Tim McMichael

Navigating the world of high availability...and occasionally sticking my head in the cloud...

Windows 2008 / Multi-subnet clusters and using static routes.

Windows 2008 / Multi-subnet clusters and using static routes.

  • Comments 18
  • Likes

===========================================================

***SEE UPDATE***

===========================================================

With the enhancements in Windows 2008 to allow for multi-subnet clustering it is becoming more common to see this utilized with Exchange 2007 SP1 installations. 

When implementing a clustered solution, it is a requirement that there be a minimum of two interfaces on each node, and that each node can maintain communications across those interfaces.  I see administrators implement this requirement in two different fashions with multi-subnet clusters:

  • The “public” interface of each node resides in different subnets with the “private” interfaces residing in a stretched subnet.
  • The “public” interface of each node resides in different subnets with the “private” interfaces also residing in different subnets.

If you are the second bullet, you’ll want to continue reading this blog.  (If you are the first bullet you’ll probably want to read it anyway since you’ve made it this far…)

For users that have a configuration where both network interfaces are in different subnets this will generally require routing between those two subnets.  A common mis-configuration that I see in this design is the use of default gateways on both of these network interfaces.

When a user attempts to configure two network interfaces each with a default gateway, the following error is noted from the operating system:

image

The text in this message is specifically important as it highlights at this time that this configuration will not produce the desired results.

The most likely cluster configuration where Exchange is used, with this type of clustering, is cluster continuous replication (CCR).  When multiple default gateways are defined, users may see inconsistent results in the performance and ability to replicate logs between the nodes.  The replication issues between nodes are also exacerbated when continuous replication hostnames are used utilizing the secondary networks with the default gateway assigned.  These issues are secondary to any issues that the cluster service many have maintaining communications between the nodes and any communications issues clients may have connecting to the nodes.

If the default gateways are removed from the “private” adapters, reliable routed communications can only occur over the “public” interface.  So…if two default gateways cannot be used, how should we ensure proper communications over both the “public” interface and “private” interface where both reside in different routed subnets.

The first part of this solution is to ensure that the binding order of the network interfaces is set correctly in the operating system.  To confirm the binding order:

  • Open the network connections control panel.
  • Choose the advanced menu (if menu is disabled, enable it by selecting Organize –> Layout –> Menu Bar).
  • Select advanced settings from the advanced menu.
  • On the adapters and bindings tab, ensure that the “public” interface is first in the list, with all secondary interfaces following after.

image

 

The second part of the solution is to maintain the default gateway on the “public” interface.

The third part of the solution is to enable persistent static routes on the “private” interfaces.  In terms of the routes we simple need to configure routes to other “private” networks using gateway addresses that have the ability to route between those “private” networks.  All other traffic not matching this route should be handled by the default gateway of the “public” adapter.

Let’s take a look at an example. 

I desire to have a two node Exchange 2007 SP1 CCR cluster on Windows 2008 with each node residing in a different subnet.

NodeA:

Public

  • IP Address 192.168.0.100
  • Subnet Mask 255.255.255.0
  • Default Gateway 192.168.0.254

Private

  • IP Address 10.0.0.1
  • Subnet Mask 255.255.255.0
  • Gateway on network 10.0.0.254

NodeB:

Public:

  • IP Address 192.168.1.100
  • Subnet Mask 255.255.255.0
  • Default Gateway 192.168.1.254

Private

  • IP Address 10.0.1.1
  • Subnet Mask 255.255.255.0
  • Gateway on network 10.0.1.254

(Note that gateway on network is not the default gateway setting but is the gateway on the private interface network that can route packets to the private network on the other nodes.)

In this case I would want to establish the necessary persistent static routes on each node.  In order to accomplish this, I can use the route add command.  The structure of the route command:

NodeA:  Route add 10.0.1.0 mask 255.255.255.0 10.0.0.254 –p

NodeB:  Route add 10.0.0.0 mask 255.255.255.0 10.0.1.254 –p

The –p switch will ensure that the routes are persistent lasting after a reboot.  Failure to use the –p will result in the routes being removed post a reboot operation. 

You can verify that the routes are correct by running route print and reviewing the persistent route information.

image

image

By utilizing only a default gateway on the “public” adapter, and static routes on the “private” adapters, you can ensure safe routed paths for client communications, cluster communications, and replication service log shipping.

========================================================

Update – 1-18-2010

========================================================

With Windows 2008 and Windows 2008 R2 the recommendation to manage static routes has changed.  Although route add should work the management of routes has technically been replaced with functionality in netsh.  Therefore, it is a recommendation that the netsh commands be utilized to implement and manage static routes.

I will leave the previous information un-edited in the blog since many people have used it.

