Default-Gateway-Behavior-TCP-IP
TCP/IP hosts can use the following methods to reach remote destinations:
•
•
•
Store a host-specific route to each remote destination.
This is obviously not practical or possible, as the routing table might have to contains thousands, or in the case of the Internet, millions of routes. The host routing table would have to change as new addresses are added or removed.
Store a network route to each remote subnet.
Although more possible, this is also not practical, as the routing table would still have to contain possibly hundreds, or in the case of the Internet, tens of thousands of routes. The host routing table would have to change as new subnets are added or removed.
Store a single default route that effectively summarizes all of the locations that are not located on the local subnet.
This is possible and practical. Only a single route is needed and does not need to change for nodes or subnets that are added or removed from the network.
By using a default route, the knowledge of the topology of the network and the set of reachable destinations is a responsibility of the routers, rather than the sending host. The advantage to this method is ease of configuration. The disadvantage is that the host can send traffic destined to unreachable addresses. However, when this happens, a router in the network informs the sending host with an ICMP Destination Unreachable-Host Unreachable message.
The default gateway setting, which creates the default route in the IP routing table, is a critical part of the configuration of a TCP/IP host. The role of the default gateway is to provide the next-hop IP address and interface for all destinations that are not located on its subnet. Without a default gateway, communication with remote destinations is not possible unless you add additional routes for remote locations to the IP routing table.
You can configure a default gateway on a computer running Microsoft Windows XP or Windows Server 2003 in the following ways:
•
•
•
When obtaining an IP address configuration using DHCP, the default gateway becomes the value of the first IP address in the Router DHCP option, which is configured on the DHCP server to specify an ordered list of one or more default gateways for a specific subnet.
When obtaining an IP address configuration using the user-configured alternate configuration, the default gateway is the IP address specified in the Default gateway field on the Alternate Configuration tab for the properties of the Internet Protocol (TCP/IP) component in Network Connections. For an alternate configuration, you can specify only a single default gateway.
When manually specifying an IP address configuration, the default gateway is the IP address typed in the Default gateway field on the General tab for the properties of the Internet Protocol (TCP/IP) component. To specify additional default gateways, you must add them from the IP Settings tab in the advanced properties of the Internet Protocol (TCP/IP) component.
When Windows TCP/IP uses Automatic Private IP Addressing (APIPA) to determine the IP address configuration, a default gateway is not configured. APIPA is only useful for a single subnet.
The configuration of a default gateway creates a default route in the IP routing table. The default route has a destination of 0.0.0.0 with a subnet mask of 0.0.0.0. In network prefix notation, the default route is 0.0.0.0/0, which is sometimes abbreviated to 0/0. The next-hop address, also known as the Gateway address in the display of the route print command, is set to the IP address of the default gateway. The next-hop interface is the interface assigned the IP address in the Interface column in the display of the route print command.
Based on the route determination process, the default route matches all destinations. If there is no other closer matching route for the destination, the default route is used to determine the next-hop address and interface. Default route traffic is traffic destined to a remote network that is forwarded to the default gateway.
For more information about the route determination process, see Understanding the IP Routing Table, the December 2001 Cable Guy article.
TCP/IP for Windows XP and Windows Server 2003 by default automatically calculates a metric for the default route that is based on the speed of the network adapter on which the default gateway is configured. For example, for a 100 megabit per second (Mbps) Ethernet adapter, the default route metric is set to 20. For a 10 Mbps Ethernet adapter, the default route metric is set to 30. For more information, see An explanation of the Automatic Metric feature for Internet Protocol routes.
To override this behavior for DHCP-assigned default gateways, use the Default Router Metric Base Microsoft-specific DHCP option. To override this behavior and specify a default route metric for a manually configured default gateway, clear the Automatic metric check box on the TCP/IP Gateway Address dialog box and specify a metric. You can display the TCP/IP Gateway Address dialog box for manually-configured default gateways on the IP Settings tab in the advanced properties of the Internet Protocol (TCP/IP) component. The TCP/IP Gateway Address dialog box is shown in the following figure.
When you have multiple interfaces and you configure a default gateway for each interface, Windows TCP/IP creates multiple default routes in the IP routing table and uses the default route with the lowest metric for default route traffic. Configuring default gateways on multiple interfaces should only be done when those interfaces connect to the same network, such as an intranet or the Internet. In this configuration, the default metric determination that is based on the speed of the interface causes Windows TCP/IP to use your fastest interface for default route traffic. For example, if you have a 100 Mbps Ethernet adapter and a 10 Mbps Ethernet adapter and both are connected to your intranet, default route traffic would be sent using the 100 Mbps adapter.
If you have multiple interfaces connected to different disjoint networks, you should not configure a default gateway for each interface. Disjoint networks are networks that do not provide symmetric reachability to each other at the Network layer. Symmetric reachability exists when packets can be sent directly to and received directly from arbitrary endpoints without address translation.
Examples of disjoint networks are the following:
•
•
•
•
Disjoint networks are important when organizations use the following:
Networks that have no Network layer connectivity, such as an organization intranet and a test lab within the organization that has no router forwarding packets between them.
A privately-addressed intranet that has a routed connection to the Internet. In this case, there is asymmetric or one-way reachability; intranet hosts can send publicly-addressed packets to Internet hosts from private IP addresses, but the return traffic cannot be delivered because routes for the private address space do not exist in the routing infrastructure of the Internet.
