Multiple IP Addresses for website, routing and NAT
- From: "Ken" <kenl@xxxxxxxxxxxxx>
- Date: Fri, 24 Mar 2006 05:51:02 -0600
NOTE: This was originally posted in microsoft.public.inetserver.iis
newsgroup. It was
suggested over there that this might be the more appropriate forum. Sorry
for the
cross-post. I'm hoping I can get an answer to my IIS question so I can get
on with
the build of these routers. Thanks in advance for any assistance . . . Ken
Original Post:
I'm trying to set up a low cost automated router failover configuration for
an IIS6.0 server.
What happens with the traffic when you have an IIS web site configured to
respond to multiple IP addresses? For example, let's say that the IIS6.0
server is set up to with IP addresses 192.168.10.100 and 192.168.11.100
(these are NAT'ed addresses from two ISPs public IP addresses, call them
ISP10 and ISP11). Let us also assume that all traffic to the web server
will originate from the public Internet and will go through NAT translation
to the internal address non-routable addresses (ISP10's traffic NAT'ed to
192.168.10.100 through Router10 and ISP11's traffic to 192.168.11.100
through Router11). Furthermore, the default gateway for the web server
machine is 192.168.10.1 (Router10).
If a request comes in on Router10, it will be NAT'ed to 192.168.10.100. The
web server will process it and route the response back out through the
default gateway to 192.168.10.1. This is fine and good (and simple). The
outbound response will have a source IP address of 192.168.10.100 (before
the outbound NAT translation).
Now my question is what happens to requests that come in through the 2nd
ISP's router? They will be NAT'ed to 192.168.11.100 and routed out the LAN
side interface to be picked up by the web server. When the web server
responds, the destination address is going to be outside the internal
network so it is going to be sent out through the interface associated with
the Gateway address (on Router10), rather than through the originating
router. What will be the source IP address on the response packets? Will
it be 192.168.11.100 (consistent with the inbound routing) or will it be
192.168.10.100 (consistent with the outbound routing)?
This question comes up because I am trying to set up a pair of Cisco routers
with Hot Standby Router Protocol (HSRP) to provide automatic backup if one
or the other fails. Both will be configured with both ISP's public
addresses on their WAN side (although normally, only one ISP's traffic will
be handled by each -- both are configured to handle all the traffic if its
companion fails). Each will NAT its inbound traffic over to one or the
other of two internal network IP addresses. I will use round robin DNS
scheduling to load-balance the inbound traffic between the two ISP's.
If the return traffic's source IP is returned as the same as the destination
of the inbound request, I can set up a Policy-Based Routing (PBR) rule on
both routers to return the responses back out through the originating ISP's
public IP addresses (so the returned traffic will have the same Source IP
address as the inbound traffic's Destination IP address which will prevent
the browser's Intrusion Detection/Protection system from thinking that the
addresses have been spoofed). I need the return traffic to come back out
with the same address as the inbound traffic for the PBR to work, though.
Please respond to the newsgroup. Thanks in advance for any responses.
.
- Prev by Date: Re: Remote Desktop to multiple PC's
- Next by Date: RE: Can't connect to Server via Remote Desktop
- Previous by thread: Windows Server 2003 as gateway
- Next by thread: RE: Can't connect to Server via Remote Desktop
- Index(es):
Relevant Pages
|
