Help requested with RIPv1 lan issues (UK school)

[andy]

Hi,
I am looking for some guidance and comments on a issue we are seeing on our
school network.

Scenario: 9 servers, 3 DC's all Server 2003 standard or Enterprise. One ISA
2000 server, Exchange 2003 server, SMS 2003, MOM 2005. Full SP. 650 XP Pro
clients some SP2 others SP1.

Clients are grouped together in sets of 15 or 30 depending on room size,
each room is connected via a 100MB (cat 5e) switched network to a gigabit
backbone (all fibre). We have two sites linked by Gigabit fibre. Our core
switches are 3Com with DLink switches in the classrooms.

We use addresses in the range 192.168.x.y on our network where x = classroom
number and y=pc within the classroom, we have a persistent route configured
on each client that points to the 192.168.2.0 subnet which is where our
servers live.

Our servers have static routing entries to all our subnets.


We have suffered several network issues over the last three months:-

AD replication issues, high packet loss, loss of mapped user drives.

So we replaced our Allied Telesyn switches with new 3Com, replaced our site
to site fibre and have had new links pulled in from the cabs to our server
rooms.

We rebuilt AD and the servers are replicating perfectly, however we still
have odd students who fail to have their drive mapped at login or who loose
access to their drive whilst logged in. There appears to be no pattern as
this occurs at random. Logging out and logging back in always restores the
users access to mapped drives. The event log on the clients indicate that
the share is offline.

So, I have been monitoring our LAN using Ethereal and I am seeing bursts of
RIP v1 request traffic from our clients that cause our normal client to
server pings to rise from <4ms to around 170ms with the occasional 'request
timed out' occurring. Watching the wire it seems that each RIP request lasts
around 3 or 4 seconds. Sometimes in the space of 1/2 hr we may see 4 or 5
clients making similar broadcasts, sometimes we see several clients making
the same broadcast at the same time. We have no idea why some clients send
the RIP request traffic and others don't.

Could this be the cause of students loosing their mapped drives by hogging
the network? Do we need to setup RRAS on a server to deal with these
requests? or should we just disable RIP on the clients?

Is there a easy way to disable RIP where it installed using group policy or
similar without visiting each XP client?

I did Google for answers and tried Usenet too. Any help is gratefully
received.

Andy.

 

[Bill Grant]

RIP Listener is an option in XP that allows the client machine to listen
for RIP messages from routers. It is installed from the Windows Add Software
| Networking window. It is not usually installed by default.

As a first step, check one machine each which does/doesn't do this and
check that RIP Listener is present/absent. At least then you will know what
is causing the problem.

I don't really know whether this can be controlled by group policy or
something similar. I would certainly want it turned off. I like the routers
to do the routing, not the clients!

 

[andy]

RIP Listener is an option in XP that allows the client machine to listen
for RIP messages from routers. It is installed from the Windows Add Software
| Networking window. It is not usually installed by default.

As a first step, check one machine each which does/doesn't do this and
check that RIP Listener is present/absent. At least then you will know what
is causing the problem.

I don't really know whether this can be controlled by group policy or
something similar. I would certainly want it turned off. I like the routers
to do the routing, not the clients!

I think we have clients with the RIP option installed that are not creating
storms of RIP v1 requests. Really what I am after an answer to is whether
this is normal behaviour for the XP RIP Listener. Probably the fact that all
our RIP enabled clients don't do this is significant but I could be wrong.

Should RIP requests v1 from a single listener have the effect of slowing
pings from 1-4pms up to 170ms on a fully switched network? Should a single
client saturate the LAN for 3 to 4 seconds at a time with this traffic?

What are the circumstances when a XP listener would feel the need to
Broadcast (I presume it is a broadcast) this traffic to the world?

Regards,

Andy.

 

[Ron Lowe]

Hi,
I am looking for some guidance and comments on a issue we are seeing on
our
school network.

