Routing in-line or explicit AT&T Anira

Thirst4Knowledge used Ask the Experts™

We have some branches that we need to migrate to a subnet that fits into our corporate WAN address space.

The complication is that these branches already have an existing data centre which is hosting some business critical services.  We cant change all the branches at once because of disruption so we have decided to do the ip address change branch by branch

We have had some suggestions where we could have both address living side by side at the local branch level and any traffic that needed to stay local (to the country) could do so and any that needed to reach the corporate data centres could still do so.

Currently the branches connect via a hub and spoke topology to there local In country data centre via vpn

The plan is to stick an Anira netgate box on there existing circuit at the branches which will allow communication through the anir cloud to the rest of the corporate network ( but during the transitiion we still need to be able to route local traffic to the current class c address

Any suggestions would be really appreciated.
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
some more information on what the existing addresses are and what you want to migrate to would be useful, a diagram would be even better


I have added a diagram.  

I think the biggest points are:

The branches are being done one by one (Moving from space to

The space still hace to be reachable by the branches as this is the Data center range

Would it be allot easier to just change the DC space first and have the both the subnets live inside the Branches.

Bare in mind we are NOT going to use NAT to get round this problem.

Apart from the topology and routing I am looking for suggestions on the order of doing things and approach so that it is as painless as possible.



Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Why not configure secondary addressing on DC server nets as well as secondary addressing on the server. Advertise out the new prefix keeping the old prefix active until it can be turned down. Make resources available via both nets until comfortable. It may break some apps that are bound to a specific IP, but as you progress you will become more efficient.

Still proceed in a controlled fashion, one branch or DC at a time.

harbor235 ;}


Dont think we have that option, its a managed DC , could ask I guess

I have a ton of experience in large DCs, we used to do it all the time. From a network perspective its easy, the real challenge will be the server and applications bound to a specific IP.

Thought I'd give you an option,

harbor235 ;}


Great thanks I will investigate the possiblity


1) Add secondaries to the upstream network device
2) Add secondaries to teh servers
3) Add DNS changes for services
4) Inform community to use new services
5) Remove old DNS entries
6) Troubleshoot and mitigate problems
7) Remove old addressing make secondaries permanent

harbor235 ;}


I just need to confirm that the design (choice 2 in the diagram will work as intended)  The local data center will have an anira box also
Did you implement and did all go well?

harbor235 ;}

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial