NT Workstations Using an IP Router

Get Rid of Those Default Gateways!

A couple of months ago, I talked about how to make a Windows NT machine intoan IP router, but I didn't cover the implications for workstations that usethat router. This month, I want to look at this area so I'll have all the piecesin place to cover next month's topic, the grand finale: using an NTmachine as a LAN-to-WAN router to the Internet.

An example of a workstation that uses an IP router is a simple three-subnet "internet"(the example includes only three subnets, so this is an "internet,"not part of the "Internet"). Figure 1 shows this "internet."

First, you see three separate Ethernet segments, three separate subnets.They are all C-class networks (subnet mask 255.255.255.0), just to keep thingsclean. Ovals represent two of the networks. The left oval, containing199.100.200.0, is shorthand for an Ethernet with up to 254 computers. Addressesrange from 199.100.200.1 through 199.100.200.254. Notice I said 254, not 253,because these subnets have no default gateway.

The right oval represents a network whose addresses range from 200.15.16.1through 200.15.16.254--network number 200.15.16.0. Between these ovals is athird subnet, with the address 210.50.200.0. The PC in the middle contains onlyone Ethernet card, and its IP address is 210.50.200.40.

The rectangles on the right and left sides are routers, computers with twoEthernet cards and thus two IP addresses apiece. Each has an address on the210.50.200.0 network, and each has an address on either the 200.15.16.0 networkor the 199.100.200.0 network. These routers can be PCs running NT, or they canbe dedicated routers from Cisco Systems, Bay Networks, Compatible Systems, orthe like.

The plan is to set up the workstation at 210.50.200.40. Notice that, fromthis workstation's point of view, it has two possible "gateways,"210.50.200.200 and 210.50.200.22. Which should be the default gateway?

The answer: neither. When you set up the .40 machine with a static IPaddress (that is, if you just punch in an IP address, subnet mask, and such,rather than letting the Dynamic Host Configuration Protocol (DHCP) automaticallygive it an IP address), you leave the Default Gateway field blank. Younow need to tell the machine at 210.50.200.40 how to route to anywhere on thisnetwork. The following are some facts this machine needs to know.

1) To get a message to the 199.100.200.0 network, send it to the machine at210.50.200.200.

2) To get a message to the 200.15.16.0 network, send it to the machine at210.50.200.22.

3) To get a message to the 210.50.200.0 network, just use your own Ethernetcard; send the message out on the segment, and it'll be heard.

You tell a workstation how to send packets with the route addcommand. It looks like this:

route add destination mask netmask gatewayaddress

In this command, destination is the address or set of addresses that youwant to reach. Netmask defines how many addresses are there: Is it aC-class network with 250+ addresses, something subnetted smaller, or perhaps asupernet of several C-class networks? Gatewayaddress is just the IPaddress of the machine that will route your packets to destination.

The routeadd command for the 199.100.200.0 network looks like this:

route add 199.100.200.0 mask 255.255.255.0 210.50.200.200

It means, "to send a message anywhere on the 199.100.200.0 network,send it to the machine at 210.50.200.200, which will take care of it."

Just a reminder on subnetting, for clarity's sake: Suppose the network onthe left isn't a full C-class network, but a subnetted part of it; supposeinstead that it is just the range of addresses from 199.100.200.64 through199.100.200.127. The network number is, as always, the first address(199.100.200.64), and the subnet mask is 255.255.255.192. The routeadd commandthen looks like this:

route add 199.100.200.64 mask 255.255.255.192 210.50.200.200

Next, you add a command for the network on the right. This command takesthe form

route add 200.15.16.0 mask 255.255.255.0 210.50.200.22

That command will get an NT system up and running. Now it can access allthree subnets.

Suppose the workstation at .40 tries two PING commands: PING 2.44.214.33and PING 200.15.16.170. Suppose also that no machine on the 200.15.16.0 networkhas the IP address 200.15.16.170. Now both PINGs will fail, because neithermachine is on this network, but each will produce a different error message.PINGing 200.15.16.170 will produce, "Request timed out," and PINGing2.44.214.33 will produce, "Destination host unreachable."

Why the different error messages? In the case of 200.15.16.170, the PINGwent out to the 200.15.16.0 subnet, but no one responded, so PING timed out. Inthe case of 2.44.214.33, the workstation simply didn't know where to sendthe packet. If you send mail to a non-existent Ignatz Semmelweiss in Sydney,Australia, you just address a letter and drop it into the mailbox. A responsemay take awhile, but eventually you'll get a message that says, "The mailsystem hasn't gotten a response from Ignatz." But how can you send a letterto someone living on the fourth planet orbiting Proxima Centauri? You can't. Youhave no idea how to begin sending that message. That's a "destinationhost unreachable" message.

Clearly, then, to troubleshoot NT networks that use TCP/IP, you examinewhat a workstation knows about routing. You can find out by opening a commandprompt and typing, ROUTE PRINT or netstat -rn. If you do that on the .40workstation, you'll get a result like screen 1.

Notice that the format of ROUTE PRINT's output is similar to the way youformat data in ROUTE ADD. Also notice that most of the routing information isgenerated automatically.

The first line is the loopback information. Send a message to any IPaddress from 127.0.0.0 through 127.255.255.255, and the message will be echoedback to you. Note the general mask, 255.0.0.0. The gateway address 127.0.0.1 isthe preprogrammed loopback address. The second and third lines are the ROUTE ADDstatements that you manually entered. The fourth statement just says, "totalk to your own subnet, just shout out the message, and everyone will hear it."

The fifth statement says, "to send to 210.50.100.40, send to127.0.0.1." Again, notice the mask, 255.255.255.255. It means, "thisrouting rule applies only for this one IP address." The statementafter that looks the same except for the last quad; 210.50.100.255 is theaddress that your workstation would use to broadcast a message intended forevery computer on its subnet.

The seventh line defines an "internet" multicast address.A multicast is a network communication to more than one machine, but notnecessarily all machines; a multicast is a message received only by themachines that want to receive it. For example, all the PCs in a workgroup mightwant to receive browsing messages. However, PCs that are on the subnet but arenot members of the workgroup wouldn't want the messages. So the PCs on theworkgroup would all join a multicast group. Browser messages would then go tothe "internet" multicast group. Some NT Internet software uses "internet"multicast groups, so you must define the multicast address. It is 224.0.0.0. Thelast line is the limited broadcast address, a kind of generic broadcastaddress.

When does entering a value for Default Gateway make sense? A defaultgateway is the address of a catch-all router, usually one connecting your subnetto the Internet or to a large corporate intranet. I don't have one here. But ifI did have a connection to the Internet (for example, a router at210.50.100.72), how would I include that in my routing table? TheROUTEADD commands you've seen so far connect you to a particular network. Typingin thousands of ROUTEADD statements, all referring to 210.50.100.72, is one wayto explain to your workstation that 210.50.
100.72 is how to get to therest of the world. But an easier way is to type

route add 0.0.0.0 mask 0.0.0.0 210.50.100.72

I've been using the Internet notation 210.50.100.0 as shorthand for "therange from 210.50.100.0 through 210.50.100.255"; zero acts as a wildcardfor IP addresses. Extend that notion a bit, and you can see that 0.0.0.0 means "everything."It is the Internet version of *.* in DOS. The mask 0.0.0.0 includes no one-bits,which says, "when you're matching this pattern, don't worry about matchingany of the bits--everything matches." That's the definition of agateway address.

On any NT machine, you can leave the Default Gateway field blank, and youcan enter a default gateway at runtime with the routeadd 0.0.0.0... command. Whydo that? Because then you can change the default gateway on the fly, withoutneeding to reboot your machine--which is useful when you're experimenting withrouting.

You can get ready for next month's column by doing a little homework. GetMicrosoft's Multivendor Protocol Router (MPR) and Service Pack 3 for NT 3.51.MPR is on ftp.microsoft.com at/bussys/winnt/winnt-public/fixes/usa/NT351/ussp3/mpr, and Service Pack 3 is at/bussys/winnt/winnt-public/fixes/usa/NT351/ussp2. I'll use them and RemoteAccess Service (RAS) to make an NT machine into a LAN-to-WAN Internet router.

Thanks for the Mail--Keep It Coming!
I appreciate the large amount of positive mail that I'm getting about thiscolumn. If you drop me a line this month, please tell me whether this topic iswhat you want to see. I want to spend time on TCP/IP issues--routing, DHCP,Windows Internet Naming Service (WINS), Domain Name Service (DNS), and Internetmail for starters.

If that agenda sounds good, please let me know. If not, or if you wantsomething else, let me know about that, also. And note my new mail address:[email protected].