SolutionBase: Using Windows Server 2003 as a router on your network

Windows Server 2003 has many powerful features, including a built-in router. Here's how you can configure Windows Server 2003 to act as a router on your network.

Windows Server 2003 has many powerful features, including a built-in router. Why would you want to use Windows Server 2003 for routing? Because you can? Okay, that’s not really a good answer. But you’ve probably wondered why you'd use Windows Server 2003 as a router rather than using a dedicated router from Cisco, Bay Networks, or another manufacturer. In a lot of situations, a dedicated router makes more sense and is generally less expensive. There are situations, however, where it makes sense to use Windows Server 2003 for routing. Here's how you can configure Windows Server 2003 to act as a router on your network.

How Windows Server 2003 routing works

Windows Server 2003’s RRAS service supports several capabilities, one of which is supporting dial-up clients through POTS, ISDN, and other connectivity options. You can use integrated Windows authentication or rely on a RADIUS server (which could be the RRAS server) to authenticate clients. PPTP and L2TP support enable the RRAS server to function as a VPN server, giving remote clients a means of establishing a secure, private network connection to the LAN through a public network such as the Internet. Typically, the VPN connections come in through a dedicated, 24/7 Internet connection.

For example, assume you have three network segments, which currently are not interconnected, and you're setting up a remote access server on one of those segments. At the same time, you want to provide dial-up capability to each segment by remote clients. In this situation, it makes sense to install a single RAS server and let it provide routing services to all segments. Windows Server 2003 can fulfill both roles with no problem. So, using Windows Server 2003 as a router makes sense when you’re providing services to your LAN that require routing and no other routers are currently online to handle the traffic, or you don’t want the additional expense and management of a dedicated router in addition to your server.

Another reason to use Windows Server 2003 for routing is to provide DHCP Relay services for DHCP clients that reside on network segments where there is no DHCP server. Windows Server 2003 includes a DHCP Relay agent that provides this functionality in conjunction with RRAS.

A third reason to use Windows Server 2003 RRAS for routing is ease of use. Although router manufacturers have come a long way toward improving the configuration and management interfaces for their routers, the GUI management tools in Windows Server 2003 make it very easy to configure and manage Windows Server 2003 routers.

A Windows Server 2003 RRAS server can function as a dedicated router, connecting other routers continuously, or it can function as a demand-dial router. In this latter scenario, the router dials and connects to a remote router only when traffic that requires routing to the remote network comes to the router. Demand-dial routing is often used to reduce connectivity costs. If you send traffic over a metered connection only once or twice a day, for example, why pay for a full-time connection? With demand-dial routing, the router dials the remote network when traffic needs to be routed, then disconnects automatically after a defined period of inactivity. This helps keep costs down by keeping the connection live only when needed.

Understanding IP routing

Without IP routing, the Internet and many private networks would stop functioning instantly. Routing is a crucial aspect of IP networking. Understanding how routing works is the place to start when you’re thinking about setting up a Windows Server 2003 RRAS server to function as a router.

The primary function of a router, whether it is a dedicated box or a Windows Server 2003 router, is to route network packets between different network segments. When you open a browser to connect to a Web site, for example, your computer looks up the IP address of the remote site through DNS and then sends network packets to the remote site’s IP address to request the site’s content.

Your network router, identified by your workstation at its default gateway, receives the traffic, analyzes the destination IP address for the packets, and determines that the packets are destined for a network segment beyond your own. Based on its routing tables, the router sends the packet out on the appropriate interface to another router. The traffic gets routed through potentially several routers and eventually reaches the server where the site is hosted. Then, the process happens again in reverse for the traffic coming from the server to your computer.

Routers generally are connected to at least two subnets and, in effect, the router resides as a node in each of the subnets to which it is connected. This gives the router local connectivity to each of the subnets on which it resides and is the mechanism by which routing is possible. Figure A illustrates a router connected to three different subnets, which in turn are connected to other subnets and eventually the Internet. Each router is sometimes referred to as a “hop,” and a packet’s hop count is increased by one each time it passes through another router (more about this later).

