If you’ve ever worked in a WAN environment, you know how troublesome a broken connection between two offices can be. Depending on how the network is configured, a dropped WAN segment can mean one or more offices are cut off from the outside world. In such a situation, e-mail often fails to function and Internet access is gone for the duration of the failure. A failed WAN link can also mean that clients no longer have access to critical files and other resources that may exist on the other side of the link. As you can guess, a WAN link failure can cause major problems.

In the past, there was little that could be done to address such a problem. However Windows 2000 offers a solution to problems such as this, called Demand Dial Routing. In this article, I’ll explain how Demand Dial Routing works in a Windows 2000 environment.

What is Demand Dial Routing?
Demand Dial Routing is a Windows 2000 service that’s designed to work with specific routing hardware. The purpose of Demand Dial Routing is to establish a temporary connection between WAN sites when the primary connection fails. Windows 2000 accomplishes this task by forcing dial-up hardware to dial in to a router on the other end. By forcing the hardware to dial in and by enabling routing across the dial-up connection, it’s possible for network packets that were intended to flow between the WAN links to reach their destination even though the WAN link is down. The only catch is that dial-up connections are almost always slower than permanent WAN connections.

Demand Dial Routing hardware requirements
A Demand Dial connection requires the use of a calling router and an answering router. A router is simply a device that moves packets between two or more networks. Usually when you hear someone speaking about a router, they are referring to a physical device, or dedicated router. With the correct hardware or software installed, however, it’s possible to make Windows 2000 function as a router.

Setting up Windows 2000 as a Demand Dial Router is a little bit different than setting up Windows to function as a normal router. The reason for this is typical routers simply move packets between networks. This means that most routers, including Windows 2000 machines that are configured to function as routers, must have two or more network cards so that they may connect to two or more networks. Having a Windows 2000 server set up as a router may sound strange at first, but it’s actually a very common and practical arrangement. For example, any time that you use a PC as a firewall, that PC is functioning as a router. One network card is connected to the Internet, while the other network card is connected to the internal network. The firewall PC determines which packets are safe and routes them between the Internet and the internal network.

Demand Dial Routing differs from this type of routing. Instead of having a minimum of two network cards, Demand Dial Routing requires the server to have a minimum of one network card and one dial-up port. As you’ve probably guessed, the network card connects to the local network and the dial-up port is used to either send or receive packets in a Demand Dial Routing situation. Software that’s built into Windows 2000 determines whether a server will function as a calling router or as an answering router.

There are several ways to establish a connection between the calling and answering routers. The first method involves using a modem. In such a situation, the calling router makes the modem dial the phone number of the receiving router. Once the receiving router’s modem answers the call, a PPP (Point to Point Protocol) session is established between the two servers, and routing can begin.

The modems are usually nothing more than 56 Kbps analog modems that work over a normal phone line. If you require higher throughput than a 56 Kbps modem can deliver, however, you can use ISDN modems in conjunction with digital phone lines to achieve higher speeds (typically 128 Kbps, although several different ISDN speeds exist).

Another option for connecting the calling router and the answering router is through the use of a tunnel. A tunnel is a path through the Internet or other public network that joins both systems. This concept is often referred to as a Virtual Private Network (VPN). In a tunneling situation, the calling router would dial in to an Internet service provider rather than directly dialing in to the answering router (of course, a permanent Internet connection such as a DSL line could also be used).

Once connected to the Internet, the calling router establishes a VPN session with the answering router through the answering router’s Internet connection. This connection uses the PPTP or IPSec protocol to insure privacy since confidential data is flowing between the two routers by way of an insecure medium, such as the Internet.

Finally, you can link the calling router and answering router through a direct serial port or parallel port connection. As you can imagine, this technique is impractical at best. There are severe distance and speed limitations placed on serial and parallel ports. If two servers were geographically close together enough to use a serial or parallel port connection, there would be no reason to use a WAN connection between them. In such a situation, it would make more sense to link the two PCs through a standard LAN connection.

If a serial port or a parallel port connection is so impractical, you may wonder why Microsoft included this capability or why I bothered to mention it. The fact is it makes a great testing tool.

