Numerous Replication Connections per DC/GC?

[SWalters]

I am working on documenting and recommending some possible changes to a
larger AD infrastructure. Here's some specs:

Native 2000 AD
1 - Root AD Domain
5 - Child Domains with the obvious transitive trusts.

Each child domain represents a geographical location. For ex. one child
domain controls all of North America and a lot of South America, one does
all of Europe, and one does all of Asia....etc.

The whole network (including all domains) includes about 114 sites with
115 Site Links. ISTG and Site Bridging is all set so KCC handles
everything.

I'll keep this as brief as possible providing additional information if
needed. I will also only focus on the North American domain at this
point...

The network is MPLS with T1 connections between all SAT and HUB sites. The
primary root domain along with the main HUB for the NA domain are sitting
on a 9MB or higher connection.

I have numerous servers that have a LOT of connections for replication
that were "Auto" setup by KCC. Some of which make no sense to me. One site
has only one DC server and one Site Link but yet has 143 Auto Generated
connections to other servers. This seems way out of line.

This is similar to what is happening to other sites as well...albeit not
as high.

I wouldn't think I need to turn of ISTG or would I?

Wouldn't I just "assist" KCC and manually create and delete connections
that seem pointless?

Is this actually the result of auto site link bridging? I would think that
you only need connections between the servers in one site and the servers
in the sites in which links were created?

Thanks for any help and I imagine I may need to provide some additional
information and will do so. Just so much info I didn't want to saturate
the post.

Thanks again,

 

[Ace Fekay [MVP]]

I am working on documenting and recommending some possible changes to a
larger AD infrastructure. Here's some specs:

Native 2000 AD
1 - Root AD Domain
5 - Child Domains with the obvious transitive trusts.

Each child domain represents a geographical location. For ex. one child
domain controls all of North America and a lot of South America, one does
all of Europe, and one does all of Asia....etc.

The whole network (including all domains) includes about 114 sites with
115 Site Links. ISTG and Site Bridging is all set so KCC handles
everything.

I'll keep this as brief as possible providing additional information if
needed. I will also only focus on the North American domain at this
point...

The network is MPLS with T1 connections between all SAT and HUB sites. The
primary root domain along with the main HUB for the NA domain are sitting
on a 9MB or higher connection.

I have numerous servers that have a LOT of connections for replication
that were "Auto" setup by KCC. Some of which make no sense to me. One site
has only one DC server and one Site Link but yet has 143 Auto Generated
connections to other servers. This seems way out of line.

This is similar to what is happening to other sites as well...albeit not
as high.

I wouldn't think I need to turn of ISTG or would I?

Wouldn't I just "assist" KCC and manually create and delete connections
that seem pointless?

Is this actually the result of auto site link bridging? I would think that
you only need connections between the servers in one site and the servers
in the sites in which links were created?

Thanks for any help and I imagine I may need to provide some additional
information and will do so. Just so much info I didn't want to saturate
the post.

Thanks again,

That is too many connections. The bridgehead should be the only one
connecting to other bridgeheads in other sites, and which sites they are
depends on your links, bridged links, etc.

My first question is, are Sites configured properly? Subnet objects created
and associated with their respective Site name? I wouldn't disable the ISTG
until you find out why this is happening.

Any errors in the Event logs?

Here are some pertinent links:

Managing Sites:
http://www.microsoft.com/technet/pr...irectory/maintain/opsguide/part1/adogd06.mspx

Determining the Inter-Site Topology Generator (ISTG) of a Site in the Active
Directory (224599):
http://support.microsoft.com/support/kb/articles/224/5/99.ASP

How to Disable the Knowledge Consistency Checker From Automatically Creating
Replication Topology (242780) [incl Sites issues]:
http://support.microsoft.com/support/kb/articles/242/7/80.ASP

--
Ace
Innovative IT Concepts, Inc
Willow Grove, PA

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer

Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
to easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject.
It's easy:

How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

Infinite Diversities in Infinite Combinations
Assimilation Imminent. Resistance is Futile
"Very funny Scotty. Now, beam down my clothes."

The only constant in life is change...

