Windows 7 sending all packets to one nic

Question

I have windows 7 with two nics, one default gateway set on nic1, and no default gateway on nic2. Nics are on different subnets. Nic1 is on 192.168.1.0/24 subnet, and nic2 is on 10.60.194.0/28 network. When I ping 10.60.194.1 router, packets are sent on 192.168.1.0/24 subnet! How can this be? This is the routing table:

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.3    266
      10.60.194.0  255.255.255.240         On-link       10.60.194.3    276
      10.60.194.3  255.255.255.255         On-link       10.60.194.3    276
     10.60.194.15  255.255.255.255         On-link       10.60.194.3    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      169.254.0.0      255.255.0.0         On-link       192.168.1.3     30
  169.254.255.255  255.255.255.255         On-link       192.168.1.3    266
      192.168.1.0    255.255.255.0         On-link       192.168.1.3    266
      192.168.1.3  255.255.255.255         On-link       192.168.1.3    266
    192.168.1.255  255.255.255.255         On-link       192.168.1.3    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       10.60.194.3    276
        224.0.0.0        240.0.0.0         On-link       192.168.1.3    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       10.60.194.3    276
  255.255.255.255  255.255.255.255         On-link       192.168.1.3    266
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.1.1  Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

C:\Users\zdravke>ipconfig

Windows IP Configuration


Ethernet adapter internet:

   Connection-specific DNS Suffix  . :
   IPv4 Address. . . . . . . . . . . : 192.168.1.3
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1

Ethernet adapter cisco:

   Connection-specific DNS Suffix  . :
   IPv4 Address. . . . . . . . . . . : 10.60.194.3
   Subnet Mask . . . . . . . . . . . : 255.255.255.240
   Default Gateway . . . . . . . . . :

C:\Users\zdravke>tracert 10.60.194.1

Tracing route to 10.60.194.1 over a maximum of 30 hops

  1    <1 ms    <1 ms    <1 ms  192.168.1.1
  2    10 ms    10 ms     9 ms  1.96-66-87.adsl-dyn.isp.belgacom.be [87.66.96.1]

Wireshark is confirming above - when pinging 10.60.194.1, all icmp packets are sent on nic1 which is on 192.168.1.0 subnet!

I tried so far: 1) netsh tcp ip reset 2) removed and reinstalled both adapters 3) updated nic drivers to latest.

Is there a reason why you don't have a default gateway set on nic2? — Sašo, May 26 '15 at 14:55

score 1 · Answer 1 · answered Jun 22 '15 at 06:40

I solved this issue myself. Cisco network was requiring 802.1x port authentication, so even though other PCs were able to ping Cisco net before authentication, for some reason this PC was not. It could not even resolve with the Cisco net gateway with arp. I even tried setting static arp value in win7, but icmp ping was still failing. The problem was occurring with single nic installed in win as well. At first I thought 802.1x authentication was failing because of lack of IP connectivity to port, but it turned out to be the opposite.

Once I fixed 802.1x port authentication, arp started working, ip connectivity was restored on Cisco nic and win7 stopped sending packets to other nic.

This seems like a bug in win7 or a problem in my installation, as it should not send packets to nic1 regardless of 802.1x authentication outcome on nic2.

score 0 · Answer 2 · answered May 26 '15 at 18:15

0

I've a server with similar configuration, but the metric numbers are different - both NICs have the same metric value.

From your routing table I assume the your 10.60.194.3 interface has a 266 metric (not sure if this is the default for a secondary NIC).
Changing the metric, as demonstrated here, to 256 should solve this.

answered May 26 '15 at 18:15

EliadTech

1,230
9
14

It still does not work. I have set the NIC2 to the lowest possible value allowed, and it's showing as 257 which is lower than NIC1, and still the traffic for NIC2 network goes over NIC1. – zdravke May 27 '15 at 15:47

score -1 · Answer 3 · answered May 31 '15 at 02:36

-1

The default gateway has the lowest metric (gateway: 192.168.1.1, interface: 192.168.1.3, metric: 266). Using the following static route will properly configure traffic for the other NIC. The "-p" switch will keep the route after a reboot and you can set the metric to whatever you'd like.

route -p ADD 10.60.194.0 MASK 255.255.255.240 10.60.194.1 METRIC 1

answered May 31 '15 at 02:36

user2320464

759
5
14

Does Windows really prefer a less-specific route just because it has a lower metric? That strikes me as a really odd thing to do. (And several sources I checked say otherwise.) – David Schwartz May 31 '15 at 02:53
@David Schwartz, don't routers make decisions based on the lowest metric? Whether its an OSPF metric or something more basic. – user2320464 May 31 '15 at 02:58
Yes, that's the tiebreaker. But there's no tie here, one route is more specific. Preferring a less-specific route would be a very odd thing to do, and preferring a default route over a non-default route would be even odder. – David Schwartz May 31 '15 at 03:10
[The list of matching routes is compiled. The route that has the longest match (the route that matched the most amount of bits with the destination IP address) is chosen. The longest matching route is the most specific route to the destination IP address. If multiple entries with the longest match are found ... the router uses the lowest metric to select the best route. If multiple entries exist that are the longest match and the lowest metric, the router is free to choose which routing table entry to use.](https://technet.microsoft.com/en-us/library/cc958823.aspx) – David Schwartz May 31 '15 at 03:14
I wish we stop looking at metrics because it's not what is in play here, and they are all default values set by windows. If packet is destined for subnet 10.60.194.0/28, then it should be sent to a NIC that is on that subnet, regardless of the metric. Windows is simply not routing based on it's own routing table. There is something wrong with windows routing and I don't know how to fix it, short of reinstalling the whole damn os. – zdravke Jun 01 '15 at 07:05
"*If packet is destined for subnet 10.60.194.0/28, then it should be sent to a NIC that is on that subnet, regardless of the metric.*" Well, that's not true. If, for example, there is a more specific route for every part of that subnet, then it won't be sent to a NIC that is not that subnet. But you are right that metrics aren't you have a unique longest-matching route. – David Schwartz Jun 01 '15 at 17:02
If adding a static route doesn't resolve the issue, then you may want to reset tcpip (https://support.microsoft.com/en-us/kb/299357) and/or install the latest driver from your nic manufacturer. – user2320464 Jun 01 '15 at 17:35

Windows 7 sending all packets to one nic

3 Answers3