Get Rid of Those Default Gateways!

A couple of months ago, I talked about how to make a Windows NT machine into an IP router, but I didn't cover the implications for workstations that use that router. This month, I want to look at this area so I'll have all the pieces in place to cover next month's topic, the grand finale: using an NT machine as a LAN-to-WAN router to the Internet.

An example of a workstation that uses an IP router is a simple three-subnet "internet" (the example includes only three subnets, so this is an "internet," not part of the "Internet"). Figure 1 shows this "internet."

First, you see three separate Ethernet segments, three separate subnets. They are all C-class networks (subnet mask 255.255.255.0), just to keep things clean. Ovals represent two of the networks. The left oval, containing 199.100.200.0, is shorthand for an Ethernet with up to 254 computers. Addresses range from 199.100.200.1 through 199.100.200.254. Notice I said 254, not 253, because these subnets have no default gateway.

The right oval represents a network whose addresses range from 200.15.16.1 through 200.15.16.254--network number 200.15.16.0. Between these ovals is a third subnet, with the address 210.50.200.0. The PC in the middle contains only one Ethernet card, and its IP address is 210.50.200.40.

The rectangles on the right and left sides are routers, computers with two Ethernet cards and thus two IP addresses apiece. Each has an address on the 210.50.200.0 network, and each has an address on either the 200.15.16.0 network or the 199.100.200.0 network. These routers can be PCs running NT, or they can be dedicated routers from Cisco Systems, Bay Networks, Compatible Systems, or the like.

The plan is to set up the workstation at 210.50.200.40. Notice that, from this workstation's point of view, it has two possible "gateways," 210.50.200.200 and 210.50.200.22. Which should be the default gateway?

The answer: neither. When you set up the .40 machine with a static IP address (that is, if you just punch in an IP address, subnet mask, and such, rather than letting the Dynamic Host Configuration Protocol (DHCP) automatically give it an IP address), you leave the Default Gateway field blank. You now need to tell the machine at 210.50.200.40 how to route to anywhere on this network. The following are some facts this machine needs to know.

1) To get a message to the 199.100.200.0 network, send it to the machine at 210.50.200.200.

2) To get a message to the 200.15.16.0 network, send it to the machine at 210.50.200.22.

3) To get a message to the 210.50.200.0 network, just use your own Ethernet card; send the message out on the segment, and it'll be heard.

You tell a workstation how to send packets with the route add command. It looks like this:

route add destination mask netmask gatewayaddress

In this command, destination is the address or set of addresses that you want to reach. Netmask defines how many addresses are there: Is it a C-class network with 250+ addresses, something subnetted smaller, or perhaps a supernet of several C-class networks? Gatewayaddress is just the IP address of the machine that will route your packets to destination.

The routeadd command for the 199.100.200.0 network looks like this:

route add 199.100.200.0 mask 255.255.255.0 210.50.200.200

It means, "to send a message anywhere on the 199.100.200.0 network, send it to the machine at 210.50.200.200, which will take care of it."

Just a reminder on subnetting, for clarity's sake: Suppose the network on the left isn't a full C-class network, but a subnetted part of it; suppose instead that it is just the range of addresses from 199.100.200.64 through 199.100.200.127. The network number is, as always, the first address (199.100.200.64), and the subnet mask is 255.255.255.192. The routeadd command then looks like this:

route add 199.100.200.64 mask 255.255.255.192 210.50.200.200

Next, you add a command for the network on the right. This command takes the form

route add 200.15.16.0 mask 255.255.255.0 210.50.200.22

That command will get an NT system up and running. Now it can access all three subnets.

Suppose the workstation at .40 tries two PING commands: PING 2.44.214.33 and PING 200.15.16.170. Suppose also that no machine on the 200.15.16.0 network has the IP address 200.15.16.170. Now both PINGs will fail, because neither machine is on this network, but each will produce a different error message. PINGing 200.15.16.170 will produce, "Request timed out," and PINGing 2.44.214.33 will produce, "Destination host unreachable."

