Chapter 4 - Routing In Windows NT
A Microsoft Windows NT Server includes Windows NT Server Multi-Protocol Routing support which enables routing over IP and IPX networks by connecting local area networks (LANs) or by connecting local area networks to wide area networks (WANs) without needing to purchase a dedicated router.
Note Windows NT also enables routing over AppleTalk networks. AppleTalk routing is part of Windows NT Services for Macintosh (SFM) which has its own separate planning and setup procedures in Chapter 17, "Planning Your AppleTalk Network." The AppleTalk section in this chapter covers basic routing information only
A router helps LANs and WANs achieve interoperability and connectivity and can link LANs that have different network topologies (such as Ethernet and Token Ring). Each packet sent over a LAN has a packet header that contains source and destination address fields. Routers match packet headers to a LAN segment and choose the best path for the packet, optimizing network performance. For instance, for a packet to go from Computer x to Computer z in the following illustration, the best route uses only one hop. If Router 1 is the default router for x, the packet will be rerouted through Router 2 and Computer x will be notified of the better route to use to get to Computer z.
Routers choose the best path for packets to travel
See the online glossary Help file for a brief overview of other types of common LAN connection devices: repeaters, bridges, routers, and gateways.
Windows NT Server Multi-Protocol Routing
After you install Windows NT Server Multi-Protocol Routing and enable the Routing Information Protocol (RIP) routing options, your Windows NT Server computer should be able to route network packets between two or more network adapters by using RIP on Internet Protocol (IP), Internetwork Packet Exchange (IPX), or both. Your computer can also be a DHCP Relay Agent (depending on your configuration) which allows a computer to relay DHCP messages across an IP network.
Note Windows NT Server Multi-Protocol Routing is intended for use by system administrators already familiar with routing protocols and routing services. This document provides installation instructions and a brief overview on routing and assumes that the reader has a basic understanding of routing and dynamic routing protocols. For more information on routing in general and dynamic routing protocols, consult a TCP/IP or IPX protocol-related book.
In Windows NT Server, you can use a RAS server as a route between a remote client and a LAN, as shown in the following figure:
Routing between a remote client and a LAN
In Windows NT Server, you can also route between two LANs, as shown in the following figure:
Routing between two LANs
It is not possible to route between WANs over switched circuits or dial-up lines. The only exception to this rule is a WAN card (for example, T1 or Frame Relay) that appears to the router as a LAN card.
Understanding the Routing Information Protocol
The Routing Information Protocol (RIP) facilitates the exchange of routing information. A RIP router is a computer or other piece of hardware that broadcasts routing information (such as network addresses) and forwards IP frames on connected networks.
RIP allows a router to exchange routing information with neighboring routers. As a router becomes aware of any change in the internetwork layout (for instance, a downed router), it broadcasts the information to neighboring routers. Routers also send periodic RIP broadcast packets containing all routing information known to the router. These broadcasts keep all internetwork routers synchronized.
For more information about the RIP, see the public specification RFC 1058.
Note For details on retrieving RFCs by means of FTP or email, send an email message to "rfc-info@ISI.EDU" with the subject "getting rfcs" and the message body "help:ways_to_get_rfcs."
RFCs can be obtained by means of FTP from NIS.NSF.NET, NISC.JVNC.NET, VENERA.ISI.EDU, WUARCHIVE.WUSTL.EDU, SRC.DOC.IC.AC.UK, FTP.CONCERT.NET, DS.INTERNIC.NET, or NIC.DDN.MIL. You can also find RFCs at http://ds.internic.net.
Installing the DHCP Relay Agent
The DHCP Relay Agent allows a computer to relay DHCP messages from one LAN to another. For example, suppose a network has two LANs (LAN A and LAN B) with a router between them but only one Dynamic Host Configuration Protocol (DHCP) server on LAN A. In a traditional scenario, for LAN B clients to get addressing information, a DHCP server would be required on both networks (resulting in higher maintenance and cost). Instead, install a DHCP Relay Agent on any computer in LAN B, and it will relay messages through the router to the DHCP server on LAN A.
For more information about the DHCP Relay Agent, see the public specification RFC 1542.