Either a proxy server, such as Microsoft Internet Security and Acceleration (ISA) Server 2006, or a Network Address Translator (NAT) to allow computers on the intranet to access Internet resources. In either case, the address space of the intranet is not directly accessible to Internet hosts, regardless of whether the organization is using private or public addressing. Intranet hosts can access Internet locations indirectly through proxy or translation, but Internet hosts cannot access arbitrary intranet locations directly. Hence, there is no symmetric reachability. This is a common configuration for organizations offering Internet connectivity to their employees.
A virtual private network (VPN) server to allow remote users or remote sites to connect to an intranet over the Internet. Although the VPN server is connected to both the Internet and a intranet and is acting as a router, the configuration of VPN traffic packet filters on the Internet interface of the VPN server prevents it from accepting any traffic that is not VPN-based. Internet hosts cannot directly reach intranet locations without a VPN connection.
Because the TCP/IP protocol only uses a single default route in the routing table at any one time for default route traffic, default gateways configured on multiple interfaces that are connected to disjoint networks can produce confusing or undesirable results.
For an ISA or VPN server that is configured with a default gateway on both Internet and intranet interfaces, default route traffic is either forwarded to the Internet or the intranet, but not both. From the ISA or VPN server, either all the locations on the Internet are reachable or all the locations on the intranet are reachable, but not both at the same time. However, ISA or VPN servers require simultaneous symmetric reachability for all the locations on both the Internet and the intranet to operate properly.
When default gateways are configured on multiple interfaces, the default route that is used for default route traffic is determined by the following:
•
•
For multiple default routes in the routing table that have different metrics, TCP/IP for Windows XP and Windows Server 2003 uses the default route with the lowest metric. If the network adapters are of different speeds, then the network adapter with the higher speed by default has the lower metric and is used to forward default route traffic.
For multiple default routes in the routing table with the same lowest metric, TCP/IP for Windows XP and Windows Server 2003 uses the default route corresponding to the network adapter that is the highest in the binding order. You can view and modify the binding order from the Adapters and Bindings tab in the Advanced Settings dialog box. To view the Advanced Settings dialog box, open the Network Connections folder, click Advanced, and then click Advanced Settings. The following figure shows an example.
To prevent the problems associated with multiple default gateways configured on multiple interfaces that are connected to disjoint networks, you must do the following:
1.
2.
Configure a default gateway on the interface that is connected to the network with the largest number of routes. In most configurations of disjoint networks, the network with the largest number of routes is the Internet.
Do not configure a default gateway on any other interface. Instead use static routes or routing protocols to add the routes that summarize the address space of the other disjoint networks to the local IP routing table.
For example, an ISA server is connected to the Internet and an intranet. The intranet uses the private IPv4 address space (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16). To configure this server so that all locations on both disjoint networks are reachable from the ISA server, do the following on the ISA server:
1.
2.
Configure a default gateway on the network adapter that is connected to the Internet. This step creates a default route that makes all Internet locations reachable.
Add the 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 routes using the intranet-connected adapter as persistent static routes with the Route.exe command-line tool. This step creates the routes that summarize the address space of the intranet, making all intranet locations reachable.
In this example, static routes are added using the Route tool. It is also possible to configure the ISA server as a Routing Information Protocol (RIP) or Open Shortest Path First (OSPF) dynamic router so that rather than summarizing the entire private IP address space, subnet-specific routes are dynamically added and removed from the IP routing table based on the current intranet routing topology. To use RIP or OSPF on a computer running Windows Server 2003, enable and configure the Routing and Remote Access service.
When there are multiple default gateways configured on an interface, the TCP component of Windows TCP/IP uses dead gateway detection to detect the failure of the default gateway and to adjust the IP routing table to use the next default gateway in the list. A host might be configured with multiple default gateways when the subnet on which it is located has multiple routers for fault tolerance of routed traffic. If the first router in the configured list becomes unavailable, TCP eventually updates the IP routing table to use the next default gateway in the list.
When a TCP segment for a TCP connection forwarded via the default gateway is retransmitted three times (by default), dead gateway detection changes the Route Cache Entry (RCE) for that remote IP address to use the next default gateway in the list as its next-hop address. An RCE is an entry in the route cache, which stores the next-hop IP address for a destination address.
When one fourth of the TCP connections routed through the default gateway have had their RCEs adjusted to the next default gateway, dead gateway detection informs IP to change the computer’s default gateway to the one that the adjusted connections are now using. If TCP connections continue to fail, dead gateway detection attempts to use the next default gateway in the list, eventually returning to the first configured default gateway after cycling through the entire list.
Dead gateway detection monitors only TCP traffic. If connectivity fails for other types of traffic, the default gateway is not switched. Dead gateway detection can cause the default gateway configuration to change when a remote router fails. Remote routers in the path between the host and the destination that fail might also cause TCP connections forwarded along that path to fail and for the host to switch its default gateway. Because dead gateway detection relies on an end-to-end protocol (such as TCP), a host can switch its default gateway even when the current default gateway is fully operational.
For more information about IP routing, consult the following resources:
•
•
Chapter 5-IP Routing of TCP/IP Fundamentals for Microsoft Windows
Understanding the IP Routing Table (December 2001 Cable Guy article)
For any feedback regarding the content of this column, please write to Microsoft TechNet. Please be aware that this is not a support alias and a response is not guaranteed.
Visit The Cable Guy columns page for a list of previous columns and additional information.