Re: Multihoming Windows 2000

From: Phillip Windell (_at_.)
Date: 11/30/04 

Date: Tue, 30 Nov 2004 09:46:51 -0600

"CiscoKid" <cisco@yahoo.com> wrote in message
news:10qnmn69gobefc8@corp.supernews.com...
> The thinking by some folks was to isolate the traffic by putting 2 NICS
> in each server. 1 NIC from each host would be connected to the current
> core network, the 6509.
> .............<shortened>.................
> other words the second switch and the 2 NICs on each host that makeup
> this so called private network, will be isolated. There will be no
> gateway connected to the private network.

Whether there is a Gateway or not is almost irrelevant. There is more to it
than hooking a bunch of cables and Nics together (the Physical Layer). The
issue is that any machine, no matter if you stick a dozen Nics in it, is
still only going to have its machine name resolve to a *single* IP# and the
Nic associated with that IP# is going to be the one that the traffic will
use.

> My thinking is like yours though...I don't really see the need for the 2
> NICs in each server. It would seem to me that if the desire was to
> isolate the traffic, that each host should have only 1 NIC and that NIC
> should be connected to the second switch and the second switch should
> then be connected to the 6509. That way, all the hosts would be on
> their own VLAN and rather than depending on the hosts for routing, any

Yes, although you won't even need VLANs or additional subnets. It would work
on a single subnet. Now I'm not saying you can't have subnets, I'm only
saying they aren't required. We are actually working with Layer2, not
Layer3. You only have to deal with Layer3 when protecting from excessive
Broadcasts. You are actually wanting to avoid excessive
Collisions/Congestion which is a Layer2 thing. Remember that Switches create
Collision Domains while Routers create Broadcast Domains.

So...

LANs function by Ethernet Addresses (MAC addresses) not IP#s. IP only
navigates you to the proper subnet then it is Ethernet (MAC) after that
point. You place the Servers on thier own dedicated Switch which would then
be linked to another switch (or a router then another switch) with other
rmachines on it. Any traffic between the servers will never leave their own
switch because the switch will "switch" the packets based on MAC addresses
and therefore the packets with pass *only* between the exact ports on the
Switch that the Servers are connected to. The other switches & routers on
the LAN will never see that traffic.

Think about it....that is why "network sniffers" don't work on "switched"
LANs unless you use Agents or configure monitoring ports on the Switches to
overcome the "seggregation" created by the Switches.

The Server's Switch will bear the whole load on it's "backplane". There
isn't much chance you would over load that, but if you are worried about it
you can use a Gigabit switch with Gigabit Nics in the Servers. Just make
sure your cables are high enough quality to handle it or it might run even
slower than a 100mbps switch would have. 

-- 
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
>
> "Phillip Windell" <@.> wrote in
> news:OgU$lCk1EHA.3404@TK2MSFTNGP10.phx.gbl:
>
> > "Mikey" <mwest@intrex.net> wrote in message
> > news:242d129.0411290759.412c967f@posting.google.com...
> >> They are looking to connect all hosts to the core network via 1 NIC.
> >> They generally refer to this as the Public network.  The second NIC
> >> will connect to another switch and this network is considered the
> >> Private network.  They plan to totally isolate the Private network.
> >> It will have no connection to the core network and the only route off
> >> of the Private network will be via the hosts connected to it.
> >
> > Well, I'm not totally sure what you are describing, but what parts of
> > it I think I understand,...I don't like. I just don't like multi-homed
> > servers except for routers, nat boxes, and proxys,...I guess it is
> > almost a "religious" thing for me  :-).
> >
> >> concerned about....and that is that some traffic is going to use the
> >> adapter listed first in the connection order.  Can you give me some
> >> examples of when that might occur?
> >
> > Not sure how it applies in this case,...partly because I am still
> > unsure what this case is.
> >
> >> And, would it not be better to connect all hosts via one NIC to the
> >> second switch and then connect that switch to the core network?  That
> >> way....all hosts only use one adapter and all the traffic is
> >> seperated from the core switch.  It just seems to me it would be
> >> better doing that and allow the switches to control the data
> >> flows....expecially since the core switch is a layer 3 Cisco 6509.
> >> The multihoming, to me, just doesn't seem to be worth the trouble.
> >
> > Speaking in general...the only time any machine should have two active
> > Nics is when the machine is built to be a Router, a NAT Firewall, or a
> > Proxy Server.  There is also "Nic Teaming", but that is "third party"
> > and not a function of, nor an "ability" of any Windows OS.  But it is
> > possible to have several duel Nic Servers that do *not* have "routing"
> > enabled and simply "live" on two networks at the same time.  There
> > will still be a "default network" that is reflected by the machine's
> > Default Gateway (the subnet that is in).  Usually the Nic that is a
> > member of that same subnet would also be the first in the binding
> > order (but maybe not always).
> >
> > That may not help much, but it is the best I can do with what little I
> > know about what you are doing.
> >
> > By-the-way, the Cisco 6509, I believe, is a switch and router combined
> > into the same device. We use a similar HP device. To avoid confusion,
> > refer to it as a Router instead of a switch unless you are referring
> > specifically and only to the Layer2 functionality. I know what it is
> > because I run something similar but others will probably get tripped
> > up on that.  Anytime you are dealing with IP#s, networks, and subnets
> > [all Layer3 terms] then the 6509 is a "router".  If you are dealing
> > with MAC addresses and hosts within the same subnet [Layer2 concepts],
> > then the 6509 is a "switch".
> >
>