To install the DHCP Relay Agent
Installing LAN-to-LAN Routing
To enable routing on your Windows NT Server computer, install LAN-to-LAN routing support. Your Windows NT Server computer must have at least two network adapters to install LAN-to-LAN routing. For more information on enabling LAN-to-LAN routing, see the sections titled "Enabling IP Routing" and "Enabling IPX Routing."
Depending on your network, you can install LAN-to-LAN routing support for IP or IPX. Before installing LAN-to-LAN routing, ensure that the selected protocol (IP or IPX) is already installed on the Windows NT Server computer. Use the Network icon in Control Panel to install the IP or IPX protocol.
To install LAN-to-LAN routing on a Windows NT Server computer
Note To remove the RIP service, choose RIP for IP or IPX in the Services tab and then click Remove. Because this deletes the files from your computer, you must reinstall before you can use the RIP service again.
Windows NT Server supports RIP for dynamic management of Internet Protocol (IP) routing tables. RIP eliminates the need to establish static IP routing tables. This version of RIP routing does not support RIP over dial-up (switched WAN) links.
If RIP for IP is installed on a computer that has only one network card, the computer will be placed in Silent Mode. In Silent Mode, the computer listens to RIP broadcasts and updates its route table but does not advertise its own routes. If an additional network card is installed later and you want RIP to broadcast, you must change the SilentRip parameter in the Registry to 0.
Silent Mode might be used on a computer between two disjoint networks (that is, networks that are not connected to each other), such as a computer connected to both a network and the Internet. The computer receives routes from both networks and adds them to its routing table using RIP. When sending a packet to a remote destination, the computer knows exactly how to route it based on its routing table.
RIP for IP is installed as a Windows NT Server service through Control Panel, and is therefore configured through the Services icon in Control Panel. By default, the RIP service starts automatically when the computer starts.
RIP for IP requires the Microsoft TCP/IP protocol family: Internet Protocol (IP), Transmission Control Protocol (TCP), and User Datagram Protocol (UDP). The following figure illustrates the relationship between RIP and these three main protocols.
For more information about TCP or UDP, see the TCP/IP part in the Networking Supplement.
IP and RIP architectural model
IP datagrams, the basic IP information units, are sent directly from one host to another if the destination host is on the same network. If the destination host is on a different network, the datagram is sent to a router on the local network, which forwards it toward its destination.
If the destination host is not directly connected to the LAN that the router connects to, the router looks up the IP address of the next router in its routing table that lies along the path to the ultimate destination. The router then passes the datagram on to the next router. This continues until the ultimate destination router is reached and the datagram is sent to the destination host.
In this implementation of RIP routing over IP, routing over dial-up (switched WAN) links is not supported. For more information on static IP routing over dial-up lines, see "Installing a Simple Dial-up Router," later in this section.
Enabling IP Routing
Installing RIP for IP provides dynamic routing. When you install RIP for IP, the RIP routing service is automatically enabled and the Enable IP Routing option in the Advanced TCP/IP Configuration dialog box is automatically checked: No manual configuration is necessary. RIP for IP runs as a service and can be stopped and started through the Services icon in Control Panel. If you want static routing only, see the following section, "Enabling Static Routing."
Note IP permits two kinds of routing: static and dynamic. Static routing limits you to fixed routing tables. Dynamic routing automatically updates the routing tables, reducing administrative overhead (but increasing traffic in large networks).
To Enable Static Routing
You might need to make additional static routing entries. For information about creating static routing tables, see the following section "Managing an IP Router."
Managing an IP Router
You can use the route utility to configure static routing tables.
-f Clears the routing tables of all gateway entries. If this parameter is used in conjunction with a command, the tables are cleared before the command is run.. -p Enables persistent routes. (Routing table changes are carried over automatically after restarting your computer.) command One of the following commands:
destination The host or network to which you want to route. MASK Specifies that the next parameter be interpreted as the netmask parameter. netmask The subnet mask value to be associated with this route entry. If not present, this parameter defaults to 255.255.255.255. gateway The gateway to the destination. METRIC Specifies that the next parameter be interpreted as the metric parameter. metric Associates a cost/hop count for the destination specified by the route entry. Generally, this specifies the distance in number of hops from the destination. If not specified, the metric is set to 1 by default.
The route utility does not accept a subnet mask value of 255.255.255.255 on the command line. To specify a subnet mask with this value, you must accept the default.
