?
Solved

Windows Routing with Multiple Gateways

Posted on 2010-11-08
14
Medium Priority
?
252 Views
Last Modified: 2013-12-23
Long story short, I have a client who is migrating from one ISP (ISP1) to a new ISP (ISP2). They need to migrate over to the new network (ISP2) without interruption of their on-site hosted e-mail server. They do not have a router on-site and each ISP simply provides them with an Ethernet port for Internet Access. The server has been setup with an additional IP address provided from ISP2 and the server will respond to that IP address however the problem is that I need to specify that traffic coming in through ISP1 should leave via ISP1 and traffic coming in through ISP2, leave via ISP2. I think this can be done with dual gateways in Windows' IP configuration but I also think that static routes need to be added. I don't know how to do this. Can someone help please? The goal is to get it listening on both networks until all DNS changes have propagated.

Here are some sample IP addresses for the two networks:

ISP1:
74.26.144.0/27 - Network Address
74.26.144.1/27 - ISP1 Router (added as default gateway)
74.26.144.2/27 - Old E-mail Server Address
...
74.26.144.31/27 - Broadcast Address


ISP2:
66.172.50.0.0/27 - Network Address
66.172.50.1/27 - ISP2 Router (added as default gateway)
66.172.50.2/27 - New E-mail Server Address
...
66.172.50.31/27 - Broadcast Address



0
Comment
Question by:darrell_chapman
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
  • +2
14 Comments
 
LVL 8

Assisted Solution

by:ShareefHuddle
ShareefHuddle earned 248 total points
ID: 34088943
Dual gateways are a bad idea. Windows does not play well with that.

Does this server have two network cards in it or are you behind multiple firewalls?

I don't see any reason to have traffic go out through ISP1's connection anymore. I will tell you this though, if that is your true ip you will want to get a PTR(reverse dns) built for it through your ISP2. Otherwise you will get mail kicked back to you and eventually blacklisted.  
0
 

Author Comment

by:darrell_chapman
ID: 34093961
Pointer records will all be setup correctly. I"m not worried about that. The issue is how to keep the server listening on both networks until all DNS changes have been fully propagated. Again, they can have zero downtime. Well, listening is not really the problem as that happens by default. The issue is the gateway. If change the gateway to ISP2's router, the server stops responding to traffic on ISP1. There has to be a way to bind each IP to a specific gateway.

0
 

Author Comment

by:darrell_chapman
ID: 34093974
I do have additional network cards on the servers however I was trying to avoid having to use them for this. That might be the best option so far.
0
Get MySQL database support online, now!

At Percona’s web store you can order your MySQL database support needs in minutes. No hassles, no fuss, just pick and click. Pay online with a credit card.

 
LVL 29

Accepted Solution

by:
pwindell earned 752 total points
ID: 34094440
Your wasting your time.

There is going to be down time.

There is no way that a published service is going to work symmetrically on two networks at the same time.   What you are asking for is a fantasy (sorry, but it's true).  The server is going to send the traffic back through the established path determined by the Default Gateway,...no matter which line it came in on.  That is just the way TCP/IP and IP Routing function.

DNS does not take that long to change over.   When you change the IP#  of the Host Record on the Authoritative DNS for the Public Domain it happens instantly.  The rest is wating for other people's DNS Cache to expire which is typically 30 minutes.  The only time it takes longer is when you change who is the Authoritive DNS for your Public Domain Name.  In that case you might be able to talk to the old Authority and see if they would change your Host Records to the new IP#s  for a few days before they drop your Zone from their machine,...this way if people incorrectly go to the old Authority for resolution they will at least get the correct new IP#.


0
 
LVL 29

Expert Comment

by:pwindell
ID: 34094596
The normal timeout period for SMTP to make contact with a target SMTP Service is 48 hours (2 days) before sending an NDR.  So no email is going to be lost
0
 

Author Comment

by:darrell_chapman
ID: 34094924
pwindell, thanks for your routing help. That is an area I'm lacking however I am an expert in DNS.

