Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




178 posts

Master Geek
+1 received by user: 21

Trusted

Topic # 150457 23-Jul-2014 16:42
Send private message

Hi,

I am in the process of migrating a charity over to UFB Fibre.

The catch is that the charity has its sole MX record currently pointing at the current Voda/Telstra Cable IP address. There is no secondary MX record set, so when the connection is down, emails bounce (or get queued on the sending server).

When considering the best migration strategy, I started wondering if there was any issues running both internet connections live in parallel at once on the same network. Since I have never been in a position to have two live internet connections onsite together, I have no experience of whether this is even feasible or not.

What I was pondering about was:

External IP address 1 --> Cable --> Modem --> Router 1 (gateway 1)

External IP Address 2 --> UFB --> ONT --> Router 2 (gateway 2)

I would envisage setting the routers to be in the same subnet, but on different IP addresses and connect them together on the Lan side via a switch.

The SBS2008 server already acts as the main gateway for all the client computers internally and also handles the DHCP allocations, so DHCP would be off on both routers (as it is now anyway).

What I would envisage would be that incoming requests from the internet (pointed at either of the external IP addresses) would come up whichever connection they were targetted at. Internal traffic heading outwards would be directed at whichever gateway was set in the SBS server (either Gateway 1 or Gateway 2 depending on where we are in the migration process). I am presuming I would also have the correct gateway address set in both routers, so that they are told to send external requests to the main live gateway. (I know you can also do weighted routing rules, but this is where my current knowledge starts gets a bit hazy, but I get the basic concept, just never had to do it, so have no experience)

What I am hoping for is that most traffic heading outwards will use the main gateway chosen at that stage (starts with Gateway1 but gets switched to Gateway 2 once ready for that switchover), but that the other internet connection will also remain "live" and connected so that incoming traffic from the internet is pointed to the other connection and still arrives too (ie no outage of emails or services during DNS propagation etc). I suspect that this would work for internal traffic just fine, as it would pretty much ignore the other connection (and wouldn't even know about it). However, I wasn't sure if say incoming OWA requests from the non-main gateway, would respond back through that same gateway it arrived through, or whether it would always head out the main gateway. It if always used the main gateway, then this would mean that OWA was broken for anyone connecting from home through NAT as the response would come from a different IP address than the request was sent to.

Services onsite include:
VPN connection
Remote Desktop Connections to a server
SBS2008 Exchange Mailboxes
MX receipt of Email from IP address.
SBS2008 OWA


So is this likely to work?

Is it over complicating things?

Is there a simpler way to keep everything smooth in the transition from Cable to UFB Fibre?

(The most simple method I could think of is probably to add the new IP address as the secondary MX record (or as the main record) in advance, then do a hard swap of connections, but the DNS will have already got both IP addresses ready to receive mail, so should just work. I would then have to warn people that remote services using the DNS names would fail during DNS propogation time if they were pointing to the wrong IP)

So, even if I don't connect both at once (and instead do the twin MX records route or another work-around), I am interested to use it as a learning experience anyway, to better understand the implications of routing twin internet connections, and any implications of such a setup.

UFB should be live on 29th July, so I am in the planning stage right now before it arrives.

The final configuration we are aiming for is for everything to be working on just the UFB Fibre connection, having been smoothly migrated over from Cable, with minimal downtime for 30 remote staff, and no lost emails.... and the Vodafone Cable connection disabled and cancelled. It is the smooth hassle free switchover than I am currently working out how to achieve.

Any thoughts in this process would be useful.

Thanks

Mike

Create new topic
8027 posts

Uber Geek
+1 received by user: 387

Trusted
Subscriber

  Reply # 1094372 23-Jul-2014 17:07
Send private message

You probably don't want to hear it but running the MX server(s) in house on a single server on a single connection is bad practice and a horrible single point of failure.

Isn't Office 365 free for Non Profits in NZ? I would look into a hybrid deployment with O365 setup and a local exchange.

http://www.microsoft.com/about/corporatecitizenship/en-us/office365-for-nonprofits/ 

http://technet.microsoft.com/en-us/library/hh852414.aspx 

http://www.microsoftvirtualacademy.com/training-courses/office-guides-exchange-hybrid-deployment-with-office-365 

If you don't want to go the O365 route you at the least you should use an external smart host provider for the MX records.



178 posts

Master Geek
+1 received by user: 21

Trusted

  Reply # 1094401 23-Jul-2014 18:46
Send private message

Ragnor, thanks for the help and suggestions.

I should have mentioned that we are dabbling with Office365, but it will take us a while to migrate... we are still in the 30 day trial stage right now, (so we haven't even got the charity status with Techsoup validated yet). Migrating 30 users remotely (based all over the country), with limited resources at our disposal will take us a while to sort out conceptually... but will be the longer term plan. Getting Fibre set up on site at our small office is one step to improving things and making accessing cloud services possible (both for the smooth upload of the quantity of data we'd want to migrate up to the cloud... and also for ongoing speed of access to the cloud once it is up there!).

I agree that having only one MX record is pretty shaky territory for us right now. It is how I inherited the setup, and is something I'd like to fix.

To be honest last year when we started thinking about migrated to Fibre, I always assumed I'd just solve the single MX record issue by having an off-site secondary MX mail store in already place by the time we migrated. That would of course have made this process much easier without any fear of lost email, but it was a problem I haven't managed to solve yet. My predecessor left notes of how he failed to get it working, and I haven't managed to give it any time recently, but the fibre install date is rolling in fast!

Without derailing my my own thread (by taking it outside Routing and Networking arena), theoretically I'm presuming I could add an extra MX record for Openhost (who currently host our Website), to set them up as backup mail server. I'm presuming that if we did this, we'd need to collect all email (catch-all) to one mailbox on Openhost's platform, (with no spam filtering set there), then setup SBS2008 to collect mails from that Mailbox using a POP3 connector. Is that the basic idea, or should I be considering something different? If I can get that working correctly, it would be awesome, as it would also save us from other outages that periodically happen, so would be a good bit of future protection until we get the cloud stuff configured and working correctly down the line. Anyone know of a good guide to getting a smarthost working as a backup MX for SBS2008?

Or, are you suggesting using Office365 almost as a smarthost, with SBS2008 collecting mails from Office365. I didn't think Office 365 supported a hybrid configuration with SBS2008. (Will read the articles you linked to later tonight - thanks for those links).

Also back to the original question too... Anyone get any thoughts on twin internet connections during changeover (and the pro and cons with trying it)?

Thanks

Mike
 


 
 
 
 


3259 posts

Uber Geek
+1 received by user: 643

Trusted

  Reply # 1094785 24-Jul-2014 11:14
One person supports this post
Send private message

What charity is it?
Step 0) Set your DNS records to a timeout value of 3600 seconds.

Step 1) Set up new internet connection with modem / router mirroring settings.
Eg. Old router was 192.168.1.1 with dhcp issuing 192.168.1.10 to 192.168.1.20
Mirror this in the new modem

EXCEPT make the new one 192.168.1.2 and switch off the dhcp for now. But ensure it is configured when you tick the box to enable it.
Mirror the same port forward rules.

Step 2) Set a second MX record to the new ip address with the new ISP - use a lower priority. Eg. if your existing MX record is priority 10, make your second one 20 - the closer to 0 is higher.

Step 3) Wait 24 hours for your DNS records to propagate

Step 4) At 1am in the morning, swap the LAN ip addresses of the modems, so 192.168.1.1 becomes 192.168.1.2 and vice versa.

 

Enable DHCP in the new modem becoming 192.168.1.1, Disable DHCP in the old modem becoming 192.168.1.2 (If you use dhcp in the modems)

Step 5) Log into your domain control panel and change your "remote.mydomain.org.nz" or whatever the staff use to remotley log in, 'A' records to those of the new public IP address
Remove the original MX entry
After 1 hour, your remote access etc should start working as DNS records propagate. End user modems / computers may need rebooting to flush the DNS records they may have cached.
During this hour, email servers will fail on the primary MX server, so will automatically try the secondary - total incoming email downtime, approx 5 mins.

To be honest, this is something I would do around 8pm - they can handle a few mins of downtime and being a 9-5 organisation, they probably wont have anything important coming in that cant handle a 5 minute queue.




Ray Taylor
Taylor Broadband (rural hawkes bay)
www.ruralkiwi.com

There is no place like localhost
For my general guide to extending your wireless network Click Here




Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Geekzone Live »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.