The route utility can use the NETWORKS file to convert destination names to addresses. For the route utility to work correctly, the network numbers in the NETWORKS file must specify all four octets in dotted decimal notation. For example, a network number of 184.122.107 must be specified in the NETWORKS file as 220.127.116.11, with trailing zeroes appended.
The gateway must be on the same logical network that your computer is on. Otherwise, the route will not be added.
Default Gateways In TCP/IP configuration, you can add default gateways for each network card. On a computer on which multiple default gateways are defined, all remote network traffic that does not match an entry in the route table is passed over the first default gateway defined. Since only one default gateway is used, you should configure only one card to have a default gateway. This reduces confusion and ensures the results you intended. If you add a second gateway to the same network, the entry is added to the route table and is used if the first gateway goes down.
Example of Adding a Static Route
At the command prompt, type
route add 18.104.22.168 mask 255.255.255.0 22.214.171.124 metric 2
This route means that to get to the 126.96.36.199 subnet with a mask of 255.255.255.0, use gateway 188.8.131.52. The address 184.108.40.206 is two hops away.
A static route will also need to be added on the next router telling it how to get back to subnets that can be reached by the first router. With a network of a few routers or more, static routes can become very complicated.
Troubleshooting IP RIP
This section describes the various TCP/IP utilities that help determine whether RIP for IP is running correctly.
For more information, see Command Reference in Help.
Shows the mapping of IP addresses to hardware addresses. This is useful for tracking down duplicate IP addresses.
IPCONFIG or WINIPCFG
Verifies the correct configuration for the client, including IP address, subnet mask, and default gateway.
XXX.XXX.XXX.XXX shows the NetBIOS name cache on a remote computer. Helpful not only for NetBIOS name resolution problems, it also helps you track down the computer name after a duplicate address is found. If there is no response to NBTSTAT -A, the computer might be a router, or a computer without NetBIOS over TCP/IP (i.e. a non Microsoft computer.)
Note If you have multiple network cards, NBTSTAT -A runs over the first card in the binding list.
Verifies connections to one or more remote hosts.
Ping your computer (by address not hostname to determine that TCP is functioning. (Ping does not verify that your network card is functioning.)
Ping your default gateway or next hop router. This shows that the router is up.
Ping beyond the next hop router. A failed response such as "Request timed out" can mean that the destination host is down or that there is no route back to you. A failed response such as "Destination Unreachable" shows the IP address of the router that tried to route the packet but did not have a valid route.
Some useful ping options:
Prints the routing table. Subnet or network routes with a metric of 2 or greater are learned by RIP. (Note that a RAS client will also make a metric of 2 when the RAS connection is up.)
Use this command to see if the route table makes sense for the situation. You should see routes for other networks or subnets in your autonomous system. If the route table contains no routes with the metric of 2,verify that RIP for IP is running by checking the Services icon in Control Panel.
Check to see if the default gateway is correct on the Windows NT router. You should use only one default gateway configured on the appropriate network card. Remember that the default gateway route is used only if no other valid route to the destination is available. Therefore, the default route will only be used for addresses outside of your company or autonomous system. All routes in the company will be learned by RIP.
Shows the path of routers a packet used to get to its destination.
Reading Route Tables
Every computer that runs TCP/IP makes routing decisions. Such decisions are controlled by the route table. To display the route table, type route print at the command prompt. The following route table is an example from a computer with one netcard and is built automatically by Windows NT based on the IP configuration of your computer. A description of each column follows the table.
The network address is the destination. The search order is from unique routes to general routes. The network address and netmask work together to determine the search order. The network address specifies a destination (such as a host or a network address), and the netmask specifies which part of the network address must match (such as the first byte only or all four bytes).
The network address column can contain
Defines what portion of the network address must match for the route to be used. When the mask is written in binary a "1" must match and a "0" need not match. For example, a 255.255.255.255 mask is used for a host entry. The mask of all 255s (all 1s) indicates that the destination address of the packet to be routed must exactly match the network address for this route to be used.
In another example, the network address 10.57.8.0 has a netmask of 255.255.248.0. This netmask indicates that the first two octets must match exactly, the first 5 bits of the third octet must match (248=11111000), and that the last octet does not matter. Since the third octet, 8, equals 00001000 then a match would have to start with 00001. Thus any address of 157.57 and the third octet of 8 through 15 (15=00001111) will use this route. Because this is a netmask for a subnet route, it is called the subnet mask.