The first step in implementing static routes with the netsh command is to determine the interface names.  The interface name is the logical name assigned to the network connection – for example Local Area Connection 1.  It is recommended that these networks be named into something more logical, for example LAN-Replication-A.  The logical network names may be the same on all nodes.

image

You can also determine that adapter name from an ipconfig /all.  (Note the name listed below in RED)

Windows IP Configuration

   Host Name . . . . . . . . . . . . : DAG-1
   Primary Dns Suffix  . . . . . . . : exchange.msft
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : exchange.msft

Ethernet adapter LAN:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual Machine Bus Network Adapter
   Physical Address. . . . . . . . . : 00-15-5D-00-02-07
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::dd27:d7f6:549f:6b9b%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   IPv4 Address. . . . . . . . . . . : 192.168.0.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.254
   DHCPv6 IAID . . . . . . . . . . . : 234886493
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-45-7C-F8-00-15-5D-00-02-07
   DNS Servers . . . . . . . . . . . : 192.168.0.253
                                       192.168.0.252
                                       192.168.0.251
   Primary WINS Server . . . . . . . : 192.168.0.253
   Secondary WINS Server . . . . . . : 192.168.0.252
                                       192.168.0.251
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter LAN-Replication-A:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual Machine Bus Network Adapter #2
   Physical Address. . . . . . . . . : 00-15-5D-00-02-08
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.0.0.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Disabled

The netsh command format to add static routes looks like:

netsh interface ipv4 add route <IP/Mask> “InterfaceName” Gateway

Using the information from the above example, the following netsh commands would be utilized in place of route add:

NodeA:  netsh interface ipv4 add route 10.0.1.0/24 “LAN-Replication-A” 10.0.0.254

NodeB:  netsh interface ipv4 add route 10.0.0.0/24 “LAN-Replication-A” 10.0.1.254

The netsh command automatically assumes – unless otherwise specified in the command – that the route added is persistent.

If the command completes successfully the route addition can be verified by running:

netsh interface ipv4 show route

The following is sample output with the added route in RED (output truncated to show sample line including prefix and gateway):

C:\>netsh interface ip show route

Prefix                    Idx  Gateway/Interface Name

------------------------  ---  ------------------------

10.0.1.0/24                11  LAN-Replication-A

This is how the netsh command can be used to accomplish what would have previously been done with route add.

========================================================

 

========================================================

Update 9/18/2012:

Updated the netsh verification command to show correct syntax.

========================================================

Comments
  • This is useful information, I had a similar configuration.

    I added static routes with the "Route Add" command. After a failover of a cluster group the static routes are not working. With the Netsh command the routes disappear after a failover while with Route command they are still visible but not working.

    I removed the static routes and add them again with the Netsh command and everything is working fine.

    Should "Route" command not be removed as its not working or debug the Route command?

  • Very good info, and makes sense. However, what if you want to provide default gateway redundancy in case primary network card(s) would fail? Could we use metrics to control which default is used by default, but would switch to the other default gateway if the primary network interface fails?

    Thanks

  • @Syl

    I have a blog post on how I recommend you utilize network ports.  I never personally recommend attempting to use metrics.  When you are attempting to provide redundancy for the primary network interface where the default gateway is, I recommend that a team be utilized and that the team be configured for fault tolerance only.

  • I have a question about the /Mask piece. In the cmd shell with the route add internal command you could specify 255.255.255.255 as the mask. In netsh that would equate out to /32 correct and would that work?

  • @Frederick:

    I believe you are correct although I generally shy away from doing this.  When specifying a /32 mask you are essentially saying on this IP address utilize this static route.  I find that eventually administators will make a change etc and then the route esentially gets broken.  If that network is routed by that particular gateway, I'd recommend using the /24 as it covers the entire subnet then.

    TIMMCMIC

  • This information could be the answer to my problem. I have several geo-clusters running node majority and they are setup with multiple gateways. My problem is that when our WAN takes a outage or is flapping, nodes in our majority site will be trimmed and go into singleton mode. As you can imagine this isn't great for our production servers. We will test the single gateway with statics in our lab and find if this fixes our issue.

    Thanks

  • @JBC:

    This blogs for you...

    TIMMCMIC

  • Thanks for the entry regarding Windows 2008 and the switch to netsh.  We were see very odd behavior using the route add method and moving to netsh resolved it.

  • You can also retrieve the number of your network card and when you use the command Route.exe it works:

    example:

    route add 192.168.35.0 MASK 255.255.255.0-p 18 192.168.35.254 if

    Here we add the number of the card is identified as 18 (if 18).

    Where normally there is no problem.

  • You can also retrieve the number of your network card and when you use the command Route.exe it works:

    example:

    route add -p 192.168.35.0 MASK 255.255.255.0 192.168.35.254 if 18

    Here we add the number of the card is identified as 18 (if 18).

    Where normally there is no problem.

  • @JPMayery:

    Although you are correct - route.exe should no longer be used with Windows 2008.  Our guidnace with Windows 2008 and newer is the use of netsh.

    TIMMCMIC

  • I see an interesting entry in your route table -- is this accurate? Will this work given the situation?

    10.0.1.0/32 gateway 10.0.0.254 Interface 192.168.1.4

  • @Sunny:

    This is a default route that windows added.

    TIMMCMIC

  • Tim, many thanks for the article this is the same situation as I'm in now.

    I'm currently planning to change the Primary CCR Node1 with different IP address due to the Data center relocation. Is it possible to break the CCR setup and then set the CCR Node1 with new IP address ?

  • @Server Support Specialist...

    Yes - you can simply just move the nodes and re-IP them once they are in their new location.  Remember to add an additional IP address to the cluster core resource group and Exchange group valid for that subnet.

    TIMMCMIC

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment