Migrating to new network not possible in one haul.Gradually?

Unanswered Question
Jun 30th, 2008


My client, a hosting provider, will be migrating their client to a new network. The servers etc will get another public ip-address. Because some clients have quite a few servers I would like to be able to spread the migration period while still be able to direct the users of the clients to the appropriate servers etc. Some in the old network and some in the new network.

A suggestion is made to do this with load balancers.

Is this a good idea and are there other methods?



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
tomredmond Tue, 07/01/2008 - 07:42

If you put the public ip addresses on a firewall and Network Address Translate (NAT) them to internal ip addresses, you can change the internal address at will. You can also set up two sets of public IP addresses on the firewall which are NAT'ted to the same internal IP addresses and when you want to switch to the new addresses you change the DNS entry for that client to point to the new address. This should have the minimum of downtime to your clients

jlaay-diode Tue, 07/01/2008 - 09:57

Hi Tom,

First thanks for your answer. Your answer is correct. The problem however is that the servers don't have a internal (private if that is what you mean) address, but a public address. In the old and new network.



tomredmond Wed, 07/02/2008 - 00:01

My simplest solution would be to dual home the servers, i.e. give them both addresses during the switchover and put secondary addresses on the router interfaces to cope with both networks.

However I would advise putting a firewall in the setup, firstly without NAT, to protect the public facing servers. Once working put the servers on an internal address range and use NAT.

It is quite possible that the router that connects the servers to the internet can perform the NAT'ting and firewall functions already.

jlaay-diode Mon, 07/07/2008 - 09:58

Hi again,

I attached a diagram to explain my 'problem' maybe more clearly.

It concerns a partial move of some servers because the move can't taken place in a single service window.

Users workstation partially connect to an IP-address in stead of a DNS name.



tomredmond Tue, 07/08/2008 - 01:26

Your diagram helps, however the answer I'll give you depends on some assumptions.

1) the clients are on the internet

2) you have control of the routing.

3)you will move the servers before changing the client setup

4) you have some free ip addresses in the range assigned to the servers you wish to move

I would create a temp connection between the routers, a GRE tunnel will do the job (it could be as you indicate on the diagram). Give the connection a neutral ip range i.e. private address subnet you don't use.

The following will need some manipulation of subnets and netmasks.

Assuming subnet in range X is

193.A.B.x then on Y range router on its internal interface put a secondary ip address 193.A.B.y (a more restrictive range) that contains the ip addresses of the servers you are moving but not the ip addresses of those you are leaving behind.

On the X range router put a static route for that smaller subnet pointing at the tunnel. Finally alter the default gateway of the servers you are moving to 193.A.B.y

As the servers are migrated you can alter the subnet masks to compensate. Once the servers have been moved dual home them with their new addresses. When all the clients/DNS have been updated to the new addresses then remove the static routing, tunnels etc.

Remember if your subnets are not contiguous you can have multiple small subnets and multiple static routes.

jlaay-diode Tue, 07/08/2008 - 10:29

Hi Tom,

You're assumptions are correct.

Although I 'll have to check on point 3.

The solution you propose will do the trick.

Thanks for your explanation.



This Discussion