in this section i will look at using windowsserver 2008 as a router. in most cases you will use a hardware router on a commercialnetwork, but for the exam you need to know how to configure a router. if you ever useyour server for remote access, it pays to understand how routing working inside windowsserver 2008. routing is the process of selecting a paththrough a network for your data to travel. consider this, a computer is connected toa switch. it can communicate directly with any other device connect to this switch. forexample this printer, assuming the device has an ip address in that subnet. in thiscase any device starting with an ip address 10.0.1.if the computer wants to communicate with
anther computer on a different subnet it cannot do it directly. in order to communicate with the other computer it must go througha router. the computer will have it’s default gateway set to the routers ip address whichis 10.0.1.1 in this example. the router shown in this example has an ip address in eachsubnet. using this ip address it can communicate directly with an computer or device on thatnetwork and act as a bridge between networks. in this case the ip address is directly connectedto the router, but in a lot of cases this will not be the case. image the computer wantto communicate with a server on the 10.0.4 network. the router is not connected to thisnetwork, but by looking at it’s routing table you would conclude that the route tothis network is through the second router.
this router is directly connected to thisnetwork and thus will sent any data for that server directly to that network.if a computer was directly connect to this router as well on a different subnet, anydata for this network would also be transferred to this router. if the second router receivedany traffic for the 10.0.1 and 10.0.2 networks it would know from it’s routing table tosend the data to the first router. if a computer wants to send data to the internet,the second router would need to send that traffic directly to it’s internet connection.as you can see, the first router is connected to 3 networks while the second router is connectedto 4 networks. routing is the processes of deciding a path for your data to travel. onthe internet routing tables can have 100’s
and even 1000’s of routes in them dependingon the how complex the network is at that location.to better understand routing you should take some time to understand the mac address ormedia access control. the mac address is a 48-bit unique address that is present on everynetwork adapter. the address is guaranteed to be unique. if the following computer wantsto communicate with anther computer on the same subnet, the computer needs it’s macaddress to communicate with the other computer directly.in order to get the other computers mac address, an ip version 4 based computer uses arp oraddress resolution protocol. arp find the mac address of anther computer or device onthe local network. it does this by sending
a broadcast to all computers on the networkasking for the mac address for the following ip address. the computer with the ip addresswill response, this is my mac address. using the mac addresses the computer can communicatewith each other directly. in a large network you may have multiple switches and routerson the same network. the switches will keep a record of which mac addresses are on whichport. using these mac addresses the switches make routing decisions on the local networkwhere to send packets. this is an example of layer 2 routing. ifthe computer needs to communicate with a computer that is not on the local network, the computerwill send the data to the local router. arp will again be used to obtain the mac addressof the router. the computer will communicate
with the router using direct communication.the router will then pass on the traffic using the same process to other routers or directlyto the target computer or device. to start using windows server 2008 as a router youneed to install it, let’s have a look how to install the router.to installing the routing service, run server manager from administrative tools under thestart menu or from the quick launch bar if it is available. select roles from the lefthand side and than select add roles from the right hand side. in the wizard, select therole network policy and access services from the list.there are a few different components inside network policy and access services, the onerequired for routing is routing. this will
in turn select routing and remote access servicesand remote access service. routing is a feature of remote access services, however if youonly want to use your server as a router and not for remote access you can simply not enableany other features. there is nothing else that needs to be configurefor routing, the install is quiet simple. once the install has finished, it will takea few minutes, you need to configure routing and remote access.to do this, run routing and remote access snap in from administrative tools under thestart menu. from the admin tool, right click on your server and select the option “configureand enable routing and remote accessâ€. even though routing is installed it is disabledby default until you configure it.
