Using NT Server as a Software-based Router

Although many networks that employ Windows NT Server operate in one domain that runs on one network, many clients must run on multiple networks. When IP is the protocol of choice, interconnecting multiple IP subnetworks requires routers. You probably know about hardware routers, but did you know that NT Server 4.0 can function as a software-based router? In this article, we explain the difference between bridges and routers, and the differences between using hardware routers and using NT Server as a software-based router. Then, we show you how to set up an NT server with more than one NIC as a software-based router. Along the way, we explain how Routing Information Protocol (RIP) works, and how to read an RIP routing table.

Bridges and Routers: What's the Difference?
Although the number of computers and LANs in business use continues to rise, the average number of hosts attached to a LAN is decreasing. LAN performance degrades as the number of hosts attached to the LAN rises. When too many attached hosts cause LAN performance to become sluggish, you can use any of several methods to improve the LAN's performance. One such method is to divide the LAN to create two networks. You can connect divided LANs using a bridge or a router. Both bridges and routers segment networks and filter and forward data, but they differ in operation and capability. You can understand the differences between a bridge and a router by examining the addresses each uses to do its job.

Host computers that are connected to a LAN and use TCP/IP have two addresses: a LAN media access control (MAC) address and an IP address. In terms of the Open Systems Interconnection (OSI) reference model, MAC is similar to data-link layer (layer 2) and facilitates error-free communication between devices on a LAN. MAC addresses are flat; that is, their assignment is random, and system intruders can't derive routing or location information from a MAC address. MAC addresses are burned into LAN NICs at the time of manufacture; most MAC addresses are 48 bits long and represented by a hexadecimal value.

In contrast to MAC, IP resides at the OSI network layer (layer 3) and routes packets through a network or across a series of subnetworks. On the LAN, a MAC frame transports an IP packet. IP addresses are hierarchical, which means that some portion of the address identifies a network (i.e., the Network Identifier—NET_ID). Routers use an address' identifier portion to route the packet. All IP hosts on a given network have the same NET_ID. An analogy highlighting the difference between MAC and IP addresses might be this: Your Social Security number (MAC address) uniquely identifies you but not your location, whereas your telephone number (IP address) uniquely identifies you and lets the telephone company network route telephone calls to your location.

Bridges operate using MAC addresses. Bridges forward frames from LAN to LAN to let multiple physically separate LAN segments operate as one network. In a transparent bridge environment (usually associated with Ethernet LANs), bridges must learn the location of all stations on the network and forward frames based on routing tables. If a bridge doesn't recognize the MAC address of a destination station, the bridge broadcasts the frame throughout the network. Routers are more intelligent devices than bridges and use the network layer address (i.e., IP) to route packets, letting several logically distinct networks communicate with one another. A network layer protocol such as IP handles its routing function by examining a routing table; a routing protocol populates the routing table with information. Bridges don't scale well to very large networks, nor can you use a bridge as a customer interface to the Internet.

Software-based Routers
Let's assume that you want to connect two or more IP subnets with a router. A hardware router is the preferred solution if your network is large or if you require a high-speed connection to the Internet. Router hardware, software, memory, and bus components move packets at high speed, and routers are modestly priced. You can purchase hardware routers from Cisco, Nortel (Bay Networks), 3Com, and other vendors. In some cases, however, you can use a software-based router with the capabilities of NT Server.

Several reasons exist for trying a software-based router solution that uses NT. One reason is that an NT system that functions as the router connection between a small network and the Internet eliminates the necessity to learn another OS interface and gain the expertise necessary to maintain and administer a traditional router. In addition, a site might choose to build a small special-purpose LAN with just a few devices attached. In such a case, a router would be a relatively large expense, and overkill to boot. Finally, an NT server that two local subnets can access is the best choice for linking the subnets. The server can simply attach to both networks to create a dual-homed environment.

Configuring an NT Server as a Software-based Router
The first step in setting up an NT server as a software-based router is to install at least two NICs in the server. The second step is to configure the cards. From the Network applet in Control Panel, select the Protocols tab, and click Properties to bring up the Microsoft TCP/IP Properties page. On the IP Address tab, which Screen 1 shows, select each of your network cards in turn, and enter the appropriate IP address information for each card in the fields below the Specify an IP address button. You need to define only one default gateway for each server-router, so you need to provide the default gateway address for only one of your NICs. You can leave the Default Gateway field blank for the other cards. (Alternatively, you can define additional default gateways for each NIC after clicking the Advanced button.) After you enter addressing information for each NIC, open the DNS, WINS Address, DHCP Relay, and Routing tabs and enter the appropriate information.

With two NICs, you can physically attach an NT server system to two networks; the system can be a member of both networks and might forward packets. Figure 1 shows one NT server system connecting two LANs. If you check the Enable IP Forwarding check box on the Routing tab, as Screen 2 shows, hosts on either LAN can access hosts on the other network. The GOLEM server can act as a router and accept packets from one network and forward them to the other. However, in a dual-homed environment in which an NT server system acts solely as a print or file server, the two LANs can access the server, but the server can't forward packets from one LAN to the other. A client on the 192.168.88.0 network accesses the GOLEM server via the NIC at 192.168.88.1, and a client on the 192.168.99.0 network accesses GOLEM via the NIC at 192.168.99.7.

If you want to route packets between the two networks, the server must have a routing table that contains information telling IP how to forward packets. You create and maintain routing tables on a static or dynamic basis. The system software automatically creates static routing tables when you install NICs. Static routing tables don't change in response to network conditions (such as traffic load or link status); therefore, routes remain the same until a systems administrator changes them. A routing protocol creates and maintains dynamic routing tables; NT Server uses RIP as its IP routing protocol. (You can find more information about the first version of RIP—RIP1—in Request for Comments—RFC 1058 and about RIP2 in RFC 2453.) To install RIP on your NT server, open the Network applet in Control Panel, and select the Services tab. Click Add and select RIP for the Internet Protocol from the Select Network Service dialog box. You'll receive a prompt to insert your NT Server 4.0 installation CD-ROM. You don't need to configure any parameters, so your installation is complete after you close the Network applet and select the option to reboot the system.

RIP and Routing Tables
So far, we've worked with a simple example of two networks with one server connecting them. In simple IP forwarding, a server knows about only the networks to which it's directly attached. However, you can connect multiple networks with multiple intermediate systems to form a more complex set of interconnections. As network topology becomes more involved, simple network-to-network packet forwarding is no longer adequate—you must employ a routing protocol so that servers can become aware of networks to which they aren't directly attached. Figure 2 illustrates a more complicated network scenario in which a new router, KERBEROS, joins the 192.168.99.0 network with the address 192.168.99.8. A third network (222.168.111.0) connects to KERBEROS at the address 222.168.111.6. This third network has its own dedicated router with a connection to the Internet. The third network and router are invisible to GOLEM, just as the 192.168.88.0 network is invisible to KERBEROS.

As we mentioned earlier, RIP is NT's IP routing protocol. Both versions of RIP are current Internet standards; RIP2 supports variable-length subnet masks (just as Classless Inter-Domain Routing—CIDR—does), and RIP1 is limited to advertising standard classful network addresses. (For more information about the specifics of IP addressing, see the sidebar "IP Addressing Basics.") RIP is an older routing protocol and still sees widespread, although diminishing, use on the Internet. RIP is a distance vector routing protocol. Routing tables maintain a list of all networks that the router knows, with the address of the next hop toward each known destination, and the total network cost (or metric) of getting to the destination. A distance vector routing protocol doesn't spell out the entire route from one network to each known destination but merely starts the packet in the right direction. Although some distance vector protocols allow a variety of metrics, hop count is the only metric RIP uses.

Distance vector routing protocols use the table exchange process to create and maintain routing tables. For example, in RIP, routers broadcast a portion of their routing table to their neighbor routers every 30 seconds. A router receiving a neighbor's table compares the routes in the broadcast table with the routes it already knows, and if the receiving router finds what appears to be a more efficient route in the broadcast table, that router will update its table. Figure 3 shows an example of the table exchange process between Router 1 and Router 3. Router 1 has a table entry for Network A that shows the network to be five hops away from Router 1 when the router routes via Router 2. Router 3 believes that it is three hops away from Network A if it routes via Router 7 (neither Router 2 nor Router 7 appear in Figure 3). When Router 3 broadcasts an RIP packet that contains a portion of its routing table, Router 3 increments the hop count from three to four because all of Router 3's neighbors are four hops from Network A if they route via Router 3. Router 1 determines that routing to Network A via Router 3 requires fewer hops than routing through Router 2 and updates its table accordingly.