Where the packet needs to be sent. This can be the local network card or a gateway (router) on the local subnet.
The network card on which the packet should be sent out.
The number of hops to the destination. Anything on the local LAN is one hop, and each router crossed after that is an additional hop. The metric determines the best route.
Registry Parameters for IP RIP
This section presents configuration parameters that affect the behavior of RIP routing for IP. They can be modified only through Registry Editor.
Registry parameters for IP RIP are specified under the following key:
To make changes using Registry Editor
Data type = REG_DWORDRange = 0 or 1Default = 0 If set to 1, default routes in received RIP announcements are accepted. By default, they are ignored.
Data type = REG_DWORDRange = 0 or 1Default = 0 If set to 1, host routes in received RIP announcements are accepted. By default, they are ignored.
Data type = REG_DWORDRange = 0 or 1Default = 0 If set to 1, default routes are included in RIP announcements.
Data type = REG_DWORDRange = 0 or 1Default = 0 If set to 1, host routes are included in RIP announcements.
Data type = REG_DWORDRange = 0 or 1Default = 1 By default, routes learned through an interface will be announced having a metric of 16 on the interface.
Data type = REG_DWORDRange = 0 or 1Default = 1 By default, routes learned on a network are suppressed in updates sent on that network. If the parameter is set to 0, routes learned on a network are announced on the same network, as well.
Data type = REG_DWORDRange = 0 or 1Default = 1 By default, new routes and metric changes trigger an immediate update which includes only the changes. This is called a triggered update. The time between updates depends on the value of MaxTriggeredUpdateFrequency.
Data type = REG_DWORDRange = 15 seconds - 259200 seconds (72 hours)Default = 120 secondsThe number of seconds to wait before removing old, inactive routes.
Data type = REG_DWORDRange = 0 - 3Default = 1 The minimum level of information for entries being made to the system log: 0 = no logging, 1 = errors, 2 = warnings, 3 = information.
Data type = REG_DWORDRange = 1 second - 884400 seconds (24 hours)Default = 5 secondsThe minimum number of seconds that must elapse between triggered updates.
Data type = REG_DWORDRange = 15 seconds - 259200 seconds (72 hours)Default = 180 secondsThe number of seconds to wait before marking a route for garbage collection.
Data type = REG_DWORDRange = 0 or 1Default = 0 If set to 1, suppresses periodic RIP announcements. This is used when the computer is in Silent Mode. For more information see the "IP Routing" section.
Data type = REG_DWORDRange = 15 seconds - 884400 seconds (24 hours)Default = 30 secondsThe number of seconds between periodic updates which contain the entire routing table.
Installing a Simple Dial-up Router
Windows NT RAS version 3.5 or later was not designed to route packets from a large LAN over a dial-up link. However, by correctly configuring both the RAS computer acting as a router and the other computers on your small LAN with a static network configuration, you can use the computer running Windows NT RAS as a simple router to the Internet or to an enterprise TCP/IP network.
Note Your LAN must be small and not require the automatic routing configuration provided by RIP. (You probably do not need RIP functionality if you have a small LAN that is not expected to grow or change.)
The following requirements are necessary for using Windows NT RAS as a dial-up router between your LAN and the Internet:
To be identified using names rather than IP addresses, you also need a domain name. Your Internet service provider can help you obtain a domain name.
After you have a PPP connection, IP addresses for your subnet (and correct subnet mask), and (optionally) a domain name, you can configure the RAS and LAN computers for Internet gateway.
To configure a small LAN for routing to the Internet over a PPP account
The implementation of IPX by Windows NT Server (NWLink IPX/SPX Compatible Protocol [NWLink] ) conforms to the Novell® IPX Router Specification.
IPX Routing Protocol
Routers interconnect different network segments and, by definition, are network layer devices. In other words, routers receive their instructions for forwarding a packet from one segment to another from a network layer protocol. IPX, with the help of the RIP and the SAP, performs these network layer tasks. These tasks include addressing, routing, and forwarding from one location to another on an internetwork. The following figure shows how these protocols are related.
