| Author |
Message |
Chris
Guest
|
 Posted:
Sat Jan 15, 2005 12:55 am Post subject:
Multiple NICs and IPs |
|
|
We have a few servers that have multiple NICs in them. I have been planning
on using the second NIC for backup purposes. I have some time coming up to do
this, but I realized that I have no idea where to start.
Current configuration:
W2K AD
DNS running on AD server in 148.137.X.X network
15 W2K Servers that currently comunicate over 148.137.X.X
3 Netware Servers on 148.137.X.X using SLP over IP
Veritas BackupExec 9.1
This is what I would like to accomplish:
1. Use a separate network address scheme on 2nd NIC and segregate backup
traffic(i.e. 192.168.X.X)
2. Be able to authenticate both AD and NDS over 192.168.X.X (or is that even
neccesary?)
Here is a few of my questions:
1. Can I segregate the traffic without authenticating over the new network?
2. Can I use the same hostnames on both networks?
3. Do I create multiple entries in DNS? one for each IP address?
4. Would this require a new zone?
5. Is there any other references that you might point me to to help with this?
Thank you very much!
Chris |
|
| Back to top |
|
 |
Ace Fekay [MVP]
Guest
|
| Posted:
Sat Jan 15, 2005 12:24 pm Post subject:
Re: Multiple NICs and IPs |
|
|
To start off with, it's not recommended to mutlihome a DC and/or DNS server
due to the SRV data that is getting registered, what NIC is listening, and
the multiple host records (hostname and the LdapIpAddress duplication). This
can cause a few issues with authentication, without registry modification
and numerous steps to configure it correctly, to alter this default
behavior. Your best best is to use NIC teaming if you are to multihome it.
Also I see one of the interfaces is on a public network (the 1148.137.x.x
subnet). This is not advised either. You are exposing a DC on the Internet.
Use another device for NAT and or firewall.
That said, read more below...
In news:15DB2F8B-2105-48E1-816E-79762AB5EBB7@microsoft.com,
Chris <Chris@discussions.microsoft.com> made a post then I commented below
| Quote: | We have a few servers that have multiple NICs in them. I have been
planning on using the second NIC for backup purposes. I have some
time coming up to do this, but I realized that I have no idea where
to start.
Current configuration:
W2K AD
DNS running on AD server in 148.137.X.X network
15 W2K Servers that currently comunicate over 148.137.X.X
3 Netware Servers on 148.137.X.X using SLP over IP
Veritas BackupExec 9.1
This is what I would like to accomplish:
1. Use a separate network address scheme on 2nd NIC and segregate
backup traffic(i.e. 192.168.X.X)
2. Be able to authenticate both AD and NDS over 192.168.X.X (or is
that even neccesary?)
|
The above two items, do you mean the DC/DNS server? Not really advised to
multihome this. It would be better to multihome the back server (assuming
it's not a DC/DNS server and it is connecting via agents to the other
servers.
| Quote: |
Here is a few of my questions:
1. Can I segregate the traffic without authenticating over the new
network?
|
That is difficult, because the netlogon service will listen on all
interfaces. You can disable this by unchecking MS Client and F&P Services on
the other NIC. You will also need to disable NetBIOS too because of a
"duplicate name on the network" error you will get because it recognizes
itself as a conflicting name with itself. Doing so you'll have to connect by
IP address.
| Quote: | 2. Can I use the same hostnames on both networks?
|
Hostnames, yes, but they will have different IPs. Keep in mind, subnet mask
prioritization will jump in and give the querying client on a specific
subnet an IP that closely matches it's subnet.
| Quote: | 3. Do I create multiple entries in DNS? one for each IP address?
|
If it's mulithomed, it will do it itself.
| Quote: | 4. Would this require a new zone?
|
NO
| Quote: | 5. Is there any other references that you might point me to to help
with this?
|
With multihoming, not really because it's not recommended. There are
articles stipulating how to force multihomed DCs/DNS to work. Suggest to do
this on a member server, not a DC please.
| Quote: |
Thank you very much!
Chris
|
:-)
--
Regards,
Ace
G O E A G L E S !!!
Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.
This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
--
================================= |
|
| Back to top |
|
|
Brian O'Neil
Guest
|
| Posted:
Wed Jan 19, 2005 12:45 am Post subject:
Re: Multiple NICs and IPs |
|
|
although not reccomended, it is "doable". You will want to avoid the backup
NIC from being registered in DNS so AD clients will not attempt to
authenticate to it. Here's what you should do to the backup NIC:
1. lower it in the binding order (network connections -> advanced)
2. uncheck the "register the connection in DNS"
3. Do not specify DNS servers for this adapter
3. Do not give it a default gateway, only one adapter should have one.
4. if your backup application allows, unbind the server and workstation
service from the NIC. Chances are high that you will need those though,
unless your backup program uses something independant of Microsoft RPC.
"Ace Fekay [MVP]" wrote:
| Quote: | To start off with, it's not recommended to mutlihome a DC and/or DNS server
due to the SRV data that is getting registered, what NIC is listening, and
the multiple host records (hostname and the LdapIpAddress duplication). This
can cause a few issues with authentication, without registry modification
and numerous steps to configure it correctly, to alter this default
behavior. Your best best is to use NIC teaming if you are to multihome it.
Also I see one of the interfaces is on a public network (the 1148.137.x.x
subnet). This is not advised either. You are exposing a DC on the Internet.
Use another device for NAT and or firewall.
That said, read more below...
In news:15DB2F8B-2105-48E1-816E-79762AB5EBB7@microsoft.com,
Chris <Chris@discussions.microsoft.com> made a post then I commented below
We have a few servers that have multiple NICs in them. I have been
planning on using the second NIC for backup purposes. I have some
time coming up to do this, but I realized that I have no idea where
to start.
Current configuration:
W2K AD
DNS running on AD server in 148.137.X.X network
15 W2K Servers that currently comunicate over 148.137.X.X
3 Netware Servers on 148.137.X.X using SLP over IP
Veritas BackupExec 9.1
This is what I would like to accomplish:
1. Use a separate network address scheme on 2nd NIC and segregate
backup traffic(i.e. 192.168.X.X)
2. Be able to authenticate both AD and NDS over 192.168.X.X (or is
that even neccesary?)
The above two items, do you mean the DC/DNS server? Not really advised to
multihome this. It would be better to multihome the back server (assuming
it's not a DC/DNS server and it is connecting via agents to the other
servers.
Here is a few of my questions:
1. Can I segregate the traffic without authenticating over the new
network?
That is difficult, because the netlogon service will listen on all
interfaces. You can disable this by unchecking MS Client and F&P Services on
the other NIC. You will also need to disable NetBIOS too because of a
"duplicate name on the network" error you will get because it recognizes
itself as a conflicting name with itself. Doing so you'll have to connect by
IP address.
2. Can I use the same hostnames on both networks?
Hostnames, yes, but they will have different IPs. Keep in mind, subnet mask
prioritization will jump in and give the querying client on a specific
subnet an IP that closely matches it's subnet.
3. Do I create multiple entries in DNS? one for each IP address?
If it's mulithomed, it will do it itself.
4. Would this require a new zone?
NO
5. Is there any other references that you might point me to to help
with this?
With multihoming, not really because it's not recommended. There are
articles stipulating how to force multihomed DCs/DNS to work. Suggest to do
this on a member server, not a DC please.
Thank you very much!
Chris
:-)
--
Regards,
Ace
G O E A G L E S !!!
Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.
This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
--
=================================
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in