RIP has fallen increasingly out of favor for widespread Internet use since the early 1990s because the protocol doesn't scale well to large and complex network topologies, in which it can become unstable and take a long time to propagate changes through the network. The Open Shortest Path First (OSPF) protocol is steadily replacing RIP. Nevertheless, RIP is a simple protocol to implement and requires very little processing and management. RIP is therefore well suited to small networks such as those you might build with a few software-based routers.

Reading RIP Routing Tables
In NT and Windows 9x, you can use the Route Print command from the DOS command line to display a server-router system's RIP routing tables. You can use the Route command to manually add, delete, or modify table entries. The Route Help command displays basic information and directions, although an easy way to prevent the Help information from scrolling off the screen or to redirect the Help output to a file doesn't seem to exist.

An NT routing table contains five pieces of information. Table 1 is a sample routing table for the NT server GOLEM in Figure 1, which interconnects two LANs. The network address and netmask together specify the address to which a particular row in the table applies. The gateway address is the IP address of the router (or gateway) to which the server-router forwards packets destined for the specified network address; the gateway is accessible at the IP address that the interface specifies. Finally, the metric indicates the number of hops a packet must make to get from the server-router to the destination network.

Lines 1 and 2 refer to the address 0.0.0.0, which is shorthand for "unknown network." The server-router will send packets with this address back out on the NIC that the packets came in through. Line 3 is the local host loopback address.

Lines 4 through 6 refer to the 192.168.88.0 network. The server-router will forward a packet addressed to this network (mask 255.255.255.0) to the gateway at address 192.168.88.1. The server-router sends out packets addressed to the host address 192.168.88.1 (mask 255.255.255.255) via the local host. Packets addressed to the network's broadcast address also go out to 192.168.88.1. Lines 7 through 9 refer to the network 192.168.99.0.

Lines 10 and 11 refer to address 224.0.0.0, mask 224.0.0.0. The server-router sends back packets targeted to any address in which the first three bits are 1 (i.e., any Class D or E address) on the NIC that the packets came in on. The same routing action applies to packets addressed to the all-hosts address, to which lines 12 and 13 refer.

Table 2 shows an abbreviated routing table for the GOLEM router in Figure 2. Table 2 is an illustration of a routing table that contains network addresses that aren't local to the server. The table also shows one configured default gateway. The server-router assumes that any packet addressed to a network other than the three that Figure 2 defines is aimed at the Internet; therefore, the server-router will forward such packets to the default gateway. One subtlety of IP routing is that the gateway address is never inside an IP packet. IP packets contain only the original source and destination host addresses; routers use the gateway address only to determine the destination address for the MAC's transmission.

In Table 2, line 1 shows that the server-router forwards packets with an unknown address to the default gateway at 222.168.111.1. This router is three hops away from GOLEM. Note that GOLEM knows about only one default gateway. Lines 2 through 5 show that the server-router forwards packets destined for the networks directly connected to GOLEM (i.e., 192.168.88.0 and 192.168.99.0) to only the appropriate NIC. Line 6 shows that the server-router forwards packets destined for network 222.168.111.0—a network to which GOLEM isn't directly attached—to the router at address 192.168.99.8, which is accessible via GOLEM's interface 192.168.99.7. Note that network 222.168.111.0 is two hops away from GOLEM.

For Further Investigation
Using an NT server as a software-based router can make sense in specific situations. Understanding RIP will help you better understand the tables that the protocol generates and how you might manipulate the tables to improve routing. You can find more information about bridging, routing, their associated protocols, and Internet applicability in two excellent books: Routing in the Internet (Prentice Hall, 1995) by Christian Huitema and Interconnections: Bridges and Routers (Addison-Wesley, 1992) by Radia Perlman.