 

[SWalters]

That is too many connections. The bridgehead should be the only one
connecting to other bridgeheads in other sites, and which sites they are
depends on your links, bridged links, etc.

My first question is, are Sites configured properly? Subnet objects
created and associated with their respective Site name? I wouldn't
disable the ISTG until you find out why this is happening.

I am currenlty documenting the subnets in relationship to the sites as well.
Unfortunately I can't say for sure if they are correct or not. I am finding
some rogue servers which were not demoted correctly from AD and still have
their identity in some sites but I'm hoping all subnets are correct...time
will tell.

Most of the Sattelite sites have only one DC/GC so they obviously are the
bridgehead servers for their site. However, there are at least 30 "Hub" sites
which have multiple DC/GCs.

Based upon what you said above let's say you have a HUB site with 4 GC/DCs
(not all will be GCs) and a SAT site with only one GC. Now that SAT site has
only one Site Link which connects it to the above mentioned HUB site. THat
server in the SAT site should have how many connections? Should those
connections ONLY be to that HUB site and not other sites in any domain?

One other note on the "Disable ISTG" comment. I don't think I want to disable
ISTG fully. It's my understanding that if ISTG creates something that is not
needed you can manually delete that connection without ISTG recreating it at
a later date. I also was thinking this problem could be stemming from the
"Bridge all site links" option being utilized. If all site links are being
bridge that would mean ISTG can and will create connections to any server
from any site...right?

Any errors in the Event logs?

There are so many servers I have not been able to check all event logs but
yes there are some errors especially on those sites with an enormous amount
of connections. Some of those servers those connections are going to can't
even be hit by DNS...I think some also can't be routed to either. I can't get
a straight answer from the client if this is a FULLY routed network or not.
Too many people too many depts I suppose.

Here are some pertinent links:

Managing Sites:
http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies
/activedirectory/maintain/opsguide/part1/adogd06.mspx

Determining the Inter-Site Topology Generator (ISTG) of a Site in the
Active Directory (224599):
http://support.microsoft.com/support/kb/articles/224/5/99.ASP

How to Disable the Knowledge Consistency Checker From Automatically
Creating Replication Topology (242780) [incl Sites issues]:
http://support.microsoft.com/support/kb/articles/242/7/80.ASP

Thanks for the links, I have read through most of those links above along. I
will continue to do so to referesh my memory on 2K as I've been dealing with
mostly 2K3 on larger scale networks.

Thanks for your reply. It's tough to walk into this without one piece of
documentation at hand.

 

[Andrei Ungureanu [MVP]]

The KCC is creating the replication connections based on the Site Link
information. So you will need to have one site link for each sattelite site
and each site link should contain only 2 things: the HUB site and the SAT
site.


--
Regards,
Andrei Ungureanu
www.eventid.net
Test our new EventReader!
http://www.altairtech.ca/eventreader/default2.asp?ref=au

That is too many connections. The bridgehead should be the only one
connecting to other bridgeheads in other sites, and which sites they are
depends on your links, bridged links, etc.

My first question is, are Sites configured properly? Subnet objects
created and associated with their respective Site name? I wouldn't
disable the ISTG until you find out why this is happening.

I am currenlty documenting the subnets in relationship to the sites as
well.
Unfortunately I can't say for sure if they are correct or not. I am
finding
some rogue servers which were not demoted correctly from AD and still have
their identity in some sites but I'm hoping all subnets are correct...time
will tell.

Most of the Sattelite sites have only one DC/GC so they obviously are the
bridgehead servers for their site. However, there are at least 30 "Hub"
sites
which have multiple DC/GCs.

Based upon what you said above let's say you have a HUB site with 4 GC/DCs
(not all will be GCs) and a SAT site with only one GC. Now that SAT site
has
only one Site Link which connects it to the above mentioned HUB site. THat
server in the SAT site should have how many connections? Should those
connections ONLY be to that HUB site and not other sites in any domain?

One other note on the "Disable ISTG" comment. I don't think I want to
disable
ISTG fully. It's my understanding that if ISTG creates something that is
not
needed you can manually delete that connection without ISTG recreating it
at
a later date. I also was thinking this problem could be stemming from the
"Bridge all site links" option being utilized. If all site links are being
bridge that would mean ISTG can and will create connections to any server
from any site...right?

Any errors in the Event logs?

There are so many servers I have not been able to check all event logs but
yes there are some errors especially on those sites with an enormous
amount
of connections. Some of those servers those connections are going to can't
even be hit by DNS...I think some also can't be routed to either. I can't
get
a straight answer from the client if this is a FULLY routed network or
not.
Too many people too many depts I suppose.

Here are some pertinent links:

Managing Sites:
http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies
/activedirectory/maintain/opsguide/part1/adogd06.mspx

Determining the Inter-Site Topology Generator (ISTG) of a Site in the
Active Directory (224599):
http://support.microsoft.com/support/kb/articles/224/5/99.ASP

How to Disable the Knowledge Consistency Checker From Automatically
Creating Replication Topology (242780) [incl Sites issues]:
http://support.microsoft.com/support/kb/articles/242/7/80.ASP

Thanks for the links, I have read through most of those links above along.
I
will continue to do so to referesh my memory on 2K as I've been dealing
with
mostly 2K3 on larger scale networks.

Thanks for your reply. It's tough to walk into this without one piece of
documentation at hand.

 

[Ace Fekay [MVP]]

In

Ace Fekay [MVP] wrote:
I am currenlty documenting the subnets in relationship to the sites
as well. Unfortunately I can't say for sure if they are correct or
not. I am finding some rogue servers which were not demoted correctly
from AD and still have their identity in some sites but I'm hoping
all subnets are correct...time will tell.

Most of the Sattelite sites have only one DC/GC so they obviously are
the bridgehead servers for their site. However, there are at least 30
"Hub" sites which have multiple DC/GCs.

Based upon what you said above let's say you have a HUB site with 4
GC/DCs (not all will be GCs) and a SAT site with only one GC. Now
that SAT site has only one Site Link which connects it to the above
mentioned HUB site. THat server in the SAT site should have how many
connections? Should those connections ONLY be to that HUB site and
not other sites in any domain?

One other note on the "Disable ISTG" comment. I don't think I want to
disable ISTG fully. It's my understanding that if ISTG creates
something that is not needed you can manually delete that connection
without ISTG recreating it at a later date. I also was thinking this
problem could be stemming from the "Bridge all site links" option
being utilized. If all site links are being bridge that would mean
ISTG can and will create connections to any server from any
site...right?

Sorry for the late reply.

As for the numerous removed DCs, it seems that they were just unplugged and
not properly removed by demoting them. The old references must be removed by
using the Metadata Cleanup process:

216498 - HOW TO Remove Data in Active Directory After an Unsuccessful Domain
Controller Demotion (2000):
http://support.microsoft.com/?id=216498

Clean up server metadata Active Directory 2003:
http://www.microsoft.com/technet/pr...ons/012793ee-5e8c-4a5c-9f66-4a486a7114fd.mspx

I would leave the ISTG alone, as Andrei suggested. Let the KCC create the
connections.

The subnet objects must be set properly. Also, DNS is important for AD
functionality. Make sure all machines onlyuse the internal DNS and not an
ISP's DNS anywhere in IP properties or anywhere else other than as a
forwarder.

The one hub and one sat site would have probably two connections. One
between the bridghead in the hub connected tothe bridghead in the remote
site, one one for the bridgehead in the remote site connecting to the
bridghead in the hub. As Andrei also said, should only have a minimal amount
of connections. Site Bridge links are like shortcut links between sites in a
linear design, such as Site A to SiteB to SiteC. You can create a shortcut
between C and A by bridging them. But you should have 115.

If you can post or send me a Viso of your layout, along with the names of
all your DCs and their ipconfig /alls, I can help to diagnose and optimize
it. Also send me a snapshot of Sites and Services with your Sites and IP
Subnet objects expanded. Send it to my email address. It's my
firstnamelastname(no spaces or periods)@hotmail.com.

Ace

 

[SWalters]

The KCC is creating the replication connections based on the Site Link
information. So you will need to have one site link for each sattelite
site and each site link should contain only 2 things: the HUB site and
the SAT site.

