WindowsNetworking.com Monthly Newsletter of October 2008 Sponsored by: UniPrint
Welcome to the WindowsNetworking.com newsletter by Thomas W Shinder MD, MVP. Each month we will bring you interesting and helpful information on the world of Windows Networking. We want to know what all *you* are interested in hearing about. Please send your suggestions for future newsletter content to: firstname.lastname@example.org
Most of us like to use DHCP to assign IP addressing information to our network nodes. This is especially the case in larger network environments. But even on small networks, it is hard to beat the ease of configuration and address management that is available using DHCP. Just configure the scope to include a range of IP addresses, a subnet mask, the DNS address, the WINS address and the default gateway, and you are good to go.
However, there is one thing that DHCP is not good at, and that is awareness of the network infrastructure. If a WINS or DNS server is not available or changes its IP address, the DHCP server is blissfully unaware of the situation and continues to assign inaccurate address information to DHCP clients. While you might be able to get around this problem by assigning several WINS and DNS server addresses to the clients, but things get more tense when dealing with the default gateway.
It might happen that the default gateway setting becomes incorrect because the existing gateway is down or the IP address of the gateway changes. In this situation, nodes will only be able to reach other nodes on the same segment. While DHCP is a good option for assigning IP address, subnet mask, and DNS/WINS address, you might want a more dynamic solution for gateway address assignment.
If you think dynamic gateway assignment would be a good thing, then the Internet Routing Discovery Protocol (IRDP) is for you. IRDP allows hosts without a configured gateway address to send out requests for gateway information. These messages are called ICMP Router Solicitation requests. Router solicitation requests are ICMP messages aimed at finding a router on the local network. When a router configured to listen for these solicitation packets hears the request, it will broadcast its own message, called an "ICMP Router Advertisement". Therefore, router solicitation messages elicit router advertisement messages.
These messages can be broadcast in one of two ways: via the "all-routers" multicast address or via a limited subnet broadcast. The all-routers multicast address is 184.108.40.206 and is the default method. The limited subnet broadcast is sent to 255.255.255.255.
What happens if there are multiple gateways on the same network ID? If all routers are configured to answer router solicitation requests, then all routers will send router advertisements in response. Depending on the implementation of IRDP, the host sending the solicitation will either select the gateway from the router that responded first, or from the gateway that has a higher "preference level'. The Windows 2000 RRAS supports configuring preference levels.
All versions of Windows after Windows 95 support IRDP. When these hosts start up they will automatically assign themselves to the "all hosts' multicast group, which listens on IP address 220.127.116.11. These operating systems can send router solicitation packets to 18.104.22.168 and listen for router advertisements on 22.214.171.124. Windows 2000 and Windows XP clients send a maximum three solicitations at 600ms apart. If there is no response, the client will wait for the router to send advertisement messages via mechanisms other than in response to its router solicitation.
The configuration interface and implementation varies with each vendor. If you are using a Windows RRAS server, you can configure IRDP in the RRAS console. Open the RRAS console from the Administrative Tools menu and then expand the server name. Expand the IP Routing node and click on the General node. You'll see a list of interfaces in the right pane of the console. Right click on the interface you want to make a gateway and click the Properties command. You will see what appears here.
The Advertisement lifetime value is the number of minutes a router discovery advertisement is valid. The default value is 30. For example, suppose a Windows XP clients starts up and sends out a router solicitation message. The Windows RRAS router sends back a router advertisement message that includes the IP address of its gateway interface. After 30 minutes the value will time out and the client will send another router solicitation message if it has not heard a router advertisement before the end of the advertisement lifetime. Note that the client listens to the broadcast responses the router makes to solicitations made by other hosts and uses that broadcast to reset the advertisement lifetime clock. The client can also take advantage of unsolicited advertisements sent out by the router.
You can also configure a level of preference. The higher the value, the more preferred the gateway. If you have multiple gateways that are using IRDP, then the router with the higher preference level is used by the IRDP clients. If you configure all routers with the same preference value, the first router to answer the solicitation will be used as the preferred gateway.
Nodes do not have to depend on other nodes sending out solicitation messages. The router can be configured to send out advertisements at predetermined intervals. In the case of the Windows RRAS, you can set a Minimum and Maximum time. Router advertisement messages are then sent at a random interval between the Minimum and Maximum values you set in RRAS.
There are a couple of important Registry entries you need to know about:
The PerformRouterDiscovery entry allows the client to send out discovery messages. The SolicitationAddressBcast entry allows the hosts to send packets to the limited broadcast address (255.255.255.255) instead of the multicast address. Note that while the Windows 2000 Resource Kit states that the PerformRouterDiscovery entry is there by default, its not. You will have to add this to NT, Windows 2000 and Windows XP host. We'll wait and see what happens with Windows 2003.
While you do not hear too much about this useful protocol, we've been able to use IRDP in a variety of environments over the years. The protocol is quite handy in more complex or fluid environments, and is even helpful in smaller environments where IP configuration changes on gateways can lead to support calls and possibly hours of troubleshooting. When you use IRDP, you do not have to worry about someone changing the address of the gateway, because the router will advertise the new IP address.
3. WindowsNetworking.com Articles of Interest
Did you know that you can use the SET command from the command line to get interesting information about your computer and it's connection to the network? Check it out. Open a command prompt and type set and then press ENTER.
You'll see something like this:
C:\Documents and Settings\tshinder.TACTEAM>set
I find the most useful entry is the log on server. There is also interesting information about your temp folder location, your user domain and your processor architecture.
Dear Dr. Tom,
I'm having a hard time figuring out a good VPN solution. I have extra Windows Server 2008 licenses that I can use, but I'm wondering if Windows Server 2008 would make a good VPN server. Some people are telling me that I should get a "hardware" VPN server for my network. What do you think? Thanks! Georgi
You ask a good question. There are advantages and disadvantages of both the Windows Server 2008 VPN server solution and the "hardware" VPN server solution. Here are some questions you need to ask yourself when making the decision:
As you can see, there are a lot of advantages to using a Windows Server 2008 based VPN server solution. However, one advantage that the "hardware" solution might have is that it can be a plug and play solution for organizations that have little Windows Sever or networking expertise. In general, the Windows Server 2008 will be the better solution, in that it provides your more flexibility and security at a comparable cost to "hardware" VPN servers.
Got a question for Dr. Tom? Send it to email@example.com.