Source IP address selection on a Multi-Homed Windows Computer

[Nytro]

[h=3]Source IP address selection on a Multi-Homed Windows Computer[/h]MichaelPlatts [msft] 24 Apr 2009 4:59 PM

Aka "Cum se selecteaza IP/NIC" cand se trimite un pachet in retea.

There is often confusion about how a computer chooses which adapter to use when sending traffic. This blog describes the process by which a network adapter is chosen for an outbound connection on a multiple-homed computer, and how a local source IP address is chosen for that connection.

[h=3]What is Source IP address selection?[/h] Source IP address selection is the process by which the stack chooses an IP address.

Windows XP and Windows Server 2003 are based on the weak host model.

When a Windows Sockets program binds to a socket, one of the parameters that is passed in the bind() call is the local (source) IP address that should be used for outbound packets. Most programs do not have any knowledge of network topology, so they specify IPADDR_ANY instead of a specific IP address in their bind() call. IPADDR_ANY tells the stack that the program is going to let the stack choose the best local IP address to use;

[h=4]Windows XP behavior[/h] KB175396 - Windows Socket Connection from a Multiple-Homed Computer

The TCP/IP component of all Microsoft Windows operating systems prior to Windows Vista is based on a Weak Host model. This model gives program developers the greatest amount of leeway when they design programs that use the network and are compatible with Microsoft products. This model also puts the responsibility of the behavior of the networking program on the developers, because the developers specify how the program accesses the TCP/IP stack and responds to incoming and outgoing frames.

On a computer that has one network adapter, the IP address that is chosen is the Primary IP address of the network adaptor in the computer. However, on a multiple-homed computer, the stack must first make a choice. The stack cannot make an intelligent choice until it knows the target IP address for the connection.

When the program sends a connect() call to a target IP address, or sends a send() call to a UDP datagram, the stack references the target IP address, and then examines the IP route table so that it can choose the best network adapter over which to send the packet. After this network adapter has been chosen, the stack reads the Primary IP address associated with that network adapter and uses that IP address as the source IP address for the outbound packets.

Example:

Source supplied in the call: IPADDR_ANY

Target IP:192.168.1.5

Route Table:

Nic 1 - 192.168.1.10/32

Nic 1 - 192.168.1.11/32

Nic 2 - 10.0.0.10/32

Nic 2 - 10.0.0.11/32

The chosen source IP:192.168.1.10

The chosen source NIC: Nic 1

If the program specifies a source IP address to use in the bind() call, that IP address is used as the source IP address for connections sourced from that socket. However, the route table is still used to route the outbound IP datagrams, based on the target IP address. As a result of this behavior, the source IP address may not be the one associated with the network adapter that is chosen to send the packets.

Example:

Source supplied in the call:10.0.0.10

Target IP:192.168.1.5

Route Table:

Nic 1 - 192.168.1.10/32

Nic 1 - 192.168.1.11/32

Nic 2 - 10.0.0.10/32

Nic 2 - 10.0.0.11/32

The chosen source IP:10.0.0.10

The chosen source Nic: Nic 1 <- Note this is not the Nic the source IP is on.

[h=3]Summary[/h] If a source IP is not given the Primary IP address of the adapter with a route that most closely matches the target IP address is used to source the packet and the adapter that the Primary IP is associated with is used as the source adapter.

If the source IP is specified the adapter that is used to send the packet is the one with a route that most closely matches the target IP address and this may not be the adapter that is associated with the source IP.

[h=4]Windows Vista/Windows Server 2008 behavior[/h] Windows Vista and later are based on the strong host model. In the strong host model, the host can only send packets on an interface if the interface is assigned the source IP address of the packet being sent. Also the concept of a primary IP address does not exist.

Similar to XP when if a program doesn't specify a source IP, the stack references the target IP address, and then examines the entire IP route table so that it can choose the best network adapter over which to send the packet. After the network adapter has been chosen, the stack uses the address selection process defined in RFC 3484 and uses that IP address as the source IP address for the outbound packets.

Example:

Source supplied in the call: IPADDR_ANY

Target IP:192.168.1.5

Route Table:

Nic 1 - 192.168.2.10/32

Nic 1 - 192.168.1.11/32

Nic 2 - 10.0.0.10/32

Nic 2 - 10.0.0.11/32

The chosen source IP:192.168.1.11

The chosen source NIC: Nic 1

If the program specifies a source IP address, that IP address is used as the source IP address for connections sourced from that socket and the adapter associated with that source IP is used as the source interface. The route table is searched but only for routes that can be reached from that source interface.

