Windows Server 2008 with multiple IP addresses on one NIC
If you are running a Windows Server 2008 installation with multiple IP addresses on one interface then you might be surprised to know that the default behaviour when selecting the IP address to use for outbound connections has changed compared to Windows Server 2003.
Previously, the “main” IP address on the adapter would have been used for initiating outbound connections and the “additional” IP addresses would be used for inbound connectivity only (unless specifically bound to by a client application, which is quite rare).
However, the new behaviour in Windows Server 2008 is that the IP address closest to the default gateway is used for outbound connections, which can catch you completely by surprise when your server’s IP address effectively changes after simply adding a new additional IP address to an interface – particularly if you are using firewalls to filter connections by IP address elsewhere in your network!
In order to provide some control which IP address is used for outbound connections, Microsoft introduced the “skipassource” flag to the netsh command. This allows you to exclude IP addresses from being used for outbound connections when managing IP addresses via netsh.
This command wasn’t initially available, so you may need to apply one of Microsoft’s hotfixes (KB975808 for Windows Server 2008 and KB2386184 for Windows Server 2008 R2). It is also possible to wipe out your carefully crafted skipassource settings using the GUI unless you apply KB2554859.
To add an IP address to the “Local Area Connection” interface with the skipassource flag set, fire up the command line and run the following (replacing <ip> <netmask> with the appropriate values for your network of course):
netsh int ipv4 add address “Local Area Connection” <ip> <netmask> skipassource=true
You can verify that this has worked as well as view the flags on all currently configured IP addresses using:
netsh int ipv4 show ipaddresses level=verbose
2 Responses
-
Pingback: IIS7 / ASP.NET outbound IP
Leave a Reply
You must be logged in to post a comment.
On 2008 there is no more primary address, TCPIP stack uses the longest bit match with the default gateway
So if there is a tie, than it will match with destination.
If there is still a tie like this case than it chooses the first ip address (which is 175.15.10.140).
Example of closest match (longest bit match)
IP 1: 175.15.10.140
IP2: 175.15.10.141
Default gateway: 175.15.10.129
Last Octet match
140 = 10001100
141 = 10001101
129 = 10000001
So we have the tie , After the tie than it will match with destination.
If still there is a match than it takes the first IP address in our case 175.15.10.140