Provide a disaster-resistant vehicle to safely carry your e-business onto the internet
Successful e-commerce relies heavily on IP routing, which delivers e-business
information from one company to another. Without a redundant and fault-tolerant IP routing mechanism, a company's e-business can't survive disasters (e.g., hurricanes, floods, power outages, Internet-connection disruptions, equipment failures) because the company doesn't have an alternative method to reach the Internet. To gain and maintain a competitive advantage in e-business, you must incorporate redundant IP routing into your Internet infrastructure.
A common way to implement redundant IP routing is to use redundant routers and redundant Internet connections. Multiple routers on the same subnet ensure that a gateway to your Internet servers is available when the default gateway fails. Multiple connections to several ISPs (i.e., multihoming) provide alternative routes to the Internet when one Internet link or router is down.
Before e-commerce became popular, the Internet Engineering Task Force (IETF) defined several Internet protocols as building blocks for redundant IP routing. The protocols are the Fault Isolation and Recovery Protocol, which detects dead gateways and supports multiple default gateways; Internet Router Discovery Protocol (IRDP); Virtual Router Redundancy Protocol (VRRP); and Border Gateway Protocol (BGP). You can use the Fault Isolation and Recovery Protocol, IRDP, and VRRP to build local-router redundancy, and you can use BGP for Internet-router redundancy.
Windows 2000 and Windows NT 4.0 support the Fault Isolation and Recovery Protocol and IRDP, and many internetworking and routing products support IRDP, VRRP, and BGP. To include redundant IP routing functionality in your e-commerce infrastructure, you must have a basic understanding of how these protocols work in redundant IP routing configurations.
Multiple Default Gateways
A computer sending information to the Internet usually delivers that information to a local router or Layer-3 switch in the computer's local subnet, which in turn forwards the information to another router, then to the Internet. The local router is usually the computer's default gateway. If only one router is on the subnet and that router fails, the computer can't talk to other network subnets or the Internet. To provide fault tolerance, you need two or more routers on each subnet. However, this type of configuration requires the computer to support multiple default gateways (i.e., the computer must be able to detect the availability of the default gateway). If the default router fails, the computer must fail over to an available router. IETF Request for Comments (RFC) 816 describes how the host detects a dead gateway and switches to another gateway.
Win2K and NT 4.0 Service Pack 4 (SP4) and later support multiple default gateways in their TCP/IP implementations. (NT 4.0 SP3 and earlier versions don't properly switch to default gateways. For more information about multiple gateway support in NT 4.0 SP4 and later, see the Microsoft article "TCP/IP Dead Gateway Detection Algorithm Updated for Windows NT" at http://support.microsoft.com/support/kb/ articles/q171/5/64.asp.) If your Win2K or NT system uses a static IP address, you can include multiple router IP addresses in the system's TCP/IP default gateway setting. If the system uses a dynamic IP address, you can include multiple router IP addresses in the default gateway setting of the DHCP server's subnet scope. You list router addresses in preference order. When you boot the system, it tries the first address. If the system can't reach the first address after retrying a set number of times, the system uses the second default gateway. The number of times that the system attempts to use the first default gateway equals half the value of the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Adaptername\Parameters\Tcpip\TcpMaxDataRetransmissions Registry key. If the system can't establish 25 percent or more of a system's TCP sessions using the first default gateway, the system will use the second default gateway for all communications until this gateway fails or you restart the system.
Multiple default gateways also let you load-balance multiple routers. For example, if two routers, Router 1 and Router 2, are on the same subnet, you can set half the computers on the subnet to try Router 1 first and half to try Router 2 first. This setup works for static IP addresses, but it's difficult to implement using NT's DHCP server because it can't have multiple scopes on the same subnet. However, Win2K's DHCP server supports a vendor- and user-specific option through which you can define different scopes on the same subnet.
Multiple default gateways work well for TCP communications but not for UDP communications. A UDP session (e.g., the Netlogon process) can't detect a dead gateway. (For more information about this shortcoming, see the Microsoft article "Dead Gateway Detection Is Not Triggered During Logon" at http://support.microsoft.com/support/kb/articles/q183/9/02.asp.) Thus, you can't log on to an NT domain without a domain controller on the local subnet. In this case, IRDP comes to the rescue.
Router Discovery
Multiple default gateways require you to maintain the default gateway settings on computers or DHCP scopes. In contrast, IRDP lets a router advertise its availability. A computer can then dynamically discover the best available gateway on the subnet and automatically switch to the next best gateway if the current one fails. IETF proposed IRDP in RFC 1256.
At set intervals, an IRDP-enabled router multicasts an advertisement on the local subnet. The advertisement includes the router's interface address, a preference number, and a lifetime number (which denotes how long a computer can use this router as its default gateway before the router becomes unavailable). An IRDP-enabled computer selects as its default gateway the router that has the lowest preference number (the lower the preference number, the higher the preference). An IRDP-enabled computer can multicast or broadcast a solicitation message to all routers requesting a router advertisement when you boot the system, when its default gateway's lifetime expires, or at a predefined interval.
Enabling IRDP in an IRDP-capable router is easy. For example, in a Cisco Systems router, you use the command
ip irdp
to enable the protocol and set its preference and other advertisement interval parameters.
Win2K and NT 4.0 SP5 and later include host support for IRDP. However, you need to add two subkeys to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Adaptername\Parameters\Tcpip Registry key. Add the PerformRouterDiscovery subkey with a REG_DWORD value of 1, and add the SolicitationAddressBcast subkey with a REG_DWORD value of 0 (for multicast router solicitation) or 1 (for broadcast).
Virtual Router Redundancy
Multiple default gateway support and IRDP require computers intelligent enough to discover an available router on the subnet. Another potential problem is that IRDP advertisements and solicitation generate extra traffic on the subnet. VRRP, which the IETF outlines in RFC 2338, is a more efficient router-redundancy protocol that doesn't require computers' involvement in router discovery.
As its name implies, VRRP provides a virtual router to achieve redundancy. A virtual router uses a virtual router ID (VRID) address and virtual router IP (VRIP) address to represent itself. A virtual router consists of two or more physical routers: a master (i.e., active) router and one or more backup routers. The master router provides primary routing for the corresponding VRIP. The backup routers monitor the status of the master router and become active if the master router fails. The master router periodically multicasts advertisements at a set interval to let the backup routers know it's active. You set the master router to advertise its existence at a given interval, and the backup routers will assume the master router is down if they don't receive an advertisement within a period that equals three times the interval. For example, if you set the master router to advertise every 3 seconds, the backup routers will kick in after 9 seconds.
If you have more than one backup router, the backup router with the highest priority will become the active router. When the master router comes back online, it will become the active router again and the backup router will return to a standby state. The priority values range from 0 to 255. The higher the value, the higher the priority. By default, a VRRP router uses priority 100. If you use the IP address of the master router's interface as the VRIP address, you must set the master router's priority to 255. The master router uses priority 0 to tell backup routers that it has stopped working.
Previous
Register
I still understand the following basic question:
We have 3 SDSL lines, from different ISPs, on totally
different network segments. We want to connect a webserver
to all the 3 lines with 3 NICs. In the DNS we can
put 3 IPs for our domain for network load sharing.
My question is: how do we setup routing on the webserver?
Does it work to put a default gateway for each NIC? (Each
DSL line has a router which should be the default gateway
if we connect only to one line.)
Thank you.
Yuan P Li November 16, 2000