This is what is already setup. There is only one site link between the HUB
and SAT sites. As I was saying the one SAT site only has one GC and has only
one site link connecting to a HUB site. But yet there are 146 ad connections
on that SAT server which were auto created by the ISTG. How and why were
these connections created? It's DNS points to itself for primary and
secondary is one of the GC's in the HUB site.

 

[SWalters]

Sorry for the late reply.

That's OK...I appreciate the response.

As for the numerous removed DCs, it seems that they were just unplugged
and not properly removed by demoting them. The old references must be
removed by using the Metadata Cleanup process:

216498 - HOW TO Remove Data in Active Directory After an Unsuccessful
Domain Controller Demotion (2000):
http://support.microsoft.com/?id=216498

Clean up server metadata Active Directory 2003:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Op
erations/012793ee-5e8c-4a5c-9f66-4a486a7114fd.mspx

Oh I understand that this needs done. My purpose for posting that was just to
reiterate how "undocumented" this design is and how some delegation needs to
be put in place. I appreciate the link though as it helped from me looking up
the article again!

I would leave the ISTG alone, as Andrei suggested. Let the KCC create
the connections.

The subnet objects must be set properly. Also, DNS is important for AD
functionality. Make sure all machines onlyuse the internal DNS and not
an ISP's DNS anywhere in IP properties or anywhere else other than as a
forwarder.

The one hub and one sat site would have probably two connections. One
between the bridghead in the hub connected tothe bridghead in the remote
site, one one for the bridgehead in the remote site connecting to the
bridghead in the hub. As Andrei also said, should only have a minimal
amount of connections. Site Bridge links are like shortcut links between
sites in a linear design, such as Site A to SiteB to SiteC. You can
create a shortcut between C and A by bridging them. But you should have
115.

Here's an example. The whole North American section has an MPLS network with
two 9mb connections from the main HUB site. All SAT sites have a full T1
connection to that MPLS cloud.

This one site has one GC (no other GC or DC's) and has one site link pointing
back to that main HUB site. It's primary DNS is set to itself and the
secondary is set back to a GC in the HUB site. WINS points back to the HUB
site period. Now with that said there are still over 100 NTDS connections to
servers throughout the world on that server in the SAT site. They were "Auto
created" which means KCC is creating connections that should not be there.
The correct 2 subnets are assisgned to this SAT along with the subnets in the
HUB site. But the HUB site has over 100 subnets assigned to it.

This isn't the only SAT site that has this problem. There are actually many
of them.

At that point wouldn't you think that the "Auto site link bridging" could
cause this problem? But, why would a small SAT site GC create over 145
connections so servers all over the world into 5 other domains when there is
only 1 site link with the proper costs assisgned.

To another point, I was browsing the event logs on the noted SAT site (above)
and there are MANY NTDS KCC warnings (1265) staing "The RPC server in
unavailable" but these are only to all the servers that we wouldn't want a
connection created to begin with.

In the end should all of these sites be manually checked and manually delete
all connections that are not going to the site which it is linked to?

If you can post or send me a Viso of your layout, along with the names
of
all your DCs and their ipconfig /alls, I can help to diagnose and
optimize it. Also send me a snapshot of Sites and Services with your
Sites and IP Subnet objects expanded. Send it to my email address. It's
my firstnamelastname(no spaces or periods)@hotmail.com.

I will contact you as you asked but I will not be able to supply all
ipoconfig's because there are literllay over 150 DC/GC's on the entire
network.

I also like to keep some conversation on the group so it can be archived for
other's purposes in the future. Gotta love google's archiving!

 

[Andrei Ungureanu [MVP]]

just do a simple test with one SAT site. Delete all the unnecessary
connections and force KCC to run again.

--
Regards,
Andrei Ungureanu
www.eventid.net
Test our new EventReader!
http://www.altairtech.ca/eventreader/default2.asp?ref=au

 

[SWalters]

just do a simple test with one SAT site. Delete all the unnecessary
connections and force KCC to run again.

Sorry if this is igonrance but I thought if you manually delete/create
connections then KCC will not recreate said connections? This would be by
design so you can manipulate ISTG without fighting or disabling it...?

Please do keep in mind that at this point, as a consultant, I am not making
changes but have to give recommendations. I will "probably" be helping with
said changes when the time comes.