Example:

Source supplied in the call:10.0.0.10

Target IP:192.168.1.5

Route Table:

Nic 1 - 192.168.1.10/32

Nic 1 - 192.168.1.11/32

Nic 2 - 10.0.0.10/32

Nic 2 - 10.0.0.11/32

The chosen source IP:10.0.0.10

The chosen source Nic: Nic 2 <- Note this is the Nic the source IP is on.

Note: the packet would be sent to the default gateway associated with Nic 2.

[h=4]RFC 3484 and Source IP address selection[/h] The last thing I want to talk about is RFC 3484.

Even though RFC 3484 says it only applies to IPV6 in Windows implementations IPV4 does follow the same rules when possible.

Windows Source IP V4 address selection:

Rule 1 Prefer same address (applies)

Rule 2 Prefer appropriate scope (applies)

Rule 3 Avoid deprecated addresses (applies)

Rule 4 - Prefer home addresses - does not apply to IP v4

Rule 5 Prefer outgoing Interfaces (applies)

Rule 6 Prefer matching label - does not apply to IP v4

Rule 7 Prefer public addresses - does not apply to IP v4

Rule 8a: Use longest matching prefix with the next hop IP address. (not in RFC!)

"If CommonPrefixLen(SA, D) > CommonPrefixLen(SB, D), then prefer SA. Similarly, if

CommonPrefixLen(SB, D) > CommonPrefixLen(SA, D), then prefer SB. "

This says that the IP with the most high order bits that match the destination of

the next hop will be used.

Note: Rule 8 - Use longest matching Prefix is similar to rule 8a except the match

is with the destination IP address rather than the next hop IP address.

For example, consider the following addresses:

Client machine

IP Address

192.168.1.14 /24

192.168.1.68 /24

Default Gateway

192.168.1.127

The server will use the 192.168.1.68 address because it has the longest matching prefix.

To see this more clearly, consider the IP addresses in binary:

11000000 10101000 00000001 00001110 = 192.168.1.14 (Bits matching the gateway = 25) 11000000 10101000 00000001 01000100 = 192.168.1.68 (Bits matching the gateway = 26) 11000000 10101000 00000001 01111111 = 192.168.1.127 The 192.168.1.68 address has more matching high order bits with the gateway address 192.168.1.127. Therefore, it is used for off-link communication.

[h=3]SkipAsSource[/h] There is a new twist in the source IP selection process.

Note:

There are two variants of the below mentioned hotfix; one for Windows Vista / Windows Server 2008 and one for Windows 7 / Windows Server 2008 R2.

975808 All IP addresses are registered on the DNS servers when the IP addresses are assigned to one network adapter on a computer that is running Windows Server 2008 SP2 or Windows Vista SP2

2386184 IP addresses are still registered on the DNS servers even if the IP addresses are not used for outgoing traffic on a computer that is running Windows 7 or Windows Server 2008 R2

After you install the hotfix discussed above, you can create IP version 4 (IPv4) addresses or IP version 6 (IPv6) addresses by using the netsh command together with the new "skipassource" flag. By using this flag, the added new addresses are not used for outgoing packets unless explicitly set for use by outgoing packets.

Note:

This command only works when adding an address you can’t apply it to an address already on the machine. You would need to remove it and add it again.

[h=3]Additional Information[/h] Default Address Selection for Internet Protocol version 6 (IPv6)

For more information about Strong and Weak Host Models, see the following Cable Guy article:

The Cable Guy: Strong and Weak Host Models

The gethostbyname function has been deprecated. We recommend that you use the getaddrinfo function instead. However, we still cannot guarantee that primary IP address will be returned first.

For more information about the gethostbyname function, visit the following Microsoft Web site:

gethostbyname function (Windows)

For more information about the getaddrinfo function, visit the following Microsoft Web site:

http://msdn2.microsoft.com/en-us/library/ms738520(VS.85).aspx

- David Pracht

Sursa: Source IP address selection on a Multi-Homed Windows Computer - Microsoft Enterprise Networking Team - Site Home - TechNet Blogs