Get Rid of Those Default Gateways!
A couple of months ago, I talked about how to make a Windows NT machine into
an IP router, but I didn't cover the implications for workstations that use
that router. This month, I want to look at this area so I'll have all the pieces
in place to cover next month's topic, the grand finale: using an NT
machine as a LAN-to-WAN router to the Internet.
An example of a workstation that uses an IP router is a simple three-subnet "internet"
(the example includes only three subnets, so this is an "internet,"
not part of the "Internet"). Figure 1 shows this "internet."
First, you see three separate Ethernet segments, three separate subnets.
They are all C-class networks (subnet mask 255.255.255.0), just to keep things
clean. Ovals represent two of the networks. The left oval, containing
199.100.200.0, is shorthand for an Ethernet with up to 254 computers. Addresses
range from 199.100.200.1 through 199.100.200.254. Notice I said 254, not 253,
because these subnets have no default gateway.
The right oval represents a network whose addresses range from 200.15.16.1
through 200.15.16.254--network number 200.15.16.0. Between these ovals is a
third subnet, with the address 210.50.200.0. The PC in the middle contains only
one Ethernet card, and its IP address is 210.50.200.40.
The rectangles on the right and left sides are routers, computers with two
Ethernet cards and thus two IP addresses apiece. Each has an address on the
210.50.200.0 network, and each has an address on either the 200.15.16.0 network
or the 199.100.200.0 network. These routers can be PCs running NT, or they can
be dedicated routers from Cisco Systems, Bay Networks, Compatible Systems, or
the like.
The plan is to set up the workstation at 210.50.200.40. Notice that, from
this workstation's point of view, it has two possible "gateways,"
210.50.200.200 and 210.50.200.22. Which should be the default gateway?
The answer: neither. When you set up the .40 machine with a static IP
address (that is, if you just punch in an IP address, subnet mask, and such,
rather than letting the Dynamic Host Configuration Protocol (DHCP) automatically
give it an IP address), you leave the Default Gateway field blank. You
now need to tell the machine at 210.50.200.40 how to route to anywhere on this
network. The following are some facts this machine needs to know.
1) To get a message to the 199.100.200.0 network, send it to the machine at
210.50.200.200.
2) To get a message to the 200.15.16.0 network, send it to the machine at
210.50.200.22.
3) To get a message to the 210.50.200.0 network, just use your own Ethernet
card; send the message out on the segment, and it'll be heard.
You tell a workstation how to send packets with the route add
command. It looks like this:
route add destination mask netmask gatewayaddress
In this command, destination is the address or set of addresses that you
want to reach. Netmask defines how many addresses are there: Is it a
C-class network with 250+ addresses, something subnetted smaller, or perhaps a
supernet of several C-class networks? Gatewayaddress is just the IP
address of the machine that will route your packets to destination.
The routeadd command for the 199.100.200.0 network looks like this:
route add 199.100.200.0 mask 255.255.255.0 210.50.200.200
It means, "to send a message anywhere on the 199.100.200.0 network,
send it to the machine at 210.50.200.200, which will take care of it."
Just a reminder on subnetting, for clarity's sake: Suppose the network on
the left isn't a full C-class network, but a subnetted part of it; suppose
instead that it is just the range of addresses from 199.100.200.64 through
199.100.200.127. The network number is, as always, the first address
(199.100.200.64), and the subnet mask is 255.255.255.192. The routeadd command
then looks like this:
route add 199.100.200.64 mask 255.255.255.192 210.50.200.200
Next, you add a command for the network on the right. This command takes
the form
route add 200.15.16.0 mask 255.255.255.0 210.50.200.22
That command will get an NT system up and running. Now it can access all
three subnets.
Suppose the workstation at .40 tries two PING commands: PING 2.44.214.33
and PING 200.15.16.170. Suppose also that no machine on the 200.15.16.0 network
has the IP address 200.15.16.170. Now both PINGs will fail, because neither
machine is on this network, but each will produce a different error message.
PINGing 200.15.16.170 will produce, "Request timed out," and PINGing
2.44.214.33 will produce, "Destination host unreachable."
Previous
Register
