Switching ISPs

I am hoping someone can critique this.

I am in the process of switching ISPs, as one of them has lots of outage issues.

I have a 2620 router with 2 T1 WICS in it.

The original address range is a.a.a.a, the new range is b.b.b.b

I have the 2nd T1 up and the appropriate address assigned to it's serial interface.

All of the servers on my network have secondary addresses bound to them (b.b.b.x)

Is it realistic to think that if I bind a secondary address to my cisco's ethernet this will allow the packets to traverse back out the interface they came in on?

Or conversely, if there is no egress filterin on the a.a.a.a ISP, the packets should be fine?

Any suggestions?

This is invalid assumption. In fact it doesn't really matter at all what IP address LAN interface of your router has. Systems are required by standards to reply from the same address on which they received request, but decision which route to take for outgoing traffic will be based exclusively on destination address of a packet unless you create policy-based routing. That means if you server received request on new address it must (and will) set source of response packets to that address, but your router will forward packets over a link where route for destination is pointing to. If you need to marshal traffic based on the source address of packets, have a look at

On the other hand, you might actually route all your traffic over new ISP as long as they don't enforce policy that your traffic must be sourced from your addresses. . You'll get asymetric routing (i.e. traffic towards old addresses will come over old link but leave over new one), but it will work if your new ISP doesn't filter on the source of the packets or don't use RPF check. If they do enforce such policy, your managers should be able to convience new ISP to allow this temporarily for gracefull switch-over period. If this fails, you will have to either switch quickly or resort to policy-based routing.

Egress filters of your old ISP don't really affect traffic towards new addresses as it won't come that way in any case.

Kind regards, iLya

Thank you very much for your reply.

I should have clarified a bit further I suppose.

What I am now thinking of doing is updating our DNS records, but there will be a lagtime for the new addresses on the servers to be updated with the new addresses, so in the interim, some traffic will continue to a servers a.a.a.x (old ISP address),.

Thank you for the information on the servers always replying from the address the packet was recieved on. I thought this should be the case, but when there is a microsoft server involved, I am a bit uneasy (some servers are Win2k, others are *NIX boxes)

I think you are right on the convincing the new ISP to temporarily allow the outgoing traffic, this would be something I could quick test as well, and switch back until resolved. Then move on to the DNS updating.

Thanks again,

Thank you very much for your reply.

I should have clarified a bit further I suppose.

What I am now thinking of doing is updating our DNS records, but there will be a lagtime for the new addresses on the servers to be updated with the new addresses, so in the interim, some traffic will continue to a servers a.a.a.x (old ISP address),.

Thank you for the information on the servers always replying from the address the packet was recieved on. I thought this should be the case, but when there is a microsoft server involved, I am a bit uneasy (some servers are Win2k, others are *NIX boxes)

I think you are right on the convincing the new ISP to temporarily allow the outgoing traffic, this would be something I could quick test as well, and switch back until resolved. Then move on to the DNS updating.

Thanks again,

The traditional approach to doing this is to drop the TTL as you get closer to your scheduled cutover.

Hi how about using NAT. this way you will have two simutaniously working IPs for the same server: old ip which has DNS pointed to, and new IP. After DNS change, you still need to wait x amount of time so it propogates around the globe. then you just delete NAT and enjoy.

Roman Nakhmanson

Suppose TTL of your DNS zone is 24h (common), then no later than 24 hours before switching provider set TTL to 5 minutes. One day later when you perform changes in DNS there will be only 5 minutes of outage if your new provider doesn't allow traffic _from_ old addresses.

Windoze uses BSD stack, and works fairly reliable. And if in doubts this should be easy to test just on your own LAN - put a PC that has only new address and try connecting to a server with two addresses.

Kind regards, iLya