Figure A

An example of a router connected to multiple subnets

As the figure illustrates, Router A connects subnet 1 to subnets 2 and 3, which are in turn connected to the Internet by other routers, B and C. Router A therefore is assigned three IP addresses, one in each subnet, making it a member of each subnet and directly accessible to the nodes in each connected subnet. When a client in subnet 1 sends traffic destined for subnet 3, the traffic is directed to the client’s default gateway, which in this case is the IP address of the router at A1. The default gateway is defined in the client computer’s TCP/IP properties.

The router analyzes the packets when they come in to determine the destination address. Discovering that the traffic is destined for subnet 3, the router directs the traffic out the interface A3, based on its internal knowledge that the destination node must reside on subnet 3.

But what happens when the traffic is destined for a subnet that resides beyond the router’s locally connected segments, such as a remote Internet server? The router uses its routing table to determine which interface to use to route the traffic. The router’s default route, which you configure, is the route used when traffic is destined for an address that resides beyond the router’s local interfaces. The default route specifies the IP address of the router to which all traffic that isn’t destined for a known interface (also determined by the routing table) should be routed. So, the router analyzes the packet, recognizes that the destination IP address doesn’t match the subnets of defined routes in the routing table, and directs the packet to the default route. The router specified by the default route analyzes the packet and routes it based on its routing table.

Each route in a routing table falls into one of three categories:

  • Network route: Provides a route to a specific network ID and all addresses within that network
  • Host route: Provides a route to a specific host (A host route entry defines the host IP address as well as the network address.)
  • Default route: Used to route traffic for which there is no corresponding network route or host route

The routing table contains routing entries against which the router checks the destination address of all packets to determine how to route each packet. Each entry in the routing table has specific general properties:

  • Network ID, host address, subnet mask: These properties serve to identify the destination network ID or host address and the destination’s subnet. If the router determines that the destination address stored in the packet’s header matches these properties in a routing table entry, it forwards the packet to the forwarding address associated with the route (see next).
  • Forwarding address: This is the address of the remote router to which the router forwards packets that match the network ID, host address, or subnet defined by the entry.
  • Interface: This property specifies the local router port through which the traffic should be routed for packets that satisfy the criteria of the routing table entry.
  • Metric: This value identifies the relative cost of the route, which is based on actual connection cost, available bandwidth, and other factors that you determine when you create a route. If more than one route exists for the same destination, the router uses the one with the lowest metric, if available.

Here’s a summary of the whole process: A packet comes into the router. The router analyzes the destination address in the packet’s header. The router then examines its routing table, attempting to match the packet’s destination address against the network ID, host address, or subnet properties of each routing table entry. If a match is found, the router directs the packet to the forwarding address defined by the matching routing table entry, using the interface and metric to decide how to physically route the packet out of the router. If the packet’s destination address doesn’t match any of the routing table entries, the router sends the packet to the forwarding address defined by the router’s default route. If no default route is defined, the packet is rejected and routing fails. The routing table is therefore the blueprint by which the router accomplishes its job.

How are routing entries added to the routing table? A router can learn its routes dynamically from other routers, or it can use statically defined routes, or static routes. With dynamic routes, routers communicate with one another to share learned routes, which enables routes to propagate to adjacent routers. Routing protocols are used to enable the routers to share this routing information. The two most common routing protocols are Routing Information Protocol (RIP) and Open Shortest Path First (OSPF), both of which are supported by Windows Server 2003.

The administrator who configures the router creates static routes manually. In a small network with few subnets, static routes are an effective means of routing all traffic. As the number of routers grows, however, dynamic routing becomes more desirable because of the reduced management overhead. You don’t have to manage existing routes or create new ones when another segment is added to the network. Instead, the router learns its routing table from adjacent routers automatically when the router comes online.

Overview of RIP

Of the two routing protocols included with Windows Server 2003, RIP is easier to configure. RIP is limited to a maximum hop count of 15, making RIP useful for small- to medium-size installations. Any address more than 15 hops away is deemed unreachable by the router.