on the configuration screen you can see thereare a lot of different ways routing and remote access can be configured. on this server ionly want to use the router functions. to do this, select custom configuration. thiswill allow you to select the options you wish to use, in this case i want lan routing. oncei press the finish button i will get the option to start the remote access service. once theservice is started your windows server 2008 router is ready to go.windows server 2008 allows you to create static routes. these are manually created routesthat are added to the routing table. these static routes override dynamic routes. staticroutes can also be created on client computer like windows vista and windows 7. considerthis example.
the client computer wants to access the testnetwork. if you add a route to the main site router you can route traffic for that subnetto the test network. however this does mean that all computers in that network will firstgo to the site router and then to the test router.this means to get the test network the computer must pass through two routers or what is referredto as hops. also the traffic must pass back through the same interface on the site routerthat it came in on. most routers will allow you to do this, but you may find if your routeris also a firewall it may get blocked. to prevent this, if you add a static routeto only the client computer, the client computer will be able to connect to the test networkdirectly, however regular users with out the
additional static route you will not be ableto access the test network. to add route use the following command. you can also add routesusing the admin tool if you are on windows server 2008 computer, but it is useful toknow the command line tool as well. to add a route, open a command prompt andenter the command route. if you put in the dash p option the route will be persistent,in other words will still be there when you reboot the computer. the add parameter tellsroute you want to add a new route, next put in the destination network followed by theword mask and than the network mask. finally the gateway you want the traffic to exit by.this is usually the ip address of the interface you want it to leave by, however you couldput a anther device or router on the network.
once added you can view the route table byentering in route print. i have added the dash 4 switch so i will only see ip version4 routes. as you can see the president route is at the bottom of the screen. on a welldesigned network you should only ever need to add routes on your routers, but it goodto known how to add routes to your local computer if you traffic does not go where you wantit to. often vpn clients will change routes on your local computer. remember this if youstart having problems with routing later on. this is called split tunnelling in which certaintraffic goes to the vpn tunnel and other traffic goes to the local network. when troubleshootingnetwork problems it is often useful to look at the local routing table to see where trafficis being routed to.
in a large network you can manually add allthe routes to your routers, but this can become very time consuming. if you use a routingprotocol, the routing protocol will automatically build routing tables for you. these routingtables will change as the network change. for example if a network is added the routingtable is automatically updated. routing protocols also support multiple paths. if there is morethan one path to the destination the routing protocol will only use one route. if a networkfails the routing protocol will remove the dead route and use anther path if one exists.the first routing protocol is open shortest path first or ospf. this is no longer supportedin windows server 2008. for this protocol all you need to know is that it was supportedin windows server 2003 but is no longer included
in windows server 2008. if you are upgradingfrom windows server 2003 to windows server 2008 remember this fact before you upgrade.the next and in fact the only routing protocol supported in windows server 2008 is routinginternet protocol or rip. rip has been around since 1988 and since that time it has beenimproved on. windows server 2008 supports version 2 of the rip protocol. this is thelatest version of the rip protocol for ip version 4.to understand routing protocol and rip better consider this network.in this network there are 3 routers. the first and last routers are connected by an extranetwork connection. this provides an additional path through the network. if the middle routerwere to fail, clients on the network could
still reach there destinations by being routedthough the other routers. the rip routing protocol will detect the down router and removeany routing entries from it’s list for that router. when the router is fixed the rip protocolwill adjust the routing tables. if you decide to use rip on your network,remember rip is based on hops. when network traffic goes through a router this is calleda hop. the route with the lowest hop count gets added to the route table. if all yournetwork connections are the same speed this works well, but if you have some low speednetwork connections you will find that rip will route traffic over these rather thanover the high speed network connections if the hop count is lower. this can cause a lotof performance problems. let’s have a look
how to configure rip.to configure rip, first open the routing and remote access snap in from the start menu.from here, expand down static routes under ip version 4. if i right click on static routesand select show ip routing table, i can see the current routing table for this computer.when rip is enabled you should see more routes appear in here as they are discovered.to install rip, right click general under ip version 4. select the option new routingprotocol. from here select the option “rip version 2 for internet protocolâ€. as youcan see rip is now added to ip version 4. rip is now installed but will not listen orsent rip message until you add some interface to it.if you don’t want an interface to be used
