Windows NT 4.0/Windows 2000 Is a Single-Route Router (230623)

SUMMARY

A standard Windows configuration functions as a single-route software router. This operation is in contrast to a multiple-route hardware router that may also exist in some environments. Sometimes administrators attempt to configure Windows to perform like a multiple-route hardware router, but because Windows is not designed to do this, these attempts do not succeed.

One key difference between Windows routers and hardware routers is that a standard Windows configuration maintains a single route table for all kernel-level routing decisions. This means that when a WinSock call is made, a single route table is consulted to determine the best route for all network traffic.

A hardware router, or multiple-route router, can usually be configured to maintain a route table for each interface. The ability to provide this type of functionality in a hardware router usually requires additional microprocessors to accommodate the added complexity of the routing algorithms. With this added processing power, hardware routers are able to maintain more than one routing table for routing decisions, and are therefore considered multiple-route routers.

A standard Windows configuration is a single-route router by design. This means that programmers may not be able to perform certain activities of which a multiple-route router is capable.

MORE INFORMATION

For example, assume the following network:

                    ----------------
                   |       RA       |
                    ----------------
                  (1)      (2)     (3)
                    |       |       |                        
                  (1)    (2)(2)    (3)
                     \  /      \  / 
                      RB        RC

These are Windows router A (RA), Windows router B (RB), Windows router C (RC), and subnets 1, 2, and 3. In the this scenario, the goal is to keep traffic off of subnet 2, unless a program specifically requests to send over subnet 2 for management purposes.

The first part of the problem is to make sure that no traffic flows over subnet 2 at all via routing protocols. By configuring OSPF (RIP does not work as well here), on each router to assign a higher cost to subnet 2, an administrator can make sure that traffic flows across subnet 2 only if subnet 1 or 3 is completely unavailable. This is the expected behavior for all packets and is based on the configuration of the route table.

In an attempt to send "management" data over subnet 2, although all other traffic is still routed over subnets 1 and 3, some programmers may attempt to alter the routing behavior programmatically.

The first method usually involves dynamically changing the route metrics so that subnet 2 is a better route for a specific amount of time. But when the metric is changed for the route, all traffic is routed over subnet 2, not just the management traffic.

The second method usually involves telling the program to use a particular interface when sending and receiving traffic. This is often attempted by specifying specific NDIS interfaces for the sending and receiving of traffic that is intended to override the route table maintained by the standard Windows configuration router.

In this case, the traffic continues to use subnets 1 and 3 for sending traffic, despite having specified a particular NDIS interface.

This is a common WinSock programming error. The ability to identify a interface in WinSock does not mean that the interface will be used if the route table determines a better route is available over a different interface.

In summary, when a WinSock call is made, a single route table is used to determine the best route for all network traffic. This is one of the key differences between a single-route router and a multiple-route router. A multiple-route router allows for a route table for each interface. Standard Windows configuration maintains a single route table for all routing decisions.