Overloading Your Server with Multi-Homing

Did you know that Windows NT 3.51 (and nothing suggests this situation willchange in 4.0) is not always the easiest OS in the world to troubleshoot? In theLab, we keep finding this out--the hard way.

In our continuing efforts to bring you meaningful performance test results,we had a neat idea: Set up a heterogeneous network with every known protocol andas many different network types as we have cards for, in a multimaster domainmodel. Then we can test any software or hardware in any configuration and havetransparent access to the Internet, our corporate LAN, and all the systems inthe Lab. Pretty nifty, huh?

Well, not really. Experienced network administrators will ask, "Why doyou even want to?" or, "You really think you're gonna make that work?"Neither question is far off the mark. How many corporate LANs have Ethernet10Base T, 100Base TX, 100Base T4, and 100VG all connected to the same computer?If you do, we'd like to hear about it.

We wanted this setup to centralize system and network administration on onemachine and to route traffic among all the networks we test. So here's what wedid: In a Digital Prioris HX 5133DP server (dual 133MHz Pentium, 64MB RAM, 4GBdisk), we installed a card for each of the above network types. Then we gavethem all IP addresses in the same subnet and created multi-homing (forinformation, see Ed Tittel and Mary Madden, "Multi-Homing on the Web,"September 1996) so that we'd have no conflicts with corporate computers oroutside addresses. (We stayed within our licensed address range.) Our intentionwas for this system to operate as the Primary Domain Controller (PDC) for allsystems in the Lab.

The plan didn't work so well. First, the PDC screeched to a halt. It bootedand ran slowly, network accesses easily confused it, and it crashed at everyopportunity. Second, nothing really worked: Because networked systems couldn'tsee the PDC, it couldn't route traffic, and the domain administration didn'tfunction.

This mess happened for several reasons. We learned that although NT letsyou do all this, it really isn't meant to--Microsoft just gives you enough ropeto hang yourself. All kinds of conflicts start occurring: The machine can'tadequately handle the I/O interrupts for that many network adapters; you can'thave more than one NIC on the same subnet, or the system doesn't know which cardnetwork traffic needs to go through; and you have to manually set up routingtables to convince the machine that being a multi-protocol router is okay--andeven then the solution doesn't work cleanly.

To solve all these problems (well, most of them), we changed each card's IPaddress to one on a different subnet (204.56.55.XXX on one card, 204.100.100.XXXon another, and so on). The machine now works like a champ (except for someslowdown for the interrupt handling). At least it runs. The networks still can'tsee each other (we attribute this blindness to a Multi-ProtocolRouting--MPR--problem), but they can PING.

We had to invent IP addresses for each network type--this solution is notthe best. (For information about IP addressing and MPR, see Mark Minasi'scolumn, "Gateways Revisited," on page 47.) We can no longer attachthese systems to the Internet for fear of trampling someone else's address. Youcan do what you want on an isolated network, but if you throw the outside worldinto the mix, things get a lot more complicated.

What if you want to increase total throughput by setting up multiplenetwork segments going into a single server? What if you need to route trafficamong OSs and network types? What if you need to set up multiple IP addresses torun virtual servers on a Web machine? The world is running out of new IPaddresses, so you may need multiple NICs in one server, but have a limitedaddress range to work in. Your only choice is to buy multiple addresses and dealwith the administrative hassle of maintaining different client systems attachedto the same server but on different subnets. NT will let you operate multipleaddresses in the same subnet on one machine, but that solution is far fromideal.

Perhaps something like Microsoft's new proxy server, Internet Access Server(IAS--formerly, Catapult) will make all this hassle moot. With it, you'll beable to mask your corporate IP range from the world and use one IP address tointerface to the Internet. According to rumor, Service Pack 4 for NT Server 3.51solves some of these multi-homing/multiple-NIC problems. (For information aboutIAS, see Mark Joseph Edwards, "Microsoft's Internet Access Server,"September 1996, and "Configuring Microsoft's Internet Access Server,"page 153.)