Re: Switching ISPs


<BunsOfSt33l@xxxxxxxxx> wrote in message
news:1141056883.655838.238580@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I am hoping someone can critique this.

I am in the process of switching ISPs, as one of them has lots of
outage issues.

I have a 2620 router with 2 T1 WICS in it.

The original address range is a.a.a.a, the new range is b.b.b.b

I have the 2nd T1 up and the appropriate address assigned to it's
serial interface.

All of the servers on my network have secondary addresses bound to them
(b.b.b.x)

Is it realistic to think that if I bind a secondary address to my
cisco's ethernet this will allow the packets to traverse back out the
interface they came in on?

This is invalid assumption. In fact it doesn't really matter at all what IP
address LAN interface of your router has. Systems are required by standards
to reply from the same address on which they received request, but decision
which route to take for outgoing traffic will be based exclusively on
destination address of a packet unless you create policy-based routing. That
means if you server received request on new address it must (and will) set
source of response packets to that address, but your router will forward
packets over a link where route for destination is pointing to. If you need
to marshal traffic based on the source address of packets, have a look at
http://www.cisco.com/en/US/products/ps6599/products_white_paper09186a00800a4409.shtml.

On the other hand, you might actually route all your traffic over new ISP as
long as they don't enforce policy that your traffic must be sourced from
your addresses. . You'll get asymetric routing (i.e. traffic towards old
addresses will come over old link but leave over new one), but it will work
if your new ISP doesn't filter on the source of the packets or don't use RPF
check. If they do enforce such policy, your managers should be able to
convience new ISP to allow this temporarily for gracefull switch-over
period. If this fails, you will have to either switch quickly or resort to
policy-based routing.

Or conversely, if there is no egress filterin on the a.a.a.a ISP, the
packets should be fine?

Egress filters of your old ISP don't really affect traffic towards new
addresses as it won't come that way in any case.

Kind regards,
iLya


.

Relevant Pages

  • Re: port 80 is open
    ... Suppose I have a firewall installed that has been told to drop any traffic not initiated from the LAN side. ... For all packets dropped by my firewall you say that my ISP's router will send back to ... If I contact the ISP host from which the port scans are coming about the port scans and that ISP puts a temporary/permanent block on my IP address ...
    (comp.security.firewalls)
  • Re: SNMP Scans 02/17/02
    ... Every router knows ... > ISP, you should let everyone know where attacks come from. ... filtering in the SANS ddos document, it's mentioned in the SANS Top10, ... *RFC1918* packets that come out of customer sites (or quit numbering ...
    (Incidents)
  • Re: Can not ping my Router
    ... CEO without conforming with me has asked our ISP to upgrade our Internet ... "Phillip Windell" wrote: ... someone has configured your router (or a router in the path from "outside" ... to your router) to block ICMP packets, so it is no longer responding to ...
    (microsoft.public.windows.server.networking)
  • Re: port 0 not stealth
    ... and the less likely they are to just move to the next host. ... the next host in line faster than dropping packets. ... if the ISP configures the router that way. ...
    (comp.security.firewalls)
  • Re: OT: Eternal-September down!
    ... Switching off the router disconnects you from your ISP. ...
    (uk.media.tv.misc)