Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2352
Views
0
Helpful
5
Replies

Cluster IP Migration

frederic.lens
Level 1
Level 1

‎09-12-2008 12:46 PM

Hi all,

Haven't found the info in the Knowledge base so here is my problem/question :)
next week I will change the IP addresses of my Ironport appliances. These 2 are in an Ironport Cluster.

What's the best way to do it ? Destroy the cluster and re-create it from scratch or is there another way ?

I thougt I would do it this way :
- Remove the 1st machine from the cluster
- Remove the 2nd machine from the cluster (then they would both work as stand-alone applicances, right ?)
- Change the IP of the first one
- Recreate a cluster on the first one (only with one node)
- Chnage the IP of the second one
- Add the second one to the cluster

Is that the correct way to do it ?
Do I face any risk of loosing the configuration ?

Thanks for your help !
Fred

Labels:
0 Helpful
5 Replies 5

kluu_ironport
Level 2
Level 2

‎09-12-2008 11:41 PM

I went over your steps and they look good. Somethings I would emphasize are:



1. Make sure you do a "removemachine" and not an "administrative disconnect". When you run the "removemachine" command on BOTH systems, it will completely take it out of the cluster. The "administrative disconnect" is like hitting the Pause button with respect to the synching up between the clustered appliances. Changes that you make are queued up and will be implemented once it's off of the admin disconnect.


2. As far as configuration backups, I would do this. Before removing the machines, do a configuration backup on one of the machines. Though you can't directly import this configuration into the appliance, if needed, Customer Support can sift through the clustered configuration backup file and re-assemble it to be useful.

Second, after you remove both machines, perform a configuration backup on both machines individually just to be safe.


3. There's no rush to create a new cluster after you've changed the IP of machine1. Just change the IP on machine1 and verify mail is flowing.

tail mail_logs

Once that checks out, upgrade the IP on machine2. Verify mail flow on machine2.

Then create the cluster and join the 2nd machine to the cluster.
By the way, as a good practice, perform a configuration backup prior to do an AsyncOS upgrade.

Other than that, all your points are fine.


Hi all,

Haven't found the info in the Knowledge base so here is my problem/question :)
next week I will change the IP addresses of my Ironport appliances. These 2 are in an Ironport Cluster.

What's the best way to do it ? Destroy the cluster and re-create it from scratch or is there another way ?

I thougt I would do it this way :
- Remove the 1st machine from the cluster
- Remove the 2nd machine from the cluster (then they would both work as stand-alone applicances, right ?)
- Change the IP of the first one
- Recreate a cluster on the first one (only with one node)
- Chnage the IP of the second one
- Add the second one to the cluster

Is that the correct way to do it ?
Do I face any risk of loosing the configuration ?

Thanks for your help !
Fred

0 Helpful

Donald Nash
Level 3
Level 3

‎09-13-2008 12:29 AM

Our cluster is configured to use host names rather than IP addresses to identify the cluster members. If we make sure we do the DNS properly (lower the TTLs beforehand, etc.), then is all this rigamarole necessary? Shouldn't we be able to disconnect, change the address, reboot the unit, and rejoin the cluster?

0 Helpful

kluu_ironport
Level 2
Level 2

‎09-17-2008 11:35 PM

Networkh,

How did changing of the IP interfaces for your clustered machines go? Did everything go as plan? I'd be interested on how it went.

Kevin

0 Helpful

frederic.lens
Level 1
Level 1

‎09-18-2008 07:57 AM 

Networkh,

How did changing of the IP interfaces for your clustered machines go?  Did everything go as plan?  I'd be interested on how it went.

Kevin


Hi Kevin,

Yes, everything went fine, just as planned !

Just two things I had forgotten : when you start fresh with a new IP address, your senderbase score is "Unknown"... This played some tricks on us, we had to contact one of our customers (using also Ironports :) ) to whitelist us, and we had to contact AOL to request whitelisting.
Apart from that, zero problems :D

Still, I would add to my procedure that it's best to change one machine, gradually send traffic to it (not always feasible, unless you have hardware loadbalancers) to build up a good reputation score, and after a week or so move the second machine.

I took the fast lane and did it all in 2 days 8)

Thanks for the help and regards,
Frederic

0 Helpful

thatbloke_ironport
Level 1
Level 1

‎09-18-2008 01:02 PM

I'm actually going through a similar process at the moment, migrating 4 Ironports from using single IP addresses to 5 Virtual Gateway addresses. This is so we can segregate traffic into different streams. I'm using altsrchost to send mail off to different IPs.

So far the biggest problem is definitely the greylisting and throttling we are experiencing moving to IPs with no / neutral reputation scores (and not everyone uses SBRS as their database either!)

We are moving fairly slowly, monitoring the bounce logs and suspending outbound listeners if a particular host has a large build up of mail.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents