Gateways are "global" for the entire machine and
> that is what creates the "0.0.0.0" entry in the Routing Table. The OS
> would have warned you about this with a popup dialog when you tried
> it,...you would have had to ignore the warning to proceed.
>
 
Re: Multihomed Terminal Server

Hi Jeff,

I have not done a lot in this area over the years it would seem

The Network card is 10.0.1.6 and the default gateway is 254

Can you please give me the route command as i am not getting it right

route 10.0.1.0 255.255.255.0 10.0.1.254 10.0.1.6 MERTIC 20 IF 3

Matthew





"Jeff Pitsch" wrote:

> You need to manually configure the routes for the NIC that won't have
> the default gateway. Route.exe will be your friend in this case and
> don't forget to make them persistent otherwise they won't stay when you
> reboot/shutdown the server.
>
> Jeff Pitsch
> Microsoft MVP - Terminal Server
> Citrix Technology Professional
> Provision Networks VIP
>
> Forums not enough?
> Get support from the experts at your business
> http://jeffpitschconsulting.com
>
> Phillip Windell wrote:
> > "nhance" <nhance@discussions.microsoft.com> wrote in message
> > news:0FFACCDA-8683-435E-928D-A1C7BB4C06FB@microsoft.com...
> >> I have a requirement for a terminal server to have 2 network cards both
> >> going to different internet interfaces
> >
> > Then the "requirement" needs to change. That is a very bad idea.
> >
> >> My main NIC 1 has always worked well, both router have the ports forwarded
> >> correctly and on Nic1 i can access remotely, on NIC 2 i cannot access from
> >> extrernally on NIC2
> >>
> >> Is it a routing issue, a Gateway issue?
> >
> > Yes. You cannot have two Default Gateways. That's why it is called a
> > *Default* Gateway. Default Gateways are "global" for the entire machine and
> > that is what creates the "0.0.0.0" entry in the Routing Table. The OS
> > would have warned you about this with a popup dialog when you tried
> > it,...you would have had to ignore the warning to proceed.
> >
>
 
Re: Multihomed Terminal Server

Sorry, I guess I should have "finished the story" by mentioning the addition
of the static routes after removing the DFG.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

"Jeff Pitsch" <Jeff@Jeffpitschconsulting.com> wrote in message
news:%23GHutWv$HHA.2268@TK2MSFTNGP02.phx.gbl...
> You need to manually configure the routes for the NIC that won't have the
> default gateway. Route.exe will be your friend in this case and don't
> forget to make them persistent otherwise they won't stay when you
> reboot/shutdown the server.
>
> Jeff Pitsch
> Microsoft MVP - Terminal Server
> Citrix Technology Professional
> Provision Networks VIP
>
> Forums not enough?
> Get support from the experts at your business
> http://jeffpitschconsulting.com
>
> Phillip Windell wrote:
>> "nhance" <nhance@discussions.microsoft.com> wrote in message
>> news:0FFACCDA-8683-435E-928D-A1C7BB4C06FB@microsoft.com...
>>> I have a requirement for a terminal server to have 2 network cards both
>>> going to different internet interfaces
>>
>> Then the "requirement" needs to change. That is a very bad idea.
>>
>>> My main NIC 1 has always worked well, both router have the ports
>>> forwarded
>>> correctly and on Nic1 i can access remotely, on NIC 2 i cannot access
>>> from
>>> extrernally on NIC2
>>>
>>> Is it a routing issue, a Gateway issue?
>>
>> Yes. You cannot have two Default Gateways. That's why it is called a
>> *Default* Gateway. Default Gateways are "global" for the entire machine
>> and that is what creates the "0.0.0.0" entry in the Routing Table. The
>> OS would have warned you about this with a popup dialog when you tried
>> it,...you would have had to ignore the warning to proceed.
>>
 
Re: Multihomed Terminal Server

Hi All,

The thing with posting on these sites is to request some support and draw on
the collective knowlege of all contributors. Many times the concept is know
but the details fuzzy, out of the replies i am still not getting a result.
Can somone please confirm my steps and advise if i am wrong as i am 12hrs
difference and i need to get this resolved asap.

We need extra bandwidth to allow RDP access only so we purchased a 2nd
ADSL2+ service and want to use this for external access.

We still need this device to be available via it's 192 address for local
land and the ADSL service 1 to come in and out also.


