Bridging between two totally distinct networks (Server 2008)

Moderator: The Mod Squad

Bridging between two totally distinct networks (Server 2008)

Postby filecore » Wed Aug 01, 2012 3:39 am

First off, a short background. In my workplace, I have sole responsibility for testing a VDI/RemoteFX setup for our testing team. The IT department is just a couple of guys for several hundred end users, so I was given hardware and licenses and told to have fun. Here's what I have:

    Windows 7 workstation
    HP ProLiant server with Windows Server 2008 R2
    (hardware specs of these machines aren't relevant)


The server is my testing environment for the VDI. I've set up a test environment, but unfortunately it needs three servers: the Remote Desktop Virtualisation Host (which is the physical server), the infrastructure server (AD domain and DNS) and the RD connection broker. These last two servers are running as VMs inside of the RDVH. This is required for using the GPU-accelleration feature of RemoteFX, which is the whole point of this entire project. To recap:

Servers: RDVH (physical) + AD+DNS (in a VM) + RDCB (in a VM)

So, now to the question part. Sadly I'm not too keyed up on AD domains so you'll have to bear with me. (And don't be put off if you haven't worked with VDI or virtualisation before, the question is basically only about network bridging and domains, not about anything VDI.)

My workstation is on the company's LAN, my own IP details as follows:

Code: Select all
IPv4 Address. . . . . . . . . . . : 192.168.1.131
Subnet Mask . . . . . . . . . . . : 255.255.252.0 <-- note the subnet
Default Gateway . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.3.3
                                    192.168.3.4


In the server, the AD+DNS server (in a VM) has these details:

Code: Select all
IPv4 Address. . . . . . . . . . . : 192.168.1.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0 <-- note the subnet
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 127.0.0.1     <-- itself


And the RDCB server (in a VM) has these details:

Code: Select all
IPv4 Address. . . . . . . . . . . : 192.168.1.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0 <-- note the subnet
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1   <-- the AD+DNS VM


All three servers are part of the domain testing.vm and have authenticated with the AD+DNS server just fine.

My problem is that I don't know how to configure the RDVH (physical) server's IP settings. It's sitting between the VMs and the LAN where my own workstation sits. It needs to be part of the same domain, testing.vm, with the other servers, because the three together form the VDI/RemoteFX environment. Now, the server has dual NICs, where NIC1 is connected to the LAN with the following settings:

Code: Select all
IPv4 Address. . . . . . . . . . . : 192.168.0.93
Subnet Mask . . . . . . . . . . . : 255.255.252.0 <-- note the subnet
Default Gateway . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.3.3
                                    192.168.3.4


It needs to be in contact with the LAN so that I can access it over RDP for administration. The two virtual servers don't need to be, because I can access them with the Hyper-V Virtual Machine Connection once I get remote access to the physical server. NIC2 is using the Microsoft Virtual Network Switch Protocol and isn't directly useable as a NIC; instead, the use of this virtual switch protocol means that I also have a third device listed as NIC4 which is the NIC seen by the various VMs that will be set up for the testing process.

The thing is, the server needs to communicate with the company LAN so that I can RDP into it, and so that the VMs can somehow get internet access. It also needs to effectively communicate with the isolated testing.vm domain so that the whole VDI thing actually works as intended. So here's my question: how do I set up the network settings on the server so that it can be seen from the LAN and also be part of the virtualised testing.vm domain?
Home server: Asus P5Q Pro, Core2Quad, 8GB DDR2, ENGTX260 876MB, Zalman 800w, Antec P180 case, 2x1TB and 2x2TB Samsung Spinpoint F1, Windows 7 64-bit, etc

Work server: HP ProLiant ML350 G6, hexacore Xeon E5645 2.4GHz (12 logical cores), 16GB DDR3, 3x300GB SAS RAID5, Server 2008 R2, nVidia GT560Ti 1GB for Hyper-V RemoteFX acceleration
filecore
Black Belt 1st Degree
Black Belt 1st Degree
 
Posts: 1092
Joined: Mon Dec 29, 2003 10:35 am
Location: Trapped inside a virtual machine.