Scenario: 9 servers, 3 DC's all Server 2003 standard or Enterprise. One
ISA
2000 server, Exchange 2003 server, SMS 2003, MOM 2005. Full SP. 650 XP Pro
clients some SP2 others SP1.

Clients are grouped together in sets of 15 or 30 depending on room size,
each room is connected via a 100MB (cat 5e) switched network to a gigabit
backbone (all fibre). We have two sites linked by Gigabit fibre. Our core
switches are 3Com with DLink switches in the classrooms.

We use addresses in the range 192.168.x.y on our network where x =
classroom
number and y=pc within the classroom, we have a persistent route
configured
on each client that points to the 192.168.2.0 subnet which is where our
servers live.

Our servers have static routing entries to all our subnets.


We have suffered several network issues over the last three months:-

AD replication issues, high packet loss, loss of mapped user drives.

So we replaced our Allied Telesyn switches with new 3Com, replaced our
site
to site fibre and have had new links pulled in from the cabs to our server
rooms.

We rebuilt AD and the servers are replicating perfectly, however we still
have odd students who fail to have their drive mapped at login or who
loose
access to their drive whilst logged in. There appears to be no pattern as
this occurs at random. Logging out and logging back in always restores the
users access to mapped drives. The event log on the clients indicate that
the share is offline.

So, I have been monitoring our LAN using Ethereal and I am seeing bursts
of
RIP v1 request traffic from our clients that cause our normal client to
server pings to rise from <4ms to around 170ms with the occasional
'request
timed out' occurring. Watching the wire it seems that each RIP request
lasts
around 3 or 4 seconds. Sometimes in the space of 1/2 hr we may see 4 or 5
clients making similar broadcasts, sometimes we see several clients making
the same broadcast at the same time. We have no idea why some clients send
the RIP request traffic and others don't.

Could this be the cause of students loosing their mapped drives by hogging
the network? Do we need to setup RRAS on a server to deal with these
requests? or should we just disable RIP on the clients?

Is there a easy way to disable RIP where it installed using group policy
or
similar without visiting each XP client?

I did Google for answers and tried Usenet too. Any help is gratefully
received.

Andy.

Hi, I hope you dont mind me butting in...

Can we take a few steps back and look at your overall topology here?
Either I don't understand your topology, or you've got an odd topology.

Untill the underlying topology is working properly,
we can't really look at higher-level issues.

You describe a network where everything is connected together by switches.
Is that correct?
Yet then you go on to discuss RIP, static routes on clients etc.

RIP and static routes etc are used in a routed network,
to describe which routers connect to which subnets.
A routed network requires routers to define the seperate subnets, and route
between them.

Is that what you have?
It doesn't sound like it.

It sounds like you just have one large network ( or 'broadcast domain' ),
hooked together with switches.
You have then assigned IP addresses on different subnets on the same
network.
It sounsd like you are trying to route on a non-routed network.

It is possible ( but not common practice ) to have multiple IP subnets on
one network,
but you need to set up routing between them.

How are you currently routing traffic from (say) 192.168.10.x to
192.168.2.x?
How it that IP forwarding working?
Do you have routers to do this?
You say you have static routes on the clients to the 192.168.2.x subnet.
And static routes on the server to the classes.
Can you describe exactly what these routes point to as gateways?

Once we understand the how the existing routing ( or not ) works ( or not )
, then we can advise on how this ought to be set up.

I'm probably going to end up telling you that:

1) To do what you want, you need a router to handle each subnet.
If you want a seperate subnet per classroom, you need a router per
classroom.
( or a muli-ported router that can handle multiple subnets. )

2) Routes don't belong on the clients or servers, and you should not be
running RIP
on the clients or servers either ( unless they are explicitly
functioning as routers) .
All routes should be statically ( or dynamically ) set on the routers.
The clients should only have one route, and that should be the Default
Gateway route
pointing at the router which handles the classroom.

3) If you don't want to buy a bunch of routers, then you should stop trying
to route.
Accept the fact you don't have a routed network.
Just set it up as such...

The easiest way would simply be to supernet the whole 192.168.x.x network.
To do that, simply change the subnet mask on all the machines to 255.255.0.0
Remove all static routes, and all RIP.
Now , the machines are all on the 192.168.x.x single subnet.
They will communicate by ARP on the local subnet across the switches.
There is no routing to be done.

 

[andy]

Hi, I hope you dont mind me butting in...

That's why I posted!

Can we take a few steps back and look at your overall topology here?
Either I don't understand your topology, or you've got an odd topology.

Untill the underlying topology is working properly,
we can't really look at higher-level issues.

You describe a network where everything is connected together by switches.
Is that correct?
Yet then you go on to discuss RIP, static routes on clients etc.

RIP and static routes etc are used in a routed network,
to describe which routers connect to which subnets.
A routed network requires routers to define the seperate subnets, and route
between them.

Is that what you have?
It doesn't sound like it.

We have no routers (except the ISA box that routes to the Internet)

It sounds like you just have one large network ( or 'broadcast domain' ),
hooked together with switches.
You have then assigned IP addresses on different subnets on the same
network.
It sounsd like you are trying to route on a non-routed network.

It is possible ( but not common practice ) to have multiple IP subnets on
one network,
but you need to set up routing between them.

We started out with all our servers & clients on the 192.168.2.0 subnet,
this was fine for about three years when we ran out of IP's

When we ran out of IP's we started using 192.168.roomnumber.clientnumber,
this was very useful for watching internet traffic, we could see immediatley
on screen which room and what computer in that room was browsing what sites.

This arrangement has worked well for a year or so. Recently we have added a
lot of new computer classrooms and we have about 30 subnets on one physical
network.

How are you currently routing traffic from (say) 192.168.10.x to
192.168.2.x?
How it that IP forwarding working?
Do you have routers to do this?
You say you have static routes on the clients to the 192.168.2.x subnet.
And static routes on the server to the classes.
Can you describe exactly what these routes point to as gateways?

Ok station 7 in room 43 has a ip of 192.168.43.7 with a mask of
255.255.255.0 A persistent route is configured on the client using:-
route -p add 192.168.2.0 192.168.43.7 mask 255.255.255.0

our servers are on the 192.168.2.0 subnet. Say our File server is on
192.168.2.134 with a mask of 255.255.255.0 this has a route for each of the
classrooms configured:-

route -p add 192.168.43.0 192.168.2.134 mask 255.255.255.0
route -p add 192.168.42.0 192.168.2.134 mask 255.255.255.0

Once we understand the how the existing routing ( or not ) works ( or not )
, then we can advise on how this ought to be set up.

I'm probably going to end up telling you that:

1) To do what you want, you need a router to handle each subnet.
If you want a seperate subnet per classroom, you need a router per
classroom.
( or a muli-ported router that can handle multiple subnets. )

We would prefer a subnet per classroom but we can't afford the cost of
buying 30 odd routers. I guess we could add a second NIC to one machine per
room and connect both to the same switch.

2) Routes don't belong on the clients or servers, and you should not be
running RIP
on the clients or servers either ( unless they are explicitly
functioning as routers) .
All routes should be statically ( or dynamically ) set on the routers.
The clients should only have one route, and that should be the Default
Gateway route
pointing at the router which handles the classroom.

Our network has evolved, training has only been secured this last year after
the new kit went it. There are 4 of us of which 2 are part time to support a
school network of 650 clients, 9 servers and a seperate admin server (NT4)
and 30 clients. We provide classroom support, teacher support, wiring, tv &
video, telephone support for over 100 staff and 1600 pupils. It sounds like
we have got by with a less than ideal network configuration over the last 4
years or so.

3) If you don't want to buy a bunch of routers, then you should stop trying
to route.
Accept the fact you don't have a routed network.
Just set it up as such...

I thought that since we had clients on different subnets that we had to have
routes configured for them to communicate. It also appeared to work!

The easiest way would simply be to supernet the whole 192.168.x.x network.
To do that, simply change the subnet mask on all the machines to 255.255.0.0
Remove all static routes, and all RIP.

We installed RIP when we were looking at moving away from static routes as
they were getting unwiedly.



That sounds straightforward. Have we effectively been broadcasting all our
network traffic? Our pings have always been very good except when our
clients start broadcasting RIP v1 requests.

Wouldn't we have seen absolutely tons of broadcast traffic with ethereal?

Now , the machines are all on the 192.168.x.x single subnet.
They will communicate by ARP on the local subnet across the switches.
There is no routing to be done.

I am now off to try this on a few virtual machines. Blimey setting routing
entries has been our standard practice for 4 years now. I am embarassed, a
book on tcpip will be essential Christmas reading I think.



Thank you Ron. I will post back the results of our change over to
supernetting!

Andy.

 

[Ron Lowe]

Ok, I'll answer a couple of points here, and I'll reply again later
tomorrow with more information, because this is quite a big issue.

We have no routers (except the ISA box that routes to the Internet)

OK, so we have one big physical network segment.

We started out with all our servers & clients on the 192.168.2.0 subnet,
this was fine for about three years when we ran out of IP's

OK. Organic network growth is the norm.

When we ran out of IP's we started using 192.168.roomnumber.clientnumber,
this was very useful for watching internet traffic, we could see
immediatley
on screen which room and what computer in that room was browsing what
sites.

This arrangement has worked well for a year or so. Recently we have added
a
lot of new computer classrooms and we have about 30 subnets on one
physical
network.

OK. But you have not actually made subnets ( in the IP sense. ),
because there are no routers.

Ok station 7 in room 43 has a ip of 192.168.43.7 with a mask of
255.255.255.0 A persistent route is configured on the client using:-
route -p add 192.168.2.0 192.168.43.7 mask 255.255.255.0

OK, I think you've gotten the syntax back-to-front, but I know what you
mean.
The syntax would be:

route -p add 192.168.2.0 mask 255.255.255.0 192.168.43.7
^ ^
^
Destination Mask Gateway to reach
destination

This is essentially turning each machine into a router for itself.
You are saying that the route to the remote network is this local machine.
Which is essentially a nonesense in this case

This works purely by good luck.
It just so happens that if you point a machine to itself for a route, then
it ARPs it anyway.
And this is how your network is working.

That sounds straightforward. Have we effectively been broadcasting all our
network traffic? Our pings have always been very good except when our
clients start broadcasting RIP v1 requests.

Wouldn't we have seen absolutely tons of broadcast traffic with ethereal?

No. You have a switched network, which is keeping point-to-point traffic
from being flooded to all stations.
It's the layer 2 switching that's helping here.

It *appears* you are routing, but you are not.
By pointing machines to themselves as gateways, they are just ARPing on the
local LAN exactly as if the whole network were using a subnet mask of
255.255.0.0.

By simply changing the masks to 255.255.0.0 on all machines, you'd be in the
same situation, but without the added confusion of apparent IP routing.

Like I say, I'll post back with some more concrete proposals tomorrow.
But here's my thoughts for now:

1) With over 700 machines on the network, that's a bit big for one LAN
segment.
I'd certainly want to split it up into subnets.
But perhaps not 30, ( one per class) .
We can look at what practical sub-divisions can be made.
But you almost certainly want to set up some form of IP routing.

2) With that number of machines, you really ought to be using DHCP rather
than manual IP configuration.

3) You should have a solid WINS and DNS infrastructure to handle name
resolution across the subnets.

One of your servers will be able to handle this.
What OS are the servers running?

Basically, we ought to simplify your configuration to the point that the
client
PCs need no configuration, just switch them on, and off they go.

