Typically a server has one network interface with one IP on it. Especially in virtualized environments. However in certain scenario’s, like web servers, multiple IP’s can be bound to one network interface. When configuring firewalls external to the host, e.g. a hardware device shielding the server segment from other segments, people often wonder what address the server is going to use for outgoing traffic. People tend to think that the first address on the adapter is the one that is used for all outgoing traffic. Perhaps that was true for some earlier versions for Windows, but it seems that somewhere in time this has shifted:
It seems that the server verifies which address has the longest matching prefix with the gateway configured on the adapter.
You can read the details here: http://blogs.technet.com/b/networking/archive/2009/04/25/source-ip-address-selection-on-a-multi-homed-windows-computer.aspx
The example the blog uses:
There’s a server with address 192.168.1.14 and 192.168.1.68 (gateway: 192.168.1.127). The server will use the 192.168.1.68 address because it has the longest matching prefix. To see this more clearly, consider the IP addresses in binary:
- 11000000 10101000 00000001 00001110 = 192.168.1.14 (Bits matching the gateway = 25)
- 11000000 10101000 00000001 01000100 = 192.168.1.68 (Bits matching the gateway = 26)
- 11000000 10101000 00000001 01111111 = 192.168.1.127
The 192.168.1.68 address has more matching high order bits with the gateway address 192.168.1.127. Therefore, it is used for off-link communication.
In the above example you could force the 192.168.1.14 address by using the SkipAsSource parameter you can pass along with netsh. In order to use SkipAsSource we have to add additional address from the command line:
- Netsh int ipv4 add address <Interface Name> <ip address> <netmask> skipassource=true
In order to verify this we can execute the following command:
- Netsh int ipv4 show ipaddresses level=verbose