Hosts with same IP co-exist on a LAN

Unanswered Question
Aug 14th, 2009

We had a requirement that to upgrade a server to a new hardware in production environment.

The server's IP cannot be changed due to upstream service constraints. We are not allowed to do "hard" cut-over as well because a lot of configurations can only be done when new server is put online.

I need to bring up the new server with the same IP address on the same switch. Ideally, I need a way to control incoming traffic to be sent to the new server during maintenance window and switch back to the old one when window is over.

I do not want to do it in hard way by switching the cable or disabling switch ports. Is there a way to manipulate or control the ARP table and tell the switch which port to send traffic? That way, two servers with same IP co-exist on the LAN and I can control which one is active by configuring the LAN switch.

We are using Cat6500 on IOS 12.4.x

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Sun, 08/16/2009 - 03:14

Hello Jack,

a L2 switch doesn't care of ARP tables and duplicated ip addresses.

the L3 part of the switch cares.

you can cable the new server put it on a different vlan.

During maintanance window:

you shut the port of the old server

you put in the right vlan the port of new server

you unshut the port of the new server

you need to clear the ARP entry on the L3 device that acts as gateway

clear ip arp x.x.x.x

so that the new MAC address can be learned

at the end of maintanance window:

you shut new server port

you unshut old server port

clear ip arp x.x.x.x

so that MAC address can be learned

this doesn't mean that the two coexist but that can be used in different times.

Hope to help

Giuseppe

jackawang Sun, 08/16/2009 - 08:15

Giuseppe, thanks for your response.

Your solution should work if the server is simply connected to a physical switchport running on a single VLAN. What if the connection is a trunk, server is hosting multiple services running on different IPs across multiple VLANs? I cannot simply put a swithport to a desired VLAN. A real world example is a load balancer device which has VIPs on different VLANs.

Giuseppe Larosa Sun, 08/16/2009 - 11:29

Hello Jack,

the same reasoning can be used ;

the different vlans will be on a l2 trunk or distributed across multiple NICs simply the procedure needs to be performed for each ip address

at the step clear ip arp x.x.x.x

you need to do it for each ip address in each involved vlan

notice that multiple ip addresses can be associated to the same MAC address in different vlans but you need to clear all entries to avoid out of service when doing the switchover.

Hope to help

Giuseppe

sarahr202 Sun, 08/16/2009 - 16:50

Hi Giuseppe.

I was following the discussion between you and Jack which i found quite interesting.

I have few questions based on Jack's statement,quoted below:

"What if the connection is a trunk, server is hosting multiple services running on different IPs across multiple VLANs?"

My understanding is ip address is associated with physical nic of server. But jack mentioned his server is running different applications and each using different ip addresses. How is it possible?

Thanks and have a nice weekend.

Giuseppe Larosa Sun, 08/16/2009 - 20:54

Hello Sarah,

>> My understanding is ip address is associated with physical nic of server. But jack mentioned his server is running different applications and each using different ip addresses. How is it possible?

this is possible and common in our networks the vlan-id is used to multiplex and de-multiplex.

think of a router on a stick with vlan subinterfaces if you look at the cam table from the switch point of view you can see the same MAC address associated with multiple vlans on the same port.

You could use this to detect if the port is a trunk or there is an hub connected to it: if you see multiple mac addresses in the same vlan there is an hub or a non cisco switch: if there are multiple mac addresses in different vlans the port is a trunk.

A CAM entry is made of :

vlan-id, port-id, and MAC address

the ARP table is a different object and that is the place where each ip address is associated with a MAC address but this is not a one-to-one association:

that is to a specific MAC address multiple ip addresses in different vlans can be associated without any problem.

The same happens on a C6500: all SVI interfaces that are the L3 logical interfaces for each vlan shares the same source MAC address and this not a problem.

Modern servers can use also virtual mac addresses to act as a cluster and this makes the real scenario a little more complex.

To give you an idea in our customer network server people is installing servers with up to 14 NICs and with some of them used as trunk ports.

Hope to help

Giuseppe

Actions

This Discussion