Why the different error messages? In the case of 200.15.16.170, the PING went out to the 200.15.16.0 subnet, but no one responded, so PING timed out. In the case of 2.44.214.33, the workstation simply didn't know where to send the packet. If you send mail to a non-existent Ignatz Semmelweiss in Sydney, Australia, you just address a letter and drop it into the mailbox. A response may take awhile, but eventually you'll get a message that says, "The mail system hasn't gotten a response from Ignatz." But how can you send a letter to someone living on the fourth planet orbiting Proxima Centauri? You can't. You have no idea how to begin sending that message. That's a "destination host unreachable" message.

Clearly, then, to troubleshoot NT networks that use TCP/IP, you examine what a workstation knows about routing. You can find out by opening a command prompt and typing, ROUTE PRINT or netstat -rn. If you do that on the .40 workstation, you'll get a result like screen 1.

Notice that the format of ROUTE PRINT's output is similar to the way you format data in ROUTE ADD. Also notice that most of the routing information is generated automatically.

The first line is the loopback information. Send a message to any IP address from 127.0.0.0 through 127.255.255.255, and the message will be echoed back to you. Note the general mask, 255.0.0.0. The gateway address 127.0.0.1 is the preprogrammed loopback address. The second and third lines are the ROUTE ADD statements that you manually entered. The fourth statement just says, "to talk to your own subnet, just shout out the message, and everyone will hear it."

The fifth statement says, "to send to 210.50.100.40, send to 127.0.0.1." Again, notice the mask, 255.255.255.255. It means, "this routing rule applies only for this one IP address." The statement after that looks the same except for the last quad; 210.50.100.255 is the address that your workstation would use to broadcast a message intended for every computer on its subnet.

The seventh line defines an "internet" multicast address. A multicast is a network communication to more than one machine, but not necessarily all machines; a multicast is a message received only by the machines that want to receive it. For example, all the PCs in a workgroup might want to receive browsing messages. However, PCs that are on the subnet but are not members of the workgroup wouldn't want the messages. So the PCs on the workgroup would all join a multicast group. Browser messages would then go to the "internet" multicast group. Some NT Internet software uses "internet" multicast groups, so you must define the multicast address. It is 224.0.0.0. The last line is the limited broadcast address, a kind of generic broadcast address.

When does entering a value for Default Gateway make sense? A default gateway is the address of a catch-all router, usually one connecting your subnet to the Internet or to a large corporate intranet. I don't have one here. But if I did have a connection to the Internet (for example, a router at 210.50.100.72), how would I include that in my routing table? The ROUTEADD commands you've seen so far connect you to a particular network. Typing in thousands of ROUTEADD statements, all referring to 210.50.100.72, is one way to explain to your workstation that 210.50.
100.72 is how to get to the rest of the world. But an easier way is to type

route add 0.0.0.0 mask 0.0.0.0 210.50.100.72

I've been using the Internet notation 210.50.100.0 as shorthand for "the range from 210.50.100.0 through 210.50.100.255"; zero acts as a wildcard for IP addresses. Extend that notion a bit, and you can see that 0.0.0.0 means "everything." It is the Internet version of *.* in DOS. The mask 0.0.0.0 includes no one-bits, which says, "when you're matching this pattern, don't worry about matching any of the bits--everything matches." That's the definition of a gateway address.

On any NT machine, you can leave the Default Gateway field blank, and you can enter a default gateway at runtime with the routeadd 0.0.0.0... command. Why do that? Because then you can change the default gateway on the fly, without needing to reboot your machine--which is useful when you're experimenting with routing.

You can get ready for next month's column by doing a little homework. Get Microsoft's Multivendor Protocol Router (MPR) and Service Pack 3 for NT 3.51. MPR is on ftp.microsoft.com at /bussys/winnt/winnt-public/fixes/usa/NT351/ussp3/mpr, and Service Pack 3 is at /bussys/winnt/winnt-public/fixes/usa/NT351/ussp2. I'll use them and Remote Access Service (RAS) to make an NT machine into a LAN-to-WAN Internet router.

Thanks for the Mail--Keep It Coming!
I appreciate the large amount of positive mail that I'm getting about this column. If you drop me a line this month, please tell me whether this topic is what you want to see. I want to spend time on TCP/IP issues--routing, DHCP, Windows Internet Naming Service (WINS), Domain Name Service (DNS), and Internet mail for starters.

If that agenda sounds good, please let me know. If not, or if you want something else, let me know about that, also. And note my new mail address: mark@mmco.com.