IPX Protocol Model
Features and Limitations
This version of IPX internal routing for Windows NT supports LAN-to-LAN routing (sending datagrams from one network segment to another based on routing information)and forwarding type 20 packet broadcasts, including NetBIOS over IPX packets propagation.
When you enable IPX routing, you can choose whether or not to enable type 20 broadcast propagation. If this option is selected, the Windows NT Server computer can use NetBIOS over IPX for browsing and name resolution.
Note Type 20 packets will only propagate up to 8 hops away from the original sender. This means that on a large network—if the receiving computer is more than 8 hops away from the sender—it will not receive this packet.
If you disable type 20 broadcasts, and IPX is the only protocol installed on this server and on clients connect to this server, then the clients cannot communicate with servers on other networks.
IPX provides the addressing mechanism that allows packets to be delivered to a desired destination. RIP and SAP enable routers to gather internetwork information and share that information with other routers. The RIP and SAP agents combine to make an IPX router, although SAP is not necessary in all cases. You need to install the SAP agent only if services running on your network (such as NetWare-compatible file servers or SQL servers) use SAP.
This version of IPX internal routing does not have filtering capability. Therefore, all entries in the RIP and SAP tables are propagated. On large networks, the bandwidth required for forwarding RIP and SAP tables can be considerable. Internal routing is not supported over dial-up lines.
If you have a fixed synchronous line (for example, T1) with network drivers that emulate the LAN, then RIP and SAP tables will be forwarded over those lines. Note that in this case, bandwidth usage for large networks can be exorbitant. Another advanced third-party router might be best suited for this situation.
Enabling IPX Routing
To enable IPX routing, you must install the IPX protocol and RIP for IPX. The SAP agent is installed automatically when RIP for IPX is installed. Use the Networks icon in Control Panel to install this software on the computer you want to use as a router. You will need to restart the computer before your changes take effect. For more information on installing RIP for IPX, see "Installing LAN-to-LAN Routing."
To enable IPX routing
Note This release does not provide LAN to WAN to LAN routing.
Troubleshooting IPX RIP
In addition to current source routing information, the ipxroute utility provides information on RIP, SAP, and statistics. Use the ipxroute utility to display and modify information about the source routing tables used by IPX.
Note All parameters should be separated by spaces. The ipxroute console utility can be used remotely by means of the remote utility in the Windows NT Resource Kit version 3.5 or later.
ipxroute board=n [clear] [def] [gbr] [mbr] [remove=xxxxx]
Routing on AppleTalk Networks
Because AppleTalk networks differ from PC networks, you must consider some special concepts and issues when you set up an AppleTalk network.
The first concept you need to understand is the internet. Note that this is a different concept than the Transport Control Protocol/Internet Protocol (TCP/IP) Internet. Most large AppleTalk networks are not single physical networks, in which all computers are attached to the same network cabling system. Instead, they are internets, which are multiple smaller physical networks connected by routers. Routers maintain a map of the physical networks on the internet and forward data received from one physical network to other physical networks. Routers are necessary so that computers on different physical networks can communicate with one another. They also reduce network traffic on the internet by isolating the physical networks. In other words, routers send only data that is usable by a network.
Some routers on the network are seed routers. A seed router initializes and broadcasts routing information about one or more physical networks. This information tells routers where to send each packet of data. Each physical network must have one or more seed routers that broadcast the routing information for that network.
Not all routers must be seed routers. Routers that are not seed routers maintain a map of the physical networks on the internet and forward data to the correct physical network. Seed routers perform these functions too, but they also initialize the routing information (such as network numbers and zone lists) for one or more physical networks.
A computer running Windows NT Server with Services for Macintosh can function as a seed router or as a nonseed router. If it is a seed router, it must be the first server you start so that it can initialize the other routers and nodes with network information. If it is a nonseed router, it cannot be started until a seed router has initialized all ports. You can also use dedicated hardware routers (such as those made by Cayman Systems®, Shiva®, Solana, Hayes®, and others) on your network.
Routing information includes:
The network number or network range is the address or range of addresses assigned to the network. A network number is unique and identifies a particular AppleTalk physical network. By keeping track of network numbers and network ranges, routers can send incoming data to the correct physical network. A network number can be any number from 1 through 65, 279.