with rip, for example you a very slow networkconnection, do not add the interface to rip and the interface will not be included inany rip advertisement. to add an interface to rip, right click rip and select new interface.from here i can select the interfaces that i want to add. there are four interfaces onthis computer. i will quickly add the first 3 using the default options. on the last interfacei will go through the options. the first option in rip is the operation mode.the operation mode by default will periodic sent out rip advertisements. if you wish toswitch this off select “auto-static update modeâ€. when in this mode rip will not sentout any advertisements and as the administrator you must manually sent them out as required.the “outgoing packet protocol†option
determines which rip advertisement to use.if you have a router that uses rip version 1, you can select it here. by default ripversion 2 will be used as broadcast packets. broadcast packets are sent to all computerson the network. this is a waste of bandwidth and also the wrong hands could obtain yourrouting tables. if you want to try and save some bandwidth,select the option rip version 2 multicast assuming your network supports it. this willuse less bandwidth than broadcast. lastly you have the option silent rip. silent ripmeans the interface will receive rip messages, change it’s routing tables according butwill not sent any rip advertisements. at the bottom of the screen you have the optionto activate authentication. by selecting this
you have the option to set a password on yourrip advertisement. this helps prevent ears dropping of the rip advertisement but doesmean that you need to configure the password on the device that is going to receive theadvertisements as well. on the security tab you have the option toset up security on either the incoming or going routes. by default all routes will besent or received. if you want to only sent or receive routes in a certain range you canadd them here. also you can choose you ignore routes is a certain range as well.on the neighbours tab you can determine how rip will communicate with it’s neighbours.the default option is to broadcast. the next option you use neighbours while still allowingbroadcast or multicast. this means rip will
attempt to contact the other rip devices directlyand will still use broadcast or multicast depending on your settings.also you can add your neighbours in manually, but if you forget to add in a neighbour amessage will still be sent so the other devices can pick them up. the last option uses onlyneighbours and does not use broadcast or multicast. this means that you need to manually add eachneighbour in for the rip message to be sent to that device.if you forget to add a device, that device will not receive any rip advertisements fromyou. since the rip device is being contacted directly, this is the best way to stop unwantedears dropping on the network and provide enhanced security.once the interface is added it will start
advertising routes out this interface to anyrip enabled device on that network. i will also add the other interface to rip as well.on the last tab you can select some option on the timings used for the protocol.the first option sets how often announcements are sent. rip is known as a chatty protocolas it sends a lot of message around the network. increasing this figure does reduce the amountof data that is sent around the network, however this also means that changes in the networkwill take longer to propionate. the time before a route expires will indicatehow long a route is dead before the router will advertise it as dead. the default is3 minutes will does not seem a long time, but consider once the route is mark as dead,on a large network it can take a while before
the router advertisements get through thenetwork and all routing tables are updated. the next option indicates how long beforethe route is removed from the routing table. once a route is consider dead it is markedas such and no longer use. it is a good to leave this setting so that route can be advertisethrough out the network as dead. enable split horizon processing and poisonreserve are advanced network topics. i would leave this options enabled. in a nut shellthey prevent a dead route being reactive by a router thinking that it is still alive.in a large network it is possible to receive a delay advertisement from a router indicatinga route is up when anther router said it is down.without these settings one router may wrongfully
add a route as up when it is in fact down.there you have it, rip is enabled and hopefully will make configuring you networks a lot easier.once you set up your network or start supporting one, you are going to have times when userscomplain that their network communication is not getting through. there are two importanttools that windows server 2008 uses to help troubleshooting routing problems on your network.the first command is trace r t otherwise known as trace route. trace route shows you thepath that packets takes across your network. as shown in the example, if i were to performa trace route to google.com, the trace route command would show me all the routers or hopsthe packet goes through to get to is destination. as you can see on the left hand side, traceroute performs 3 pings to each of the routers
in the path. this gives you an idea how fastthe communication speed is. if your users are complaining about slow response times,using trace route can give you an indication which routers in the path may be congested.if a router is down, trace route will show you the routers it when through before thecommunication was lost. on the far right hand side, trace route willattempt to resolve each router to an ip address. if a dns server is slow to response this canslow down trace route. as you can see, after hop 10 there are no dns records for each ipaddress. trace route stalls for a moment attempting to perform a reverse look up on an ip addressthat it will not be able to resolve. this is a feature you may want to switch off. todo this, use the -d switch.
