Multi Homed Distribution Point
Hello Could one of you experts give me some ideas here?I have a firewall. On one side sits all of my servers in a single vlan. On the other side sits 6 vlans which contain a total of 4000+ clients.Right now, if I place my distribution point -into the server vlan, I will be limited on my bandwidth due to firewall limitations.Is there a way I can move the DP out of the server vlan and multihome it to the 6 workstation vlans? I know this firewall is going to cause me issues, but I really don't want to deploy 6 separate DP's if I can utilize one which is multihomed.Does anyone have any experience with this issue?Thanks,Jason
June 16th, 2009 4:34pm
Why multi-home? Can you not route between your six workstation vlans? Also, for 4000+ clients you should probably consider two DPs.Jason | http://myitforum.com/cs2/blogs/jsandys | Twitter @JasonSandys
Free Windows Admin Tool Kit Click here and download it now
June 16th, 2009 4:53pm
Unfortunatly, the router is behind the firewall so any routing would be subject firewall restrictions. Any idea if multi homing a DP is even possible?Thanks,Jason
June 17th, 2009 8:49am
That's a very strange network configuration. Just to verify, each workstation vlan is physically separate and connected to the firewall on a different interface and all routing between the vlans happens on a router behind the firewall???? Are you sure you don't have layer-3 switches performing the routing? Or is there completely no routing between the vlans? If there's no routing, are you planning on putting 6 NICs in the DP? As for the actual multi-homing, the only issue I potentially see depending on the information you supply about your network config and my understanding of that info is name resolution. Clients will be looking for \\DP but because each vlan will be connected to a separate interface, each vlan would have to resolve \\DP to a vlan specific IP. DPs are nothing more than SMB/WebDAV file shares.Jason | http://myitforum.com/cs2/blogs/jsandys | Twitter @JasonSandys
Free Windows Admin Tool Kit Click here and download it now
June 17th, 2009 9:34am
No I agree, that does sound strange indeed. Actually, the workstation vlans runinto a router before going to the firewall. The server vlan is on the other side of the firewall. There is no routing allowed between vlans except for the IT vlan which can route to all.I will need to talk to the network guys. We should be able to put the dp right off the router perhaps even on its own vlan as you suggested.
June 17th, 2009 2:41pm
Regarding to name resolution, the default behaviour of the DNS client can be changed for Windows 7 clients.
In short, the behaviour of the Windows 7 DNS client can be changed to get the closest IP adres (local subnet in this case) in stead of using DNS round robin.
In Windows Vista RTM and 2008 RTM the default DNS client behaviour was to use the closest IP adres in stead of DNS round robin, in Windows 7 and 2008 R2 however the default behaviour is changed again to DNS round robin. This behaviour can be changed by a registry
key.
For more information see the articles below:
DNS Round Robin and Destination IP address selection:
http://blogs.technet.com/b/networking/archive/2009/04/17/dns-round-robin-and-destination-ip-address-selection.aspx
Windows Vista and Windows Server 2008 DNS clients do not honor DNS round robin by default:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;968920
Windows Vista and Windows Server 2008 have a new TCPIP stack that supports IPV4 and IPv6 natively. This new stack follows RFC 3484 Default Address Selection for Internet Protocol version 6 for IPV6 and for IPV4 when possible. This RFC attempts
to select the closest IP address rather than using DNS round robins random selection.
The behaviour can be set with the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
DWORD = OverrideDefaultAddressSelection
Value data: = 1
For Windows Vista and Windows Server 2008, the default value for this registry key is 0.
For Windows 2008 R2 and Windows 7, the default value for this registry key is 1.
To use the closest IP behaviour the value needs to be set to 0.
Free Windows Admin Tool Kit Click here and download it now
May 23rd, 2012 3:37am