No IP assignments, no routes, no RIP.
Just DHCP feeding an IP, mask and Default Gateway.

Can I ask where in the UK you are?

 

[andy]

Ok, I'll answer a couple of points here, and I'll reply again later
tomorrow with more information, because this is quite a big issue.


OK, so we have one big physical network segment.


OK. Organic network growth is the norm.



OK. But you have not actually made subnets ( in the IP sense. ),
because there are no routers.


OK, I think you've gotten the syntax back-to-front, but I know what you
mean.

Actually the syntax I quoted is what we use!

The syntax would be:

route -p add 192.168.2.0 mask 255.255.255.0 192.168.43.7
^ ^
^
Destination Mask Gateway to reach
destination

This is essentially turning each machine into a router for itself.
You are saying that the route to the remote network is this local machine.
Which is essentially a nonesense in this case

This works purely by good luck.
It just so happens that if you point a machine to itself for a route, then
it ARPs it anyway.
And this is how your network is working.

I haven't appreciated this until now, so I thought we were routing between
logical subnets on a single physical network. My ignorance!

No. You have a switched network, which is keeping point-to-point traffic
from being flooded to all stations.
It's the layer 2 switching that's helping here.

It *appears* you are routing, but you are not.
By pointing machines to themselves as gateways, they are just ARPing on the
local LAN exactly as if the whole network were using a subnet mask of
255.255.0.0.

By simply changing the masks to 255.255.0.0 on all machines, you'd be in the
same situation, but without the added confusion of apparent IP routing.

Ahh! So changing the mask won't have any impact on the operation of the
network. I guess we can change the mask as a gradual process.

Like I say, I'll post back with some more concrete proposals tomorrow.
But here's my thoughts for now:

I am really grateful for your input here, already you have provided
significant food for thought! Thank you.

1) With over 700 machines on the network, that's a bit big for one LAN
segment.
I'd certainly want to split it up into subnets.
But perhaps not 30, ( one per class) .
We can look at what practical sub-divisions can be made.
But you almost certainly want to set up some form of IP routing.

What are the benefits of using a smaller lan segment? We don't use hubs only
layer 2 switches (3com &D-Link). I thought that the switches effectively
segmented the LAN for us.

2) With that number of machines, you really ought to be using DHCP rather
than manual IP configuration.

OK, we do use DHCP to assign IP's to staff laptops (only about 50 or so).
The only reason we use static IP's on our clients is to track Internet
access in the ISA logs. Outgoing Authentication isn't an option for us at
the moment. Now if we could find a way of mapping a fixed ip to a client
that didn't involve typing in lots of mac addresses that would be great!

3) You should have a solid WINS and DNS infrastructure to handle name
resolution across the subnets.

We have one Wins server and two DNS servers

One of your servers will be able to handle this.
What OS are the servers running?

Windows Server 2003 (Standard & Enterprise)

Basically, we ought to simplify your configuration to the point that the
client
PCs need no configuration, just switch them on, and off they go.

No IP assignments, no routes, no RIP.
Just DHCP feeding an IP, mask and Default Gateway.

A worthy goal.

Can I ask where in the UK you are?

Yes, of course. We are in South Yorkshire
Thanks for the post Rob.

 

[Ron Lowe]

HI,

Sorry its taken a while to get back, I've been considering how best to
respond to this.

Considering the size of the network ( over 700 machines with multiple
servers ), then you really need to get professional advice on this. This
goes beyond the scope of a newsgroup posting.

What you need to do is have someone perform a site survey, and determine the
optimal physical and logical layout of the network.

With the number of machines you have, and possibly with requirements to keep
class systems seperate from admin systems, then I'd expect to be looking at
VLANS and Layer3 switching.

Layer3 switching is essentially the same as routing.
You might want to have a L3 switch at the backbone, routing to each
classroom or something like that.

You may want to have classroom systems and admin / staff machines on
different VLANS.

A competent networking consultant would be able to advise, based on a site
visit.