LocalTalk networks can have only a single network number; EtherTalk, TokenTalk and FDDI networks can have network ranges.
A zone is a logical grouping, which simplifies browsing the network for resources, such as servers and printers. It is similar to a domain in Windows NT Server networking, as far as browsing is concerned. In LocalTalk networks, each physical network can be associated with only one zone. However, for EtherTalk, TokenTalk, or FDDI, you have more flexibility in assigning zones. Each EtherTalk, TokenTalk, or FDDI network can have one or more zones associated with it, and each zone can include servers and printers on one or more physical networks. This way, you can group servers and printers logically into zones so users can easily locate and access the servers and printers, no matter what physical networks they are on.
Each Macintosh client on the network is assigned to a single zone. However, each client can access servers and printers in any zone on the network. Zones make accessing network resources simpler for users. When users use the Chooser to view the network, they see only the resources in a single zone at a time, preventing them from having to navigate through huge numbers of resources on large networks to find the resources that they need. You can put the clients, servers, and printers used by a single group into a single zone, so users will see only the resources they typically use but will still be able to access resources in other zones when required.
A zone list includes all the zones associated with that network. One of these zones is the network's default zone, to which the Macintosh clients on that network are assigned by default. Users can configure the client to be in a different zone, however.
Working with Seed Routers
When you install Windows NT Server and set up Services for Macintosh, you must specify whether the Windows NT Server computer will seed each physical network to which it is attached. For example, a computer running Windows NT Server attached to three physical AppleTalk networks might serve as a seed router on two of the networks but not on the third.
For networks that the server will seed, specify the routing information. The Windows NT Server computer will then function as a seed router, seeding the routing information that you provided. If you specify that a server will not seed a network (that is, if you label it as a nonseed router), the port will be seeded by another AppleTalk router attached to it.
Using Multiple Seed Routers on a Network
To make your network more reliable in case of system crashes and power outages, install multiple seed routers on the same physical network.
When you install multiple seed routers for a particular network, all the seed routers must seed the same information for that network. When the network starts, the first seed router that starts on the network becomes the actual seed router.
When a network starts, if the first seed router to start has different routing information than seed routers that start later, the information established by the first seed router is used. If a seed router that starts subsequently with different information is a server running Windows NT Server, the conflicting information is ignored, an event is written to Windows NT Server Event Viewer, and the server ceases to be a seed router. Non-Microsoft routers might behave differently.
For more information on seed routers in a network, see Chapter 17, "Planning Your AppleTalk Network."
Configuring AppleTalk Routing
You must install Services for Macintosh (SFM) before you can configure AppleTalk Routing. For information on setting up SFM, see Chapter 18, "Setting Up Services for Macintosh."
If you enable routing, the computer running Windows NT Server becomes an AppleTalk router. This enables the computer running Windows NT Server to be seen from Macintoshes connected to all the bound networks. If the server has more than one network card and it is not a router, then the server can be used only from the Macintoshes connected to the default network (unless another router broadcasts the information for the other networks.)
To enable AppleTalk Routing
Seeding the Network
In the Routing tab, the Adapter box shows a list of network cards that correspond to the networks the Windows NT Server computer is attached to. Seeding can be enabled on any or all of the networks. To seed a specific network, choose the corresponding adapter and then select the Use This Router to Seed the Network option.
Caution The seeding information must agree with all routing information on that network and internet. Otherwise, all routers on the internet could fail to function.
Selecting to seed the network makes the present state of the Zone List and the Network Range options available.
Setting the Network Range
Setting the network range is part of seeding a network. Each AppleTalk network in an internet is assigned a range of numbers, and each node is identified to the network by one of those numbers, which is combined with a dynamically assigned AppleTalk node identification number. Because of this, no two networks on an internet should have overlapping ranges.
The value you specify for a network must range from 1 through 65,279. If you specify a range that overlaps another network range on the computer running Windows NT Server, you'll see a warning message. For more information about ranges, refer to Chapter 17, "Planning Your AppleTalk Network."
Setting Zone Information
Setting zone information is also part of seeding a network. You can see the current list of zones, add and remove zones, and set the default zone. The default zone is the zone in which all AppleTalk devices will appear if a desired zone has not been specified for the device.
For procedures and more information see the online Help.