IP Aliasing, 2 networks

Hi all,

we are about to change the IPs of our servers. In order to avoid downtime
until the new domain name records are propagated, we plan to provide all
services (web, ftp, mail, dns, several custom services) with both new and
old IP addresses.

Problem is that our old network (it was made of 3 subnets) was connected
through a router. Our new address range is one subnet and therefore doesn't
need the router, but instead directly accesses the ISP gateway.

Our original plan was to give aliases to the server's nics and connect them
to the router AND directly to the ISP (I hope the figure doesn't get
scrambled):


,--------------.
( Internet Cloud )
`--------------´
^ ^
| |
| |
+-------------+ +-------------+
| OLD GATEWAY | | NEW GATEWAY |
+-------------+ +-------------+
| _ |
`-----------( )----´ Provider
___________________|______________________
| Our Network
,----------(_)
| |
+------------+ |
| OLD ROUTER | |
+------------+ |
| |
`----------(_)
/|\
SERVER 1 ---´ | `--- SERVER n
|
SERVER 2


Well, it didn't work, probably because of the server's standard routes? If
we set the standard routes to the new gateway, then the new ip range could
be accessed, and the other way around. What can we do to achieve what we
need?

Thank you for your answers!

Kind regards,
Christoph

On Fri, 7 Nov 2003 21:10:47 +0100, Leland <leland-spamsucks-@gmx.net> wrote:
>Hi all,
>
>we are about to change the IPs of our servers. In order to avoid downtime
>until the new domain name records are propagated, we plan to provide all
>services (web, ftp, mail, dns, several custom services) with both new and
>old IP addresses.
>
>Problem is that our old network (it was made of 3 subnets) was connected
>through a router. Our new address range is one subnet and therefore doesn't
>need the router, but instead directly accesses the ISP gateway.
>
>Our original plan was to give aliases to the server's nics and connect them
>to the router AND directly to the ISP (I hope the figure doesn't get
>scrambled):
>
It's possible to do what you suggest, but the important thing is to make
sure that packets go out of the appropriate gateway according to their
source address.

This can be done with the iproute2 tools.
It's all documented here:
http://www.ssi.bg/~ja/
and:
http://www.ssi.bg/~ja/nano.txt

Hi Joe,

thanks for your answer!

> It's possible to do what you suggest, but the important thing is to make
> sure that packets go out of the appropriate gateway according to their
> source address.

What if I would also route the new IP's through the old router and take it
out afterwards (i.e. after the dns propagation)? This would do what I want,
without the need for source routing, right?

Best regards
Christoph

On Sun, 09 Nov 2003 18:40:46 GMT, Leland <leland-spamsucks-@gmx.net> wrote:
>Hi Joe,
>
>thanks for your answer!
>
>> It's possible to do what you suggest, but the important thing is to make
>> sure that packets go out of the appropriate gateway according to their
>> source address.
>
>What if I would also route the new IP's through the old router and take it
>out afterwards (i.e. after the dns propagation)? This would do what I want,
>without the need for source routing, right?

I'm not sure what you mean here, but if you mean:
What if I route all outgoing packets (irrespective of the SOURCE
IP address) through the old router?

In the above case, it might work BUT:
1. Some ISP's will drop outgoing packets that do not have a source IP
address that matches the ISP's address ranges.
2. Since some incoming packets will come back via the new gateway, you
have a greater chance of failure.