Be aware that the DNS RFC says caching nameservers don't have to honor any
TTL less than 2 days. This means realistically you could be looking at 2
days worth of downtime globally. We do these sort of moves on a Friday
evening, and by Monday morning caches are cleared and resolving to the
proper address.
Here's a though, and I'm sure I'm overlooking something:
Bind two IPs to the webserver, the new one and the old one. That way
traffic will come in and go back out for the proper IP, and the PIX will NAT
them back to the original IP. You could use route-maps to direct the
traffic out the correct PIX. I know this worked with no problem for my
Linux box when I cut over to a new ISP when I was multi-homed (no PIXes
involved, just two ISPs and two IPs).
The biggest thing is to test to make sure the box responds with the original
IP address, and not the primary IP. It's not a problem with my lil' Linux
server.
--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
Cisco resources: http://r2cisco.artoo.net/
<[EMAIL PROTECTED]> wrote in message
52D26B7F4FB6D411A34800E018025FA30372CB@MAIL-SK1">news:52D26B7F4FB6D411A34800E018025FA30372CB@MAIL-SK1...
> Sam,
>
> Ultimately you will have to endure some downtime during this move
> (approximately 1 hour)
> This is the solution I came up with: (and have previously used)
> Reduce the TTL on your DNS records to 1 hour. (30 minutes if you're
feeling
> risky) Remember that your primary server will remain off line for at
least
> two days. Remove your primary DNS server and relocate it to your new
> facility. Note your secondary will continue to resolve host names to the
> original IP addresses. Notify the naming authority (ie. network
solutions)
> and inform them of the IP change to your primary name server. While your
> primary DNS server is off line, modify the records on the name server to
> reflect the new IP addresses and increase the TTL on your DNS records back
> to their original setting. Once the IP address change on your primary
name
> server is complete then you're ready to go. Schedule a time when it will
> have the least impact on your website and have a buddy at the old location
> stop DNS services, and at the same time start DNS services at your new
> location. The only time a user might notice the change is if he had a DNS
> record on his recursive server that renewed just before you went to the
> switch over. If you do this at the right time of night hopefully no-one
> will notice.
> I am aware of another solution involving the arrow-point switches, that
> could have a shorter roll-over time, but I have never tried it.
>
> Hope this helps,
> Matthew
>
>
> -----Original Message-----
> From: Sam [mailto:[EMAIL PROTECTED]]
> Sent: Friday, February 16, 2001 2:38 PM
> To: [EMAIL PROTECTED]
> Subject: Scenario we need help with...
>
> We currently have two sites, both with their own PIX firewalls and their
own
> connections to the Internet via separate ISPs. We also have a T1 point to
> point directly connecting both sites. Router A has a default route to PIX
> A. Router B has a default route to Router A. At site A we have a
> production web site on a server. We created a mirror of the web site on a
> new server located at site B. Currently, external DNS resolves our domain
> name to an IP address on the PIX located at site A. We configured the
> static mapping on Site A PIX to point to the new web server at site B.
This
> has allowed us to host our web site at site B, but we are still not
> utilizing our Internet connection at site B for incoming traffic. What we
> would like to do is make DNS changes to direct incoming web traffic to PIX
> B. During the time DNS changes propagate I believe we may receive traffic
> via both PIX firewalls. Once this transition is complete site A will go
> away along with the T1 connection. Any ideas on how we can make this
> transition happen successfully without any interruption to our production
> web site. Any thought would be appreciated.
>
>
> ISP A - Site A PIX - Router A
> / \
> Internet T1 Point to Point
> \ /
> ISP B - Site B PIX - Router B
>
>
> Thanks in advance
> Sam
>
>
> _________________________________
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