The problem is when I give recommendations to delete all of these unwanted
connections they will want to know, very technically mind you, the reasons
why they were there to begin with.

Thanks again,

 

[Andrei Ungureanu [MVP]]

if you delete the connections, at the next run the KCC will create the
connections objects again; and if the config is ok it will create only the
necessary objects.
The "bridge all site links" is still a mistery for me (as I never use it)
but here is something for you:
http://www.microsoft.com/technet/security/prodtech/windows2000/w2kccadm/adsites/w2kadm38.mspx

--
Regards,
Andrei Ungureanu
www.eventid.net
Test our new EventReader!
http://www.altairtech.ca/eventreader/default2.asp?ref=au

 

[SWalters]

if you delete the connections, at the next run the KCC will create the
connections objects again; and if the config is ok it will create only
the necessary objects.
The "bridge all site links" is still a mistery for me (as I never use
it) but here is something for you:
http://www.microsoft.com/technet/security/prodtech/windows2000/w2kccadm/a
dsites/w2kadm38.mspx

Thanks for the link. See one of my problems is I have no clue why KCC created
so many connections for some of these sites when they only have one site
link. This would normally mean KCC should only create a link between the
bridgehead of the two sites and no others...meaning one connection or maybe
one per DC/GC. My thought was that the auto bridging might be the issue here
although the network IS fully routable so Microsoft claims it is fine being
"on".

How else would KCC create 146 connections between a SAT site with one GC and
a HUB site with 2 GC/DC's? Apparently these servers were never installed in
another site then shipped otherwise it would make sense to have a few more
connections but again, not 146!

Thanks again,

 

[Ace Fekay [MVP]]

In

Thanks for the link. See one of my problems is I have no clue why KCC
created so many connections for some of these sites when they only
have one site link. This would normally mean KCC should only create a
link between the bridgehead of the two sites and no others...meaning
one connection or maybe one per DC/GC. My thought was that the auto
bridging might be the issue here although the network IS fully
routable so Microsoft claims it is fine being "on".

How else would KCC create 146 connections between a SAT site with one
GC and a HUB site with 2 GC/DC's? Apparently these servers were never
installed in another site then shipped otherwise it would make sense
to have a few more connections but again, not 146!

Thanks again,

THe only thing I can think of is the subnet objects may not be totally
correct as defined per site. So when the KCC runs, it sees a server in it's
own location which is actually not defined part of the site because the IP
subnet may not be associated to the site, therefore it thinks it's a
bridgehead in the default-site-name.

ALso in a case where if you simply have three sites, SiteA--SiteB--SiteC, I
can possibly also see the bridges can be causing the KCC to create a
connection object the bridgehead in SiteA to SiteC to provide a transitive
connection. But not the number of connections you've described.

ANd getting back to your previous statement:
"I also was thinking this problem could be stemming from the
"Bridge all site links" option being utilized."

If ALL sites are bridged, then it is no longer a hub and spoke design, but
rather a mesh, therefore I can see possiby why the KCC is doing that. Use
the GUI version of replmon from the Windows 2000 Support Tools (on the
CDROM). Look at the connection objects to get a better visual of what's
happening. YOu can also download a 30 day trial of Spotlight on Active
DIrectory from NetIQ (www.netiq.com) to look at it, which does a better job.

And no problem about keeping it in the groups. I would rather do that
anyway. Many have sent me stuff that they would rather not post due to their
own security concerns.

Ace

 

[Ace Fekay [MVP]]

In SWalters <[email protected]> stated, which I commented on below:

Oops. forgot to mention, if you delete the connection objects, the KCC will
recreate them without problems, that is if there are no other underlying
issues. What Andrei suggested to delete the connections and either let the
KCC recreate them at it's next cycle or manually re-create them (rt-click
NTDS, choose 'check replication'). If they don't get created, then we know
there is something else going on. Maybe the total mesh can cause of enough
latency that AD's FRS will have diffuclty constructing the proper objects.
In situations such as the number of DCs in this scenario, it would be
prudent to have a more defined design instead of the mesh, whcih is what I'm
starting to think may be what's going on based on all sites being bridged.

Ace

 

[Andrei Ungureanu [MVP]]

Spotlight on Acive Directory is a product of Quest
(http://www.quest.com/solutions/allproducts--atoz.asp).

--
Regards,
Andrei Ungureanu
www.eventid.net
Test our new EventReader!
http://www.altairtech.ca/eventreader/default2.asp?ref=au

 

[SWalters]

THe only thing I can think of is the subnet objects may not be totally
correct as defined per site. So when the KCC runs, it sees a server in
it's own location which is actually not defined part of the site because
the IP subnet may not be associated to the site, therefore it thinks
it's a bridgehead in the default-site-name.

As far as I can tell the subnets are correct. However that is something
the client will have to confirm. My Visio diagram shows all subnets
assigned to all sites. There is also no "Default-Site-Link" there so it
must have been deleted when all the custom site links were created.

ALso in a case where if you simply have three sites,
SiteA--SiteB--SiteC, I can possibly also see the bridges can be causing
the KCC to create a connection object the bridgehead in SiteA to SiteC
to provide a transitive connection. But not the number of connections
you've described.

ANd getting back to your previous statement:
"I also was thinking this problem could be stemming from the
"Bridge all site links" option being utilized."

If ALL sites are bridged, then it is no longer a hub and spoke design,
but rather a mesh, therefore I can see possiby why the KCC is doing
that. Use the GUI version of replmon from the Windows 2000 Support Tools
(on the CDROM). Look at the connection objects to get a better visual of
what's happening. YOu can also download a 30 day trial of Spotlight on
Active DIrectory from NetIQ (www.netiq.com) to look at it, which does a
better job.

As an FYI, I have been using both of those tools throughout this venture.
Spotlight is a wonderful tool for this type of research.

I really did not think that "Bridge All Site Links" would cause this
problem. The only way a connection would be created to another site other
than the one that the site is directly linked to would be if there was an
issue with that linked site. If so it would create a connection to the
next lowest cost site. What I did just find is that they have a domain in
the US and (for example) one in Australia. One US SAT site that has 100+
connections has a site link to a HUB site in the US with a cost of 100.
There is also a site link form that HUB site in US to a HUB site in
Australia with a cost of 10! All other US SAT sites also have a 100 cost
site link to that same US HUB. But because there is a cost of 10 assisgned
to that US to Australia site link those SAT sites would create a link to
Australia if there was an issue with the link between the US SAT and US
HUB site. I hope that wasn't confusing. If it was not...it still doesn't
tell me why that connection (from the US SAT to the Aust HUB) wasn't
deleted by KCC when the latency was fine to the US HUB.

 

[SWalters]

What I did just find is that they have a domain in
the US and (for example) one in Australia. One US SAT site that has 100+
connections has a site link to a HUB site in the US with a cost of 100.
There is also a site link form that HUB site in US to a HUB site in
Australia with a cost of 10! All other US SAT sites also have a 100 cost
site link to that same US HUB. But because there is a cost of 10 assisgned
to that US to Australia site link those SAT sites would create a link to
Australia if there was an issue with the link between the US SAT and US
HUB site. I hope that wasn't confusing. If it was not...it still doesn't
tell me why that connection (from the US SAT to the Aust HUB) wasn't
deleted by KCC when the latency was fine to the US HUB.

After all that...I went back to Sites and Services and could not find that
"Cost 10" link between US and Australia. Unless someone just deleted
it...forget I wrote all that.

Well, let's say that did happen. Since all sites are bridged it would have
did exactly what I said...correct?

 

[Ace Fekay [MVP]]

In

Spotlight on Acive Directory is a product of Quest
(http://www.quest.com/solutions/allproducts--atoz.asp).

Oops. Thanks for the clarification. I must have been thinking of NetIQ's
other AD tools.

 

[Ace Fekay [MVP]]

In

After all that...I went back to Sites and Services and could not find
that "Cost 10" link between US and Australia. Unless someone just
deleted it...forget I wrote all that.

Well, let's say that did happen. Since all sites are bridged it would
have did exactly what I said...correct?