if i perform the trace route command againwith the –d switch and this time use a ip version 6 dns name, that is “ipv6.google.comâ€,you will see that tracert worked out the destination is an ip version 6 address and this time isusing ip version 6 to work out the path. notice on the right hand side a reverse look up isno longer being performed on the ip addresses. this makes trace route a lot faster.you will notice that hop 2 came up as asterisk for the times and request timed out for theip address. if trace route does not receive a response back it will display a asterisk.this means that either there was a lot of congestion at the router or possibly a firewallblocked the return packet. by default most firewall will not send a response back androuters can be configured to do the same,
so if you see this in your trace route thismay be normal behaviour. the next command is path ping. this tracesthe route like trace route however the big different it is provides statistics over alonger period. i will use the pathping with the host google.com. i have added the -4 switch.this forces pathping to use ip version 4. i could also use the -6 switch to force itto use ip version 6. these two switches work in a lot of the windows command line toolsincluding trace route. you will notice that pathping traced the path to the destinationlike trace route did, but did not provide an indication how long each hop took.once finished path ping will pause and gather statistical information about the time takento each hop. in this case over 425 seconds.
i will accelerate time so we can see the resultswithout having to wait. you can see here that pathping provides an average time to eachhop and also statistics on packet lost. if you want to test how reliable your networkis, pathping is a good tool to test with as it gives you an indication of how many packetswere lost over the time period the tests were run.ip version 6 is fully supported in windows server 2008 for routing. before your windowsserver 2008 router will route ip version 6 packets it needs to be enabled. earlier inthe course i discussed the concept of a network prefix. in you are using windows server 2008as an ip version 6 router you should set the ip version 6 prefix. this prefix is automaticallyassigned to each of your devices on your network.
i will go through quickly how to perform these2 steps. in reality it is very unlikely microsoft will ask you a question on ip version 6 routingin the exam, but going through it does help you under stand some of the other conceptsbetter. from the start menu, launch the routing andremote access tool. once loaded right click your router and select properties. tick thetick box ipv6 router to enable ip version 6 routing. next i want to select the tab ipv6.here you can enter the prefix for your network. in this case i will use the first privateaddress f d 0 0. when an ip version 6 computer or device starts up on the network, this prefixwill be appended to their host address giving them a complete ip address that is routableon your network.
remember this for ip version 6, a device orcomputer uses discovery to find the network prefix for that network which is set here.it than uses this network prefix as part of it’s ip address. for the exam it is notso important that you remember how to set the prefix, but make sure you understand theprefix is advertised to the client by a router or a dhcp server and than used as part ofit’s ip address. in the real world you probably will not usewindows server 2008 as a router. most companies will use a hardware router. windows server2008 routing support is good for ip version 6 and includes support for transition protocolslike 6to4. if you are interested in learning more about ip version 6 and transition protocolsthan using windows server 2008 or windows
server 2008 r2 is a good place to start.using windows as a router saves you having to purchase an ip version 6 router if allyou want to do is experiment. remember, for the exam make sure you understanding ip version4 routing. it is very unlikely microsoft will ask you a question on ip version 6 routing.
0 comments:
Post a Comment