Ask Your Question
0

SMB client changing from one server interface to another

asked 2021-07-20 10:49:50 +0000

Stuart Kendrick gravatar image

updated 2021-07-20 10:53:14 +0000

I'm poring over a number of Windows 10 to SMB Server pcaps and noticing a pattern which looks like this:

  1. Negotiate Protocol
  2. Session Setup
  3. Tree Connect Request Tree: \server\share
  4. Ioctl FSCTL_QUERY_NETWORK_INTERFACE_INFO
  5. ...

It is the 4th step where I want to focus attention.

In the Response to this Ioctl Request, the Server enumerates its interfaces. In my environment, the average SMB Server has a single interface -- the one over which the current SMB is established, and so the Ioctl Response looks like this:

Out Data
- Network Interface, RSS, 1.0 Gbits/s, IPv4:  a.b.c.d

However, some of our SMB Servers have multiple interfaces (typically NAS boxes):

Out Data
- Network Interface, RSS, 1.0 Gbits/s, IPv4:  a.b.c.d
- Network Interface, RSS, 10.0 Gbits/s, IPv4: a.b.e.f

The existing SMB session is traversing the 10Gb interface, as we intend: we call this the 'front-end' interface of the NAS cluster. We use the 1Gb interface for management traffic: syslog, snmp, ntp, ssh/http for admins administering the box.

However, sometimes Clients will read/write files across the 10Gb interface ... and then ... start a second SMB session across the 1Gb interface. We don't want that -- it works, but we don't want client traffic traversing the dedicated management network -- and I'm looking for ways to unbind SMB from these 'mgmt' interfaces.

But in the meantime, I would like to better understand why a Client might choose to do this. Any ideas?

Errata - Typically, our Clients & SMB Servers are settling on the 3.1.1 SMB Dialect, supporting Leasing, Large MTU, Multi-Channel, Persistent Handles

--sk

Stuart Kendrick

edit retag flag offensive close merge delete

3 Answers

Sort by ยป oldest newest most voted
0

answered 2021-07-24 15:28:25 +0000

Eddi gravatar image

You are looking at an SMB feature called multichannel. SMB tries to optimize network traffic by spreading traffic over multiple TCP connections and multiple interfaces.

The Microsoft documentation provides some information on the management of SMB multichannel.

Try the PowerShell cmdlet Get-SmbMultichannelConnection to see, how your systems are configured. You can disable multichannel on the client or on the server side. Try this:

Set-SmbServerConfiguration -EnableMultiChannel $false
Set-SmbClientConfiguration -EnableMultiChannel $false

Good luck

Eddi

edit flag offensive delete link more
0

answered 2021-07-24 15:28:21 +0000

Eddi gravatar image

You are looking at an SMB feature called multichannel. SMB tries to optimize network traffic by spreading traffic over multiple TCP connections and multiple interfaces.

The Microsoft documentation provides some information on the management of SMB multichannel.

Try the PowerShell cmdlet Get-SmbMultichannelConnection to see, how your systems are configured. You can disable multichannel on the client or on the server side. Try this:

Set-SmbServerConfiguration -EnableMultiChannel $false
Set-SmbClientConfiguration -EnableMultiChannel $false

Good luck

Eddi

edit flag offensive delete link more
0

answered 2021-07-23 11:26:11 +0000

Stuart Kendrick gravatar image

OK, turns out that the NAS box supports SMB Multichannel, and I'm seeing it action. I will turn my attention to the NAS box: it has ways to remove the 1G interfaces from the pool of interfaces available for SMB Multichannel to consider

--sk

edit flag offensive delete link more
0

answered 2021-07-21 00:26:22 +0000

BigFatCat gravatar image

Hi, Is the 1G session using different IP addresses? Same IP addresses then that would be network routing or the ARP table update. Clients usually only know IP addresses and MAC addresses. Servers can do load balancing to different routers, They usually leave the intelligent network routing to the routers and firewalls.

Different IP addresses, I would think it is application.

edit flag offensive delete link more

Comments

Different IP addresses (e.g. a.b.c.d for the 10G interface, a.b.c.f for the 1G interface, per my nomenclature above)

Stuart Kendrick gravatar imageStuart Kendrick ( 2021-07-21 11:27:13 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2021-07-20 10:49:50 +0000

Seen: 117 times

Last updated: Jul 24