Postby filecore » Wed Aug 01, 2012 3:47 am

And yeah, the first thing I tried was setting a secondary IP under the Advanced tab in the NIC1 properties. Didn't seem to do anything. The server needs to be seen as 192.168.0.93/255.255.252.0 from the corporate LAN and as 192.168.1.3/255.255.255.0 from the virtual LAN - simultaneously.
Home server: Asus P5Q Pro, Core2Quad, 8GB DDR2, ENGTX260 876MB, Zalman 800w, Antec P180 case, 2x1TB and 2x2TB Samsung Spinpoint F1, Windows 7 64-bit, etc

Work server: HP ProLiant ML350 G6, hexacore Xeon E5645 2.4GHz (12 logical cores), 16GB DDR3, 3x300GB SAS RAID5, Server 2008 R2, nVidia GT560Ti 1GB for Hyper-V RemoteFX acceleration
filecore
Black Belt 1st Degree
Black Belt 1st Degree
 
Posts: 1092
Joined: Mon Dec 29, 2003 10:35 am
Location: Trapped inside a virtual machine.

Postby evasive » Wed Aug 01, 2012 4:05 am

normally you would be NAT-ing the stuff in your VMs. How are your virtual NIC settings?
We hate rut, but we fear change.
********************************
System error, strike any user to continue...
evasive
Mobo-fu Master
Mobo-fu Master
 
Posts: 36791
Joined: Sun May 06, 2001 12:01 am
Location: Netherlands

Postby filecore » Wed Aug 01, 2012 4:21 am

Normally I've only used NAT in a consumer router (D-Link, Linksys/Cisco, etc). Never had to try setting this stuff up in Server 2008 before!

For the VMs, at first I had all the role services assigned to the physical server. However, that only operates in RDSH (Remote Desktop Session Host) mode == traditional RDP, which means that RemoteFX can be enabled, but GPU accelleration won't work. I'm now in the process of shifting to this new setup. The VMs originally just had IPs on the corporate LAN, but now they're going to have to be assigned IPs from the virtualised DNS server. Hmm, I hadn't thought that far ahead... more NAT.

Here's a diagram I made which, at least for me, helps. I'm sure that straightforward NAT is probably easy to research, but I'm still not sure about how to configure the physical server to talk properly to both networks. Any ideas?

Image
Home server: Asus P5Q Pro, Core2Quad, 8GB DDR2, ENGTX260 876MB, Zalman 800w, Antec P180 case, 2x1TB and 2x2TB Samsung Spinpoint F1, Windows 7 64-bit, etc

Work server: HP ProLiant ML350 G6, hexacore Xeon E5645 2.4GHz (12 logical cores), 16GB DDR3, 3x300GB SAS RAID5, Server 2008 R2, nVidia GT560Ti 1GB for Hyper-V RemoteFX acceleration
filecore
Black Belt 1st Degree
Black Belt 1st Degree
 
Posts: 1092
Joined: Mon Dec 29, 2003 10:35 am
Location: Trapped inside a virtual machine.

Postby filecore » Thu Aug 02, 2012 1:09 am

I figured out that I want to install RRAS and NAT, but I still can't seem to get the two networks talking to each other. I'm wondering if it's something to do with one of the NICs having been taken over by Hyper-V as a virtual NIC for the VMs, but since the other servers and the testing.vm domain is all happening inside Hyper-V, I can't see why it would be an issue. I'm sure the simplest answer is that I'm just clueless and missing something obvious, but unfortunately I don't know what that 'obvious' thing might be!

Any hints, tips, suggestions, or links to good tutorials that I could try?
Home server: Asus P5Q Pro, Core2Quad, 8GB DDR2, ENGTX260 876MB, Zalman 800w, Antec P180 case, 2x1TB and 2x2TB Samsung Spinpoint F1, Windows 7 64-bit, etc

Work server: HP ProLiant ML350 G6, hexacore Xeon E5645 2.4GHz (12 logical cores), 16GB DDR3, 3x300GB SAS RAID5, Server 2008 R2, nVidia GT560Ti 1GB for Hyper-V RemoteFX acceleration
filecore
Black Belt 1st Degree
Black Belt 1st Degree
 
Posts: 1092
Joined: Mon Dec 29, 2003 10:35 am
Location: Trapped inside a virtual machine.

Postby evasive » Thu Aug 02, 2012 2:04 am

what does a
tracert 192.168.1.1
give you on your workstation? I would expect it to go to the 192.168.0.93 server at some point in the trace

If it doesn't, it means your default gateway router has no clue where the 192.168.1.x network lives (at the RDHV server).

It would mean adding an entry 192.168.1.0/24 going to -> 192.168.0.93 at the 192.168.0.1 router.

I think...
We hate rut, but we fear change.
********************************
System error, strike any user to continue...
evasive
Mobo-fu Master
Mobo-fu Master
 
Posts: 36791
Joined: Sun May 06, 2001 12:01 am
Location: Netherlands

Postby Hardware Junkie » Thu Aug 02, 2012 4:14 pm

Is there a way you can alter the subnet mask for all the networks? 255.255.0.0 would encompass all 192.168.x.x addresses.

