• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1742
  • Last Modified:

Routing in-line or explicit AT&T Anira

Hi,

We have some branches that we need to migrate to a subnet that fits into our corporate WAN address space.

The complication is that these branches already have an existing data centre which is hosting some business critical services.  We cant change all the branches at once because of disruption so we have decided to do the ip address change branch by branch

We have had some suggestions where we could have both address living side by side at the local branch level and any traffic that needed to stay local (to the country) could do so and any that needed to reach the corporate data centres could still do so.

Currently the branches connect via a hub and spoke topology to there local In country data centre via vpn

The plan is to stick an Anira netgate box on there existing circuit at the branches which will allow communication through the anir cloud to the rest of the corporate network (10.0.0.0/8) but during the transitiion we still need to be able to route local traffic to the current class c address



Any suggestions would be really appreciated.
0
Thirst4Knowledge
Asked:
Thirst4Knowledge
  • 5
  • 4
1 Solution
 
ArneLoviusCommented:
some more information on what the existing addresses are and what you want to migrate to would be useful, a diagram would be even better
0
 
Thirst4KnowledgeAuthor Commented:
I have added a diagram.  

I think the biggest points are:

The branches are being done one by one (Moving from 192.168.0.0/24 space to 10.0.0.0/24)

The 192.168.0.0/24 space still hace to be reachable by the branches as this is the Data center range

Would it be allot easier to just change the DC space first and have the both the subnets live inside the Branches.

Bare in mind we are NOT going to use NAT to get round this problem.

Apart from the topology and routing I am looking for suggestions on the order of doing things and approach so that it is as painless as possible.



Netgate-Topology-Options.png
0
 
Thirst4KnowledgeAuthor Commented:
Anyone?
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
harbor235Commented:

Why not configure secondary addressing on DC server nets as well as secondary addressing on the server. Advertise out the new prefix keeping the old prefix active until it can be turned down. Make resources available via both nets until comfortable. It may break some apps that are bound to a specific IP, but as you progress you will become more efficient.

Still proceed in a controlled fashion, one branch or DC at a time.

harbor235 ;}
0
 
Thirst4KnowledgeAuthor Commented:
Dont think we have that option, its a managed DC , could ask I guess
0
 
harbor235Commented:


I have a ton of experience in large DCs, we used to do it all the time. From a network perspective its easy, the real challenge will be the server and applications bound to a specific IP.

Thought I'd give you an option,

harbor235 ;}
0
 
Thirst4KnowledgeAuthor Commented:
Great thanks I will investigate the possiblity
0
 
harbor235Commented:

Process:

1) Add secondaries to the upstream network device
2) Add secondaries to teh servers
3) Add DNS changes for services
4) Inform community to use new services
5) Remove old DNS entries
6) Troubleshoot and mitigate problems
7) Remove old addressing make secondaries permanent

harbor235 ;}
0
 
Thirst4KnowledgeAuthor Commented:
I just need to confirm that the design (choice 2 in the diagram will work as intended)  The local data center will have an anira box also
0
 
harbor235Commented:
Did you implement and did all go well?


harbor235 ;}
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now