Reputation: 1721
Allow multiple IPs to be used for outbound traffic on Windows Server 2012 R2 using one NIC
I have a Windows Server 2012 R2 VM, which has one vNIC installed, with multiple IPs. It's being leveraged as a reverse proxy server (URL Rewrite) via IIS. However, I observed that outbound traffic was going out on one IP address only. I understand the issue affects Windows 2008 and Windows 2012 and I must set the SkipAsSource param to True for non-primary IPs. And I can control the source IP of the outgoing request within a, e.g. my own .NET app. However, that won't resolve my use case, as I want outbound traffic on multiple IPs, not a specific IP and I'm employing IIS URL Rewrite module for reverse proxy traffic.
Aside from installing multiple NICs, is there anything I can do within the Windows Server VM to resolve this issue? Windows has routing tables but I'm not 100% sure how to configure routing tables for this use case, if that's even a solution.
Example:
IPs installed: 192.168.1.100, 192.168.1.101, 192.168.1.102.
Outbound traffic goes out on 192.168.1.100 only (lowest number). I want outbound traffic to go out on all IPs in IIS.
Update:
Maybe I wasn't clear but the Powershell/netsh command to set SkipAsSource flag to true for non-primary IPs is not what I'm looking for. I want all IPs to be capable of being the source IP for outbound traffic.
In IIS: I have three websites; each has its own IP. Each website acts as a reverse proxy via URL Rewrite module and they're all separate applications. Incoming IP is fine. Outgoing IP is the concern, as it always chooses .100. For each website, I want the outbound traffic to match its respective IP. If a request comes in on .100, the proxy should forward it out on .100, as well. If .101, outgoing traffic should use .101. .102, outgoing should use .102. Ergo, IP for incoming traffic on server = IP for outgoing traffic on same server. I'm not looking for one designated IP for outgoing traffic for all websites. Aside from separate NICs, is there anything I can do in Windows to make this work? Is routing table a possible solution? If so, how would I configure that exactly?
Upvotes: 1
Views: 2319
Answers (1)
Reputation: 3964
Windows now selects the IP address based on the following behaviour:
Perfer same address: If the destination IP address is the same as one of the source IP addresses, use that same address.
Perfer outgoing interface: Prefer an IP address on the interface that sends the packet.
Use longest matching prefix with the next hop IP address: Use a source IP address together with the longest high order bit match to the next hop IP address.
Use longest matching prefix with the destination IP address: Use source IP with longest high order bit match to destination IP address.
For more information about "Source IP Address Preference with Multiple IPs on a NIC", you can refer to this link.
we can use PowerShell to Change IP Behavior with SkipAsSource, for more information about it, you can refer to this blog.
Upvotes: 1
Related Questions
- IIS 8.5 Ignores IP Restrictions. Any recommendations?
- Assign multiple IP addresses to existing virtual machines access web server
- IIS external access by IP address
- How do I configure an IIS site on an Azure VM to accept requests from an additional external IP Address?
- restricting IP security
- Multiple public IPs to Azure VM
- Can I attach 3 NICs, each with its own public IP to a vm on Azure?
- Multiple IPs bound to one NIC on Windows
- Allowing multiple IP address connections to Windows Azure SQL Server
- Connect using specific IP (multiple IPs on NIC)