Each time a router boots, it re-creates its routing table. The routing table initially only contains the routing table entries for physically connected networks. A router using RIP periodically broadcasts announcements regarding routes, which enables adjacent routers to modify their routing tables. So, after a router comes online, it begins using RIP announcements to build its routing table. Also, RIP provides for triggered updates in addition to broadcast updates. These triggered updates occur when a router detects a network change, such as an interface going down. The router then broadcasts the change to adjacent routers, which modify their routing tables accordingly. When the interface comes back up, the router that recognizes the change broadcasts a triggered update to adjacent routers, which again modify their routing tables to accommodate the change.

Windows Server 2003 supports RIP version 1 and version 2. RIP v2 provides additional features over RIP v1, such as authentication for security and route filtering. RIP v2 also supports multicast broadcast of RIP announcements and several other features. RIP v1 routers are forward-compatible with RIP v2 routers, enabling them to coexist.

Overview of OSPF

OSPF was developed to address the needs of large networks, such as the Internet. Each OSPF router maintains a link-state database (LDB) that contains link-state advertisements (LSAs) from adjacent routers. The LSA contains information about a router, its connected networks, and configured costs. The cost is similar to a route metric discussed earlier, in that it defines the relative cost of using the route. OSPF uses an algorithm to calculate the shortest path for routing based on the information contained in its LDB, making it a very efficient means of routing. Adjacent routers recalculate and synchronize their LDBs as network changes occur, such as network interfaces going down or coming online.

OSPF is more complicated to configure than RIP. Its performance advantages are geared primarily toward very large networks, so if you’re setting up a router for a small- or medium-size network, RIP is generally the better option. Where network size is a factor, however, OSPF is the better choice.

Unicast routing vs. multicast routing

Another important aspect to understand about routing is the difference between unicast routing and multicast routing. In unicast routing, a packet is sent from one node to only one other node, as illustrated in Figure B. This is the most common type of routing and the one you use every time you open a Web browser and browse an Internet site, retrieve your e-mail, move a file with ftp, and perform most other common IP-based network tasks.

Figure B

Unicast routing directs packets from one node to another.

In multicast routing, however, traffic is broadcast from one node to many nodes, as illustrated in Figure C. Multicasting is most commonly used for audio and video conferencing, enabling packets to be efficiently transmitted to multiple clients from a single host. Without multicasting, the packets would have to be transmitted multiple times to each client, generating a considerably larger amount of network traffic and imposing more overhead on the server. Plus, as you can imagine, conferencing would be difficult to set up without multicasting, as the conferencing server would need to be preconfigured with the list of all participants. With multicasting, the participants simply listen on a designated multicasting address, which can be allocated by a DHCP server to automate configuration.

Figure C

Examples of conferencing with and without multicasting

Configuring a unicast router

As with other RRAS configurations, you can use the RRAS wizard to configure Windows Server 2003 as a router. Setup installs RRAS by default, so you only need to enable and configure the server according to your routing needs. To start the RRAS wizard, open the RRAS console from the Administrative Tools folder. Right-click the server and choose Configure And Enable Routing And Remote Access. In the wizard, select the option to configure a network router. The wizard prompts you for the following information:

  • Protocols: Select the protocols to be supported for routing, such as TCP/IP and/or IPX. If the protocols are not installed, the wizard gives you the option of adding them. By default, all installed protocols are enabled for routing, but you can choose to disable some if you don’t want the protocol to be routed.
  • Use demand-dial connections: You can choose to enable demand-dial routing at this point or accomplish the task later.

In addition to configuring the router through the wizard, you also can enable routing manually. You need to choose this latter option if the server is already configured and enabled for RRAS (such as a VPN server) and you want to add routing to the server’s list of roles.

To enable routing for a server that already has RRAS enabled, open the RRAS console from the Administrative Tools folder. Right-click the server and choose Properties. Select the Router check box and then select the type of routing you want to support, either LAN or LAN and demand-dial. Then click OK.