Network 1 (Internal LAN)
192.168.0.6
255.255.255.0
192.168.0.254 DG
(Procurve Router, Main Internet Device)
Network Interface #2


Network 2 (ADSL 2+ RDP ONLY)
10.0.1.6
255.255.255.0
0.0.0.0 DG
10.0.1.254 (Netcomm NB9 Router)
Network Interface #3

Do i leave the 2nd interface DG blank and add a static route

route add -p 10.0.1.0 255.255.255.0 10.0.1.254 METRIC 1 IP 3

Please tell me if this is right or wrong to get the result as i need this
resolved.

matthew
 
Re: Multihomed Terminal Server

"nhance" <nhance@discussions.microsoft.com> wrote in message
news:CFC6189E-0F99-465A-A302-22E8671DC82B@microsoft.com...
> The thing with posting on these sites is to request some support and draw
> on
> the collective knowlege of all contributors. Many times the concept is
> know
> but the details fuzzy, out of the replies i am still not getting a result.
> Can somone please confirm my steps and advise if i am wrong as i am 12hrs
> difference and i need to get this resolved asap.

I'm sorry, ...you're getting the results of your post, I'm afraid it just
isn't what you want to hear.

You can *NOT* have two "Internet" nics,...period. The Internet, by the very
fact of what it is,..is an "unknown" destination (0.0.0.0),...therefore is
handled only by the Default Gateway and there can be only *one* functioning
Default Gateway at a time.

Concering the nic it "comes from"....

Traffic always shows comming from the Primary IP# of the Nic that matches
the Route found in the Routing table which is determined by the Destination.
For the Internet this is always the 0.0.0.0 Route (the Default Route) and
will always show comming from the Nic with the Default Gateway and if that
nic has more than one IP# then it will always be the Primary IP#. The IP#
(and/or Nic) that the traffic was originally received on is completely and
totally irrelevant.

You have a flawed network design based on flawed theory. In a correct
design this server would have only one nic.

Concerning other routing matters,... You get more bandwidth by getting a
faster line,...you don't get more bandwidth by adding another Line, that is
one of the flaws in your theory. The second flaw might be that this is
RDP,..which has very *low* bandwidth requirements and doesn't need a new
line just for it. What a second Line gets you is more Routes or more Routing
Options,...or more often just more Routing Confusion. The only gain in
Bandwith comes from moving some of the traffic over to the second Line to
free up bandwidth on the first,...*BUT* that only works when the environment
and the topology have been properly designed for it and,...this is very
important,...you approach it with the right expectations for the right
reasons. It typically does not work for inbound traffic, or at least is a
whole lot more complicated and limited in options because of the "response"
to the traffic not following the same path (which appears to be your
problem).

I am speaking from experience.
At our place we have:

2 DSL lines
1 CableTV internet line
1 commercial grade connection built from 2 T1 lines that are "merged"

These all have different purposes, but they all work with the same company
LAN, and they all work perfectly with no problems.

My Terminal Server has only one Nic.

We are a TV Station with equipment that causes heavy bandwith usage to the
outside. So I divide up that equipment into groups of similar or related
purposes and configure each "group" to use a particular "internet
connection". In most cases the Destination is "specific" so the Routing can
be handled by our LAN Router to move the traffic to the correct connection.
If the desitnation is "not specific" then the equipment must be in the
correct subnet to use the chosen "internet connection" as its default
gateway (that's the correct topology stuff I mentioned) while using local
static routes to deal with the rest of the LAN's segments.

So now when I get to the Terminal Server, I have it just use the "normal"
main internet connection for the LAN because I have plenty of bandwidth due
to how I moved the other equipment to use specific dedicated connections for
what they do.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
 
Re: Multihomed Terminal Server

You could treat the Terminal Server the same way I did my "special
equipment" by getting rid of one nic, setting the correct Default Gateway on
the correct nic to us the correct connection. Then use Static routes in the
OS to tell it how the "find" the rest of the LAN. But if your LAN is a
single subnet then you don't need any static route.

This is pretty much what we suggested in the first place.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
 
Re: Multihomed Terminal Server

Hi Phillip,

Appreciate all you are saying but bandwidth isn't that cheap in australia,
nor that fast yet (mobile data here is one of the worlds best though)

We have Cisco, Juniper, and ProCurve doing this task at other sites to get
more bandwidth, on this one i was just hoping we could use the 2nd nic to
serve a seperate internet user group. I may just need to tell the client to
put a 2nd WIC in their router and do it here.

Mind you there are other posts that say it can be done and with success it
seems

Matthew










"Phillip Windell" wrote:

> You could treat the Terminal Server the same way I did my "special
> equipment" by getting rid of one nic, setting the correct Default Gateway on
> the correct nic to us the correct connection. Then use Static routes in the
> OS to tell it how the "find" the rest of the LAN. But if your LAN is a
> single subnet then you don't need any static route.
>
> This is pretty much what we suggested in the first place.
>
> --
> Phillip Windell
> www.wandtv.com
>
> The views expressed, are my own and not those of my employer, or Microsoft,
> or anyone else associated with me, including my cats.
> -----------------------------------------------------
>
>
>
 
Re: Multihomed Terminal Server


"Phillip Windell" <philwindell@hotmail.com> wrote in message
news:%23ufTjX5$HHA.4656@TK2MSFTNGP04.phx.gbl...
> You could treat the Terminal Server the same way I did my "special
> equipment" by getting rid of one nic, setting the correct Default Gateway
> on the correct nic to us the correct connection. Then use Static routes
> in the OS to tell it how the "find" the rest of the LAN. But if your LAN
> is a single subnet then you don't need any static route.

Sorry, I didn't "finish the story" again.

To do the above both internet connections need to come into the LAN,..not
directly into any machine. They would require a NAT-based or Proxy-based
Firewall. For example a typical Linksys box is a cheap low-dollar NAT
Firewall. The internal facing interface of both devices would be on the
LAN. Then you control which connection gets used by how you control the
routing. The Terminal Server would have one nic.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
 
Re: Multihomed Terminal Server

ok, so did u use a black box type agregator appliance or seperate routers,
this is that hard bit, i know you have all resolved the issues but some
details and description would be a massive help





"Phillip Windell" wrote:

> You could treat the Terminal Server the same way I did my "special
> equipment" by getting rid of one nic, setting the correct Default Gateway on
> the correct nic to us the correct connection. Then use Static routes in the
> OS to tell it how the "find" the rest of the LAN. But if your LAN is a
> single subnet then you don't need any static route.
>
> This is pretty much what we suggested in the first place.
>
> --
> Phillip Windell
> www.wandtv.com
>
> The views expressed, are my own and not those of my employer, or Microsoft,
> or anyone else associated with me, including my cats.
> -----------------------------------------------------
>
>
>
 
Re: Multihomed Terminal Server

I don't know if the way I did it is what you want, but...

For clarification, when I say "router" I mean a real router,..an LAN
Router,..which has nothing to do with the Internet. When I refer to the
internet device I will call it a NAT Firewall or a Proxy Firewall depending
on how it does its job.

All of my "connections" have some form of a Firewall on them. None of the
them go "directly" into any PC

The merged T1 pair -- ISA2006 (both NAT and a Proxy)
ADSL #1 --- some odd-ball brand of NAT box that I can't remember
ADSL #2 --- an Linksys NAT box
CableTv Conn -- a DLink NAT box

The boxes all have the internal interface on the same IP segment on the LAN

The last three are used for special purposes. The individual machines that
use them use the Default Gateway that matches the specific connection they
want to use, and then they use Local Static Routes to specify the LAN Router
as the Path for all the other LAN's subnets.

The rest of the normal machines use the LAN Router as the Default Gateway
which in turn uses the ISA2006 as its Default Gateway which causes the T1
lines to be the "normal" connection used for the majority of all the
machines.

There are variations of these techniques, but my specific techniques meets
my needs in my situation.

Linksys (and probably others) makes a Duel-WANport device that can take in
two different internet connections and can load blance between them (or do
fail-over). that may be a solution for you. I don't have any model
numbers, but you should be able to figure that out by reading through the
product descriptions.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

"nhance" <nhance@discussions.microsoft.com> wrote in message
news:7BBA3E96-1E9C-449D-95B0-C2F0F82753C8@microsoft.com...
> ok, so did u use a black box type agregator appliance or seperate routers,
> this is that hard bit, i know you have all resolved the issues but some
> details and description would be a massive help
>
>
>
>
>
> "Phillip Windell" wrote:
>
>> You could treat the Terminal Server the same way I did my "special
>> equipment" by getting rid of one nic, setting the correct Default Gateway
>> on
>> the correct nic to us the correct connection. Then use Static routes in
>> the
>> OS to tell it how the "find" the rest of the LAN. But if your LAN is a
>> single subnet then you don't need any static route.
>>
>> This is pretty much what we suggested in the first place.
>>
>> --
>> Phillip Windell
>> www.wandtv.com
>>
>> The views expressed, are my own and not those of my employer, or
>> Microsoft,
>> or anyone else associated with me, including my cats.
>> -----------------------------------------------------
>>
>>
>>
 
Back
Top