IP Routing with NT

How to Turn NT Server into an IP Router

Last month, I talked about the basics of Internet Protocol (IP) addressing.The reason that anyone cares about IP is because it makes building largenetworks relatively simple. The strength of IP lies in its routing ability. Butin order to use IP for this purpose, you need a piece of hardware called an IProuter.

There are several kinds of IP routers: One connects your network to theInternet over a WAN connection. Another connects LANs to LANs directly with noWAN connections.

The first kind of router you'll need to install is the network-to-WANrouter, but as your network grows, you'll also need the LAN-to-LAN type. Theproblem with network-to-network routers is that they cost about $3000+. But forsimple routing, you don't need to spend a dime: You can use Windows NT Server.This month, I'll show you how.

LAN-to-WAN Routers
My firm uses about 50 IP addresses for its computers (most of which need oneIP address each), our Integrated Services Digital Network (ISDN) bridges (again,one IP address each), and our routers. A few years ago, we put our network onthe Internet. To do that, we needed a LAN-to-WAN IP router and an InternetService Provider (ISP).

A router is basically a box that sets between two networks. It allows eachnetwork to communicate with the other by relaying messages between them. Forexample, on my network, I'm allowed to use the range of addresses from199.34.57.0 through 199.34.57.255--I have a C-class network.

You may recall from last month that I cannot use two of those addresses:199.34.57.0 and 199.34.57.255. The ".0" is the network number,a generic way of saying "all addresses from 199.34.57.1 through 199.34.57.254." The ".255" is the broadcast address, a singleaddress used to send a message to all the computers on my network. (Last month Ialso noted that I couldn't use the 199.34.57.1 and 199.34.57.2 addresses. That'snot a carved-in-stone Internet rule, but rather an artifact of how I run mynetwork.)

My network resembles the network shown in figure 1. It has a LAN-to-WAN IProuter with a set of instructions that tells it how to route the packets itreceives. The routing table has an absurdly simple mission: If there's a messagefor 199.34.57.0--in other words, if there's a message for any address on myC-class network--send it to the Ethernet. If there's a message for any otheraddress, send it via the serial port to the modem, which then puts the messageon the Internet.

The router in figure 1 is not the one I recommend you use withWindows NT Server. It's not usually a good idea to use Windows NT as aLAN-to-WAN router, although it can be done.

For my network, I use a Compatible Systems Microrouter 900i. It's one of thebest purchases I ever made for my network. It cost about $850, which is quitereasonable, but that's not the only reason it's a good deal. Although it'spossible to use an NT machine as an Internet-to-Ethernet-via-WAN-connectionrouter, my tests show that the Compatible box routes packets more than twice asfast as an NT machine does.

Building an NT LAN-to-LAN Router
If my network becomes larger and I get another C-class network, for example,223.200.200.0, or if I decide to divide my network into smaller subnets, I willhave multiple network segments--it's the same story whether you use Ethernet orToken Ring--and I will need a router (see figure 2).

The LAN-to-WAN router now has a more difficult job. For a machine on199.34.57.2 to send a packet to any machine on 223.200.200.0, it must send thepacket to the router at 199.34.57.2. That's where it sends all packetsthat need routing. Now that router must be smart enough to know not tosend the packet over the WAN but to send it to the router for 223.200.200.0. Youalso need a LAN-to-LAN router between 199.34.57.0 and 223.200.200.0.

To build a Windows NT Ethernet-to Ethernet router, you need a computer withtwo Ethernet cards, one for each of the network segments (223.200.200.0 and199.34.57.0). The Ethernet card for 223.200.200.0 will be the default gatewayfor that network, and convention says that it should then be assigned the firstaddress in the available range: in other words, 223.200.200.1. The address forthe Ethernet card on the 199.34.57.0 side is pretty much up to me, so I'llarbitrarily assign it IP address 199.34.57.241.

Now, how would I configure the NT system so that it routes packets between199.34.57.0 and 223.200.200.0? As always, I configure TCP/IP on each of the twoEthernet cards via the Control Panel: Open Network, select TCP/IP protocol, andclick on the Advanced button. That gives me a dialog that lets me assigndifferent IP addresses to the different network adapters.

On the 199.34.57.0 network card, I set the IP address to 199.34.57.241, myEthernet card address. Because this network is not divided into subnets beyond Cclass, I use subnet mask 255.255.255.0, and as before, the gateway for my199.34.57.0 network is 199.34.57.2.

On the 223.200.200.0 network card, I set the IP address to 223.200.200.1,which is the default gateway--and the convention--for that network. Assumingthat I don't want to subnet the network further, the 255.255.255.0 subnet maskshould be fine.

Now--and here's the strange part--I set the Default Gateway to all blanks.Instead of "0.0.0.0," I put a blank into each field. I don't know whythis works, but I know that it does. In fact, it seems to be essential tothe recipe. I haven't found a way to route packets via NT without it.

In the Advanced Microsoft TCP/IP Configuration dialog you'll see Enable IPRouting. If you have only one network adapter, this box is grayed out. But ifyou have multiple network cards, it is enabled. Check the box to tell NT toroute packets, click on OK until you're out of the Control Panel, and thenreboot your system.

When NT router is ready
Now is a good time to see if you've gotten everything set up correctly. Openan MS-DOS command prompt, and type IPCONFIG /ALL. This useful command works forboth Windows NT machines and Windows for Workgroups machines. Windows 95 has asimilar program called WINIPCFG. On my system, IPCONFIG/ALL displays theinformation shown in screen 1.

Now, I'm almost ready. But my NT machine's IP software is a bit confused.When it gets data, it doesn't know which network card to send the data to. Toresolve this confusion, I need to force the software to route everythingover 199.34.57.241.

Because "0" means "everything"--as in 199.34.57.0--Itell the system to route everything over 199.34.57.241 with a command executedfrom the command line: route add -p 0.0.0.0 mask 0.0.0.0 199.34.57.241. The mask0.0.0.0 says that the reference is to all addresses, and the -p means that itshould be a permanent change to the NT machine's routing tables.

Then I go to my LAN-to-WAN router and add a line to its routing tables:route add -p 223.200.200.0 mask 255.255.255.0 199.34.57.241. This new line says,"whenever you need to send something to 223.200.200.0, send it to199.34.57.241."

These route commands are called static routes because they'rehard-wired. I told the routers how to route data. In networks that are largerthan mine, you wouldn't use a router that relies upon static routes. Instead,you'd buy one with some built-in intelligence that tells it how to route. That'swhy these routers cost $3000.

Just above static routers in capability are those routers using commonprotocols, called Routing Internet Protocol (RIP) or Open Shortest Path First(OSPF). Higher-performance routers use proprietary routing algorithms. But,sadly, a Windows NT machine can do only static routing. It knows how to go onlywhere you tell it to go. But if your network is a small one, that might just beenough to handle your needs.

Just the Beginning
This is just one aspect of setting up a multiple-segment network. Next,you'll have to handle the problem of supporting network browsing across arouter. You may want to ignore my earlier advice and use your Windows NT machineas a LAN-to-WAN router. I'll discuss both of these topics in future columns, Ipromise!