Next, configure the IP address for which RRAS performs routing on that interface. By default, Windows Server 2003 uses the first interface to process routing tasks on that interface, and on interfaces with only one address, no configuration is needed. If the interface has multiple addresses, however, you’ll need to reconfigure RRAS if the default address is not the one you want to use. To configure the address, open the RRAS console, expand the server, and expand the IP Routing branch. Click General and, in the right pane, right-click the interface you want to modify and choose Properties. Use the Configuration page to set the IP address, subnet mask, and default gateway (if needed) for the interface. To set the metric for the interface, click Advanced.

Configuring a router with static routes

At this point, I assume you have the server enabled for routing and have configured the desired address on each interface. Now it’s time to think about how you’ll implement routing. As mentioned earlier, you can use static routes, RIP, or OSPF (if the router only routes traffic between two subnets, you don’t need to worry about creating routes or using RIP or OSPF). Let’s take a look at static routes, which are a good option if you’re setting up your Windows Server 2003 RRAS router in a small network.

For this example, we’ll use privately addressed network segments. Figure D shows our sample network structure. We’ll work on configuring router B, which we’ll assume has two network interfaces. As Figure D illustrates, router B resides on subnets 192.168.0.n and 192.168.1.n. The IP addresses of the router’s interfaces are (LAN 0) and (LAN 1). In these examples, I’ve renamed the network interfaces from their default names of Local Area Connection and Local Area Connection 2 to LAN 0 and LAN 1, respectively. It’s a good idea on multihomed systems to rename the interfaces to help you keep track of what’s what. To rename the interfaces, open the Network And Dial-Up Connections folder, right-click an interface, and choose Rename.

Figure D

Sample network for configuring routing

Let’s add a static route at Router B to route traffic to the subnet (subnet 2) through interface LAN 1. To add a static route, first open the RRAS console. Expand the IP Routing branch and click Static Routes. Either right-click in the right pane or right-click Static Routes and choose New Static Route. RRAS displays the Static Route dialog box in which you provide the following data:

  • Interface: Choose the network interface that RRAS should use to route traffic that meets the static route criteria. In this example, you want to configure a static route for traffic destined for to be routed through LAN 1, so select the LAN 1 interface.
  • Destination: Rather than create a host route, you’ll create a network route. Enter the network ID of the destination network, which in this example is Remember that the router compares the destination IP address of incoming packets against this network address to determine if the route entry matches and if the route is appropriate for routing the packets. You can specify a network address, host address, or use for this value (this latter option creates a default route). Use the low network address to specify a network address, as I did in this example, or specify the actual IP address of the host if creating a host route.
  • Network mask: Specify the subnet mask of the destination network or host. In this example, enter, the subnet mask for our Class C private network.
  • Gateway: Specify the IP address to which packets matching the route criteria are routed. In this example, you need to specify the IP address of Router C on the subnet. As you can see from Figure D, the address to enter is
  • Metric: Enter the relative cost for the route by specifying a metric. If more than one route exists, the one with the lowest metric is used to route the traffic if that route is available.
  • Use this route to initiate demand-dial connections: If you have configured at least one demand-dial interface for the router, this option is available. Select this option if you want the router to initiate a demand-dial connection when it receives traffic that matches the selected route.

Next, you create a static route to accommodate the subnet. The data for this static route is the same as the one you just created, except the destination network address is The Gateway is the same as in the previous route. The static routes you set up on Router C handle the traffic from that point, routing it to Router D.

Finally, you should create a default route on Router B that directs all other traffic not destined for subnets 1, 2, or 3 to Router A, with the assumption that the traffic is destined for a public address on the Internet. So, create another static route on Router B using the following values:

  • Interface: LAN 0
  • Destination:
  • Network mask:
  • Gateway:
  • Metric: As desired
  • Use this route to initiate demand-dial connections: As needed

It's not all that bad

You can see that setting up static routes takes a little work but can be an effective means of configuring routing for small networks. As the number of routers you manage grows, you’ll likely turn to RIP and/or OSPF to provide dynamic routing. While RIP and OSPF are a little more complicated to set up, they are much easier to manage. In an upcoming article, we’ll take a detailed look at both protocols, as well as demand-dial routing and multicast routing.