I'm not sure at this point. By creating a bridged site link, you are telling
the KCC that it needs to create a link between the endponts of the bridge,
besides the links that already exist for the basic links. 100's of
connections still highly seem unlikely for that. As for the costs, the lower
just says to use it first before the others. That should dictate the KCC to
decide whether to create a link or not. But from what I understand of your
scenario the way it is highly meshed, is the only thing I can think of at
this time for the numerous links the KCC is creating, that is if your subnet
objects are properly setup, which it sounds like it is from what you;re
saying. If you have a Hub here and one in AU, and there are other sites here
on this hub, and there in AU on their hub, and you tell it to bridge
"everything", well then each site will be interconnected with all others and
the KCC is just obliging the request. Does that make sense?

Ace

 

[SWalters]

I'm not sure at this point. By creating a bridged site link, you are
telling the KCC that it needs to create a link between the endponts of
the bridge, besides the links that already exist for the basic links.
100's of connections still highly seem unlikely for that. As for the
costs, the lower just says to use it first before the others. That
should dictate the KCC to decide whether to create a link or not. But
from what I understand of your scenario the way it is highly meshed, is
the only thing I can think of at this time for the numerous links the
KCC is creating, that is if your subnet objects are properly setup,
which it sounds like it is from what you;re saying. If you have a Hub
here and one in AU, and there are other sites here on this hub, and
there in AU on their hub, and you tell it to bridge "everything", well
then each site will be interconnected with all others and the KCC is
just obliging the request. Does that make sense?

Sorry for the delayed reply...

OK I found something today. Within all of the subnets assisgned to sites
there was a full Class B (/16) assisgned to the primary site which ALSO
has numerous Class A subnets assigned to it in which those Class A
addresses are within the same range of the /16. Now at this point it would
be no big deal and I would think all of the Class A's (/24's) were not
needed because the /16 fell within the range. But there are also other
sites that have a /24 assigned but fall within range of the /16. Example
below...

HUB A example of subnets assigned
167.126.0.0/16
167.126.100.0/24
167.126.101.0/24

Site B
167.126.240.0/24 is the only subnet assigned.


There was an article claiming that this would still be OK because the
workstations would use the subnet with the longest bit mask which would be
167.126.240.0/24. But is the /16 needed or could this cause any other
issues including what I orginially posted?

As for the AU site or any other site which may be across a slow (or
unreliable) link which would be any site across seas (for the most part)
the auto bridging sill shouldn't matter as long as any link created
between the two countries is set to a higher number. There should never be
a connection created because the total cost would be much higher than any
other link within their own country.

Thanks again,

 

[Ace Fekay [MVP]]

In

Sorry for the delayed reply...

OK I found something today. Within all of the subnets assisgned to
sites there was a full Class B (/16) assisgned to the primary site
which ALSO has numerous Class A subnets assigned to it in which those
Class A addresses are within the same range of the /16. Now at this
point it would be no big deal and I would think all of the Class A's
(/24's) were not needed because the /16 fell within the range. But
there are also other sites that have a /24 assigned but fall within
range of the /16. Example below...

HUB A example of subnets assigned
167.126.0.0/16
167.126.100.0/24
167.126.101.0/24

Site B
167.126.240.0/24 is the only subnet assigned.


There was an article claiming that this would still be OK because the
workstations would use the subnet with the longest bit mask which
would be 167.126.240.0/24. But is the /16 needed or could this cause
any other issues including what I orginially posted?

As for the AU site or any other site which may be across a slow (or
unreliable) link which would be any site across seas (for the most
part) the auto bridging sill shouldn't matter as long as any link
created between the two countries is set to a higher number. There
should never be a connection created because the total cost would be
much higher than any other link within their own country.

Thanks again,

I apologize about my delay as well. I'm not sure what to tell you at this
point. I have not seen this overlap in any network TCP/IP addressing scheme
when it comes to multiple subnets. If the article states that AD Sites will
use the longest mask, then I would imagine it is translating it into a 24bit
mask, from what you've shown. As for costs, the bridges combine the costs of
the links that are being bridged. I would imagine the KCC will still create
the links based on the individual links as well as to accomodate the bridged
'mesh' links.

Sorry if I'm not helpful. It seems like a little cleaning up may be in
order, unless of course, the problem is elsewhere.

Ace