Windows Routing with Multiple Gateways

Long story short, I have a client who is migrating from one ISP (ISP1) to a new ISP (ISP2). They need to migrate over to the new network (ISP2) without interruption of their on-site hosted e-mail server. They do not have a router on-site and each ISP simply provides them with an Ethernet port for Internet Access. The server has been setup with an additional IP address provided from ISP2 and the server will respond to that IP address however the problem is that I need to specify that traffic coming in through ISP1 should leave via ISP1 and traffic coming in through ISP2, leave via ISP2. I think this can be done with dual gateways in Windows' IP configuration but I also think that static routes need to be added. I don't know how to do this. Can someone help please? The goal is to get it listening on both networks until all DNS changes have propagated.

Here are some sample IP addresses for the two networks:

ISP1:
74.26.144.0/27 - Network Address
74.26.144.1/27 - ISP1 Router (added as default gateway)
74.26.144.2/27 - Old E-mail Server Address
...
74.26.144.31/27 - Broadcast Address


ISP2:
66.172.50.0.0/27 - Network Address
66.172.50.1/27 - ISP2 Router (added as default gateway)
66.172.50.2/27 - New E-mail Server Address
...
66.172.50.31/27 - Broadcast Address



darrell_chapmanAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
pwindellConnect With a Mentor Commented:
Your wasting your time.

There is going to be down time.

There is no way that a published service is going to work symmetrically on two networks at the same time.   What you are asking for is a fantasy (sorry, but it's true).  The server is going to send the traffic back through the established path determined by the Default Gateway,...no matter which line it came in on.  That is just the way TCP/IP and IP Routing function.

DNS does not take that long to change over.   When you change the IP#  of the Host Record on the Authoritative DNS for the Public Domain it happens instantly.  The rest is wating for other people's DNS Cache to expire which is typically 30 minutes.  The only time it takes longer is when you change who is the Authoritive DNS for your Public Domain Name.  In that case you might be able to talk to the old Authority and see if they would change your Host Records to the new IP#s  for a few days before they drop your Zone from their machine,...this way if people incorrectly go to the old Authority for resolution they will at least get the correct new IP#.


0
 
ShareefHuddleConnect With a Mentor Commented:
Dual gateways are a bad idea. Windows does not play well with that.

Does this server have two network cards in it or are you behind multiple firewalls?

I don't see any reason to have traffic go out through ISP1's connection anymore. I will tell you this though, if that is your true ip you will want to get a PTR(reverse dns) built for it through your ISP2. Otherwise you will get mail kicked back to you and eventually blacklisted.  
0
 
darrell_chapmanAuthor Commented:
Pointer records will all be setup correctly. I"m not worried about that. The issue is how to keep the server listening on both networks until all DNS changes have been fully propagated. Again, they can have zero downtime. Well, listening is not really the problem as that happens by default. The issue is the gateway. If change the gateway to ISP2's router, the server stops responding to traffic on ISP1. There has to be a way to bind each IP to a specific gateway.

0
Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

 
darrell_chapmanAuthor Commented:
I do have additional network cards on the servers however I was trying to avoid having to use them for this. That might be the best option so far.
0
 
pwindellCommented:
The normal timeout period for SMTP to make contact with a target SMTP Service is 48 hours (2 days) before sending an NDR.  So no email is going to be lost
0
 
darrell_chapmanAuthor Commented:
pwindell, thanks for your routing help. That is an area I'm lacking however I am an expert in DNS.

Although the IETF RFC spec tells you how exactly DNS should behave, my years of experience with DNS tell me otherwise. I know for a fact (through testing) that certain ISP's ignore TTL data and cache records for an unspecified amount of time. This is the reason I was hoping to have both Interfaces running concurrently with my current setup.

I understand how SMTP works. Some servers will continue to try to contact the mail server however some will send an "message delayed" e-mail to the original sender. I need to avoid this so that I'm not hounded will calls from their clients asking why they can't send mail to them. Also this particular client cannot afford to have message delays. Although they understand the limitations of e-mail, they are still using their e-mail as a real-time communication platform.

I guess I'll just have to setup additional interfaces on each server.

Again thanks for your help.
0
 
pwindellConnect With a Mentor Commented:
Although the IETF RFC spec tells you how exactly DNS should behave, my years of experience with DNS tell me otherwise. I know for a fact (through testing) that certain ISP's ignore TTL data and cache records
-----------------------------------------------------

Yes,..people don't always follow the rules,..which creates greif for everyone else.  Sorry to be all Doom & Gloom,...but I'm just being honest with you.
I understand how SMTP works. Some servers will continue to try to contact the mail server however some will send an "message delayed" e-mail to the original sender.
-----------------------------------------------------

Correct.  Ours is that way.
I need to avoid this so that I'm not hounded will calls from their clients asking why they can't send mail to them.
---------------------------------------------

You're going to get hounded.
 Also this particular client cannot afford to have message delays.
-----------------------------------------------

They are going to have to afford it.
 Although they understand the limitations of e-mail, they are still using their e-mail as a real-time communication platform.
-----------------------------------------------

That is their mistake.  Email is not a real-time communication paltform,...no matter how bad they want it to be.

I guess I'll just have to setup additional interfaces on each server.
------------------------------------------------

The return outbound path will still take the single path defined by the Default Gateway. Even if you give it multiple Default Gateways it will still only use the first one, or will use the one on the Nic that is higher in the binding order.  They would receive mail fine,...but sending may trip SPAM filtering systems at the destination because the Source IP# will fail to resolve properly.
I really am sorry I can't give you a more positive prediction.

0
 
pwindellConnect With a Mentor Commented:
You probably are better with DNS than I.  Would it be possible for both the old IP# and the new IP# to reverse-resolve to the same Name?  This would keep the SPAM Filters happy.
 
0
 
oneitnzCommented:
Why don't you just setup another MX record for your domain.

Configure these settings in DNS.
mail.domain.com         74.26.144.2
mail2.domain.com       66.172.50.2
MX  10  mail.domain.com
MX  15  mail2.domain.com

That way if they can't resolve to the first one they will be able to get to the other one.

Set that up first then wait for about 12 hours so every DNS Server has this in their records then switch the gateway over to the Mail 2 IP and there you go, no lost emails.

You can then remove the MX 10 entry and the mail.domain.com entries or just switch the IP's over.

Regards
Brett Smith
One IT - DNS Specialist
0
 
ShareefHuddleCommented:
Wow, I didn't know this was still running.  You can also setup a third party spam solution.  One out there that I used and was good for just this purpose was GFIMax. The best part is that they give a 30 day free trial.

Although Brett probably has the simpleiest answer which should work well

Shareef
0
 
Jeff PerkinsOwnerCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
 
darrell_chapmanAuthor Commented:
Sorry everyone. It was not my intention to abandon this question. I do not think I was getting e-mails from Experts-Exchange. I did get the reply that was added today. Thanks for everyone's assistance.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.