In one of my prior jobs, I was responsible for overseeing the systems on a nationwide basis. The company that I worked for wanted me to implement Demand Dial Routing between my office at the corporate headquarters in Louisville, KY and a new hospital in El Paso, TX. Because of time and travel budget restrictions, I was forced to buy and configure all of the hardware in Louisville and ship it to El Paso. The idea was that I could ship the preconfigured server to El Paso and simply plug it in. Because I didn’t have enough phone lines in my office to test the Demand Dial Routing, I had to make use of the serial port option. I tested Demand Dial Routing by using the serial port. Once the serial port method was working well enough to satisfy me, I switched the device over to the modem, and sent the server on its way.

How does Demand Dial Routing work?
Now that you know what Demand Dial Routing is and have an idea of how it works, let’s discuss its functionality in greater detail. There are two types of connections that can be used with Demand Dial Routing. These types of connections are on-demand connections and permanent connections.

Permanent connections are the type in which a leased line exists between the calling and answering routers. In this situation, Demand Dial Routing is usually used to automatically re-establish a connection that may have failed due to a temporary glitch. With this type of connection, you can use a dynamic routing protocol such as RIP or OSPF over the connection.

On-demand connections, on the other hand, are the type of connections I discussed at the beginning of the article. There are a couple of different ways to establish an on-demand connection. As mentioned, the calling router must contact the answering router in an on-demand connection environment. The usual method of doing this is to designate one of the routers as the calling router and designate the other router as the answering router. This configuration is known as a one-way connection. However, you can also configure a two-way connection in which both servers act as both calling routers and answering routers.

To simplify things, for the remainder of the article I’ll be discussing one-way, on-demand connections. Just realize that everything that applies to one-way connections also applies to two-way connections. The only difference is that in two-way connections, each step must be performed on both ends.

When the calling router detects the path in which a packet should follow is unavailable, it initiates a connection to the answering router. For security purposes the answering router requires the calling router to provide a password. Because of the automated nature of Demand Dial Routing, the calling router keeps the password on file and provides it to the answering router when asked for it.

After the answering router has authenticated the calling router, the calling router passes a set of static routing tables to the answering router. The answering router then updates its own internal routing tables to reflect the new routes. Once authentication has been completed and the routing tables are updated, Windows 2000 establishes a PPP session between the two routers. The PPP session remains active over the dial-up connection for as long as packets are flowing across the routers. Once the routers have been idle for a period of time, Windows 2000 drops the connection and resets the routing tables. The length of time that a router must be idle before the connection is dropped is user configurable.

If you’re using an on-demand connection, you must carefully choose which protocols you wish to use with the connection. Routers with permanent connections can use dynamic routing protocols such as RIP or OSPF. You should avoid using such protocols in on-demand connection environments, however. This is because dynamic protocols require the occasional exchange of information between servers for configuration purposes. If no permanent connection exists between servers, this information exchange can’t happen.

Another thing you should consider when configuring on-demand connection routers is how to set the default IP route. The default IP route is the route that IP packets will follow if no existing router provides a path for it. Under normal circumstances, using a default IP route setting works fine because traffic that can’t seem to find an address on your network is often destined for the Internet anyway, and there’s a good chance that the default IP route provides a path to the Internet.

Using a default IP route in a Demand Dial environment is a bad idea, though. If you set the Demand Dial connection as the default IP route, then any packets that can’t be matched up to an existing route will attempt to go through the Demand Dial connection. This means that the dialing server will contact the answering server and the packets will be routed across the Demand Dial connection. If this connection leads to a closed network, the packets will still have no place to go. This means that your network has just incurred cost and consumed resources all in the name of forwarding packets to an unreachable host.

What does this mean to you? It means that if you use a Demand Dial Router, you should configure the router with specific routes that tell the server exactly what’s on the other side of the link, rather than simply making the Demand Dial connection the default IP route.

Conclusion
In this article, I’ve discussed the concept of Demand Dial Routing. I also explained how Demand Dial Routing works. In part two, I’ll be discussing some of the complex security issues involved in Demand Dial Routing.
The authors and editors have taken care in preparation of the content contained herein but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for any damages. Always have a verified backup before making any changes.