Although the IETF RFC spec tells you how exactly DNS should behave, my years of experience with DNS tell me otherwise. I know for a fact (through testing) that certain ISP's ignore TTL data and cache records for an unspecified amount of time. This is the reason I was hoping to have both Interfaces running concurrently with my current setup.

I understand how SMTP works. Some servers will continue to try to contact the mail server however some will send an "message delayed" e-mail to the original sender. I need to avoid this so that I'm not hounded will calls from their clients asking why they can't send mail to them. Also this particular client cannot afford to have message delays. Although they understand the limitations of e-mail, they are still using their e-mail as a real-time communication platform.

I guess I'll just have to setup additional interfaces on each server.

Again thanks for your help.
0
 
LVL 29

Assisted Solution

by:pwindell
pwindell earned 752 total points
ID: 34095104
Although the IETF RFC spec tells you how exactly DNS should behave, my years of experience with DNS tell me otherwise. I know for a fact (through testing) that certain ISP's ignore TTL data and cache records
-----------------------------------------------------

Yes,..people don't always follow the rules,..which creates greif for everyone else.  Sorry to be all Doom & Gloom,...but I'm just being honest with you.
I understand how SMTP works. Some servers will continue to try to contact the mail server however some will send an "message delayed" e-mail to the original sender.
-----------------------------------------------------

Correct.  Ours is that way.
I need to avoid this so that I'm not hounded will calls from their clients asking why they can't send mail to them.
---------------------------------------------

You're going to get hounded.
 Also this particular client cannot afford to have message delays.
-----------------------------------------------

They are going to have to afford it.
 Although they understand the limitations of e-mail, they are still using their e-mail as a real-time communication platform.
-----------------------------------------------

That is their mistake.  Email is not a real-time communication paltform,...no matter how bad they want it to be.

I guess I'll just have to setup additional interfaces on each server.
------------------------------------------------

The return outbound path will still take the single path defined by the Default Gateway. Even if you give it multiple Default Gateways it will still only use the first one, or will use the one on the Nic that is higher in the binding order.  They would receive mail fine,...but sending may trip SPAM filtering systems at the destination because the Source IP# will fail to resolve properly.
I really am sorry I can't give you a more positive prediction.

0
 
LVL 29

Assisted Solution

by:pwindell
pwindell earned 752 total points
ID: 34095265
You probably are better with DNS than I.  Would it be possible for both the old IP# and the new IP# to reverse-resolve to the same Name?  This would keep the SPAM Filters happy.
 
0
 
LVL 5

Expert Comment

by:oneitnz
ID: 35590515
Why don't you just setup another MX record for your domain.

Configure these settings in DNS.
mail.domain.com         74.26.144.2
mail2.domain.com       66.172.50.2
MX  10  mail.domain.com
MX  15  mail2.domain.com

That way if they can't resolve to the first one they will be able to get to the other one.

Set that up first then wait for about 12 hours so every DNS Server has this in their records then switch the gateway over to the Mail 2 IP and there you go, no lost emails.

You can then remove the MX 10 entry and the mail.domain.com entries or just switch the IP's over.

Regards
Brett Smith
One IT - DNS Specialist
0
 
LVL 8

Expert Comment

by:ShareefHuddle
ID: 35725098
Wow, I didn't know this was still running.  You can also setup a third party spam solution.  One out there that I used and was good for just this purpose was GFIMax. The best part is that they give a 30 day free trial.

Although Brett probably has the simpleiest answer which should work well

Shareef
0
 
LVL 15

Expert Comment

by:Jeff Perkins
ID: 36895838
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
 

Author Comment

by:darrell_chapman
ID: 36600008
Sorry everyone. It was not my intention to abandon this question. I do not think I was getting e-mails from Experts-Exchange. I did get the reply that was added today. Thanks for everyone's assistance.
0

Featured Post

Enroll in August's Course of the Month

August's CompTIA IT Fundamentals course includes 19 hours of basic computer principle modules and prepares you for the certification exam. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Security is one of the biggest concerns when moving and migrating your data from your on-premise location to the Public Cloud.  Where is your data? Who can access it? Will it be safe from accidental deletion?  All of these questions and more are imp…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question