The other thing you could do is add a secondary IP with a different subnet mask to have it accessible from both networks. The port on the switch that this server is plugged into would have to encompass both LANs. If your company is using VLANs that might be a problem.

Image

https://support.eapps.com/index.php?/Kn ... al-machine
"Imagination is the only weapon in the war against reality." -Jules de Gautier

Image
Hardware Junkie
Mobo-fu Master
Mobo-fu Master
 
Posts: 19404
Joined: Thu Jan 25, 2001 1:01 am
Location: 00000h - 0000Fh

Postby filecore » Mon Oct 29, 2012 2:33 am

Found the solution I needed, eventually (and sorry for the slow response here). It was to use RRAS, and set it up more or less as described in this post: http://www.tomshardware.co.uk/forum/245 ... ction-help - scroll down about a third and look for the reply by user somenon.

No no no no, you don't.

I was working on the same thing just recently, and figured out how to do it in windows server 2003. And it's working just fine.
Make sure you either have or can install Routing & Remote Access (should be in Administrative Tools)
If you need to install it, just do so with basic NAT/Firewall checked (one of the options required to install RRAS - Routing and Remote Access Service), but we're not going to use NAT.

Remove your gateways from your adapters (by going to your NIC->TCP/IP Properties->Advanced->Gateways->Remove (hopefully you can get my drift))

In the RRAS snap-in, right click on Static Routes and add a new route.
(I'm going to assume that your LAN connections are named "Network Card 1" and "Network Card 2" respectively for ease of typing)
Set this up:
Interface: Network Card 1
Destination: 0.0.0.0
Network mask: 255.255.255.255
Gateway: 192.168.0.1
Metric: 1

Click ok, and right-click "Static routes" and add another new route:
Set this up:
Interface: Network Card 2
Destination: 0.0.0.0
Network mask: 255.255.255.255
Gateway: 192.168.0.2
Metric: 1

Click "OK" and then right-click on "static routes" and click "show ip table"
make a note/screenshot of it as it is now

Go back to your network adapter properties, go to the "Network Card 1" properties
Go to TCP/IP Properties->Advanced->Gateways->"Add"
Gateway: 192.168.0.1
Automatic Metric: UNCHECKED
Metric: 20
Close out of that

go to the "Network Card 2" properties
Go to TCP/IP Properties->Advanced->Gateways->"Add"
Gateway: 192.168.0.2
Automatic Metric: UNCHECKED
Metric: 20

Now get a new list of the routes in your IP routing table by going into the RRAS snap-in, right click on "static routes" and click "show ip routing table"
You should have at the top, something like this (the first 4 lines are the critical ones, if these aren't right, re-try the order in which you setup the static routes & add the gateways)

Destination Network Mask Gateway Interface Metric Protocol
0.0.0.0 255.255.255.255 192.168.0.1 Network Card 1 1 Static (non...)
0.0.0.0 255.255.255.255 192.168.0.2 Network Card 2 1 Static (non...)
0.0.0.0 0.0.0.0 192.168.0.1 Network Card 1 20 Network Mgmt
0.0.0.0 0.0.0.0 192.168.0.2 Network Card 2 20 Network Mgmt

Be sure to make your destination NAT on your routers MATCH from router to IP resepectively, or the whole thing won't work, ie:
router: 192.168.0.1 needs to forward traffic to 192.168.0.5
router: 192.168.0.2 needs to forward traffic to 192.168.0.4

Essentially what you're doing is bonding a gateway to a NIC. This may work for you, it has definately worked for me when I needed to setup a web server that would respond on 2 different public IP's.


Worked a treat and now I'm only suffering through Hyper-V's connection broker/VM desktop assignment wizards... but that's a whole different set of problems that I won't get into right now! :D
Home server: Asus P5Q Pro, Core2Quad, 8GB DDR2, ENGTX260 876MB, Zalman 800w, Antec P180 case, 2x1TB and 2x2TB Samsung Spinpoint F1, Windows 7 64-bit, etc

Work server: HP ProLiant ML350 G6, hexacore Xeon E5645 2.4GHz (12 logical cores), 16GB DDR3, 3x300GB SAS RAID5, Server 2008 R2, nVidia GT560Ti 1GB for Hyper-V RemoteFX acceleration
filecore
Black Belt 1st Degree
Black Belt 1st Degree
 
Posts: 1092
Joined: Mon Dec 29, 2003 10:35 am
Location: Trapped inside a virtual machine.


Return to Networking

Who is online

Users browsing this forum: No registered users and 0 guests