Solved: IP address restructuring

Vishnu Reddy · ‎04-20-2015

Hello,

I am a part of the project which involves restructuring IP address for the entire company as this will lessen the issues we are currently facing. No summarization, harpazard ip addressing scheme, complicated access-list and difficult to identify the location based on the IP address. We have 15 locations including datacenter and campus. I am following this new scheme "<IP Address>:= "10. <Location>”.”<Purpose/VLAN###> "." <Node>" were location identifies the 2nd octet, purpose identifies the 3rd octet etc.

Now the challenges are that we have to execute this in the existing production network.

I have steps outlined below:
•Step 1: Create New Vlans for the New Private Ranges (No Overlaps)
•Step 2: Create the new DHCP pools for the New IP Ranges
•Step 3: Assign the same type of permissions to those Vlans (NAT, ACL, FIREWALL, ETC)
•Step 4: Make Sure Inter VLAN routing is enabled and you can route between the new and the old VLANS
•Step 5: Start Migrating Switch Ports from the OLD Vlans to the NEW ones (Clients should get New IPs as soon as you renew it and have the same permissions while still maintaining contact with the Non-migrated Ports)

Have anyone of you experienced with this kind of migration and what obstacles have you guys faced when implementing similar project.

Since this involves mutiple subnets and vlans that needs to be changed to new one this is going to be phased project with one site and then follow on with the next site.

What are the gotchas I should be looking around so that I can acheive the smooth transition without having much of a downtime. Infact there will be downtime but will try to keep it to the minimum.

Appreciate your responses, ideas, suggestions...

Thanks,

Jon Marshall · ‎04-21-2015

You have a good plan outlined.

The two main things you don't mention -

1) hardcoded IP addresses. If you are very lucky all clients etc. will be using DNS to resolve the hostname to IP address for all applications.

But even now there can still be legacy type apps that have a hardcoded IP address of a server within the client software and this will obviously break when you readdress the server.

You may be fine but you need to understand exactly how all your applications work in terms of IP addresses because it is not a good feeling when suddenly an application stops working and more often than not it turns out to be one of the most important ones :-)

2) DNS - when you readdress servers etc. the clients will have a DNS record for the old server IP so be aware you may need to clear DNS caches.

What you can do temporarily when you are looking to migrate the servers is lower the TTL for the DNS record s the clients do not keep it in their cache or readdress servers after main working hours and as long as the entry has been removed from the cache by the next morning you should be fine.

The above are the main ones but you also don't mention if you are going to be using the same DHCP servers for the new subnets. If you are then when you come to readdress the DHCP server(s) don't forget about the "ip helper-address .." commands under the SVIs.

It's not as hard as it seems at first because with clients using DHCP a lot of it can be done with relatively little disruption but there are always a few things that catch you out.

Jon

View solution in original post

Joseph W. Doherty · ‎04-21-2015

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

As Jon has already noted, hard coded (host) IP addressed can be an issue. What can sometimes assist in such migrations is having multiple gateway IPs (old and new) on same VLAN. Then, hosts can work using either old or new IP. Also, when dealing with hard coded hosts, verify they really, really still need to be hard coded. Sometime they don't, and if they don't, why setup yourself up for needing to re-IP the host again, sometime in the future. If you have dynamic DNS, even some servers can be converted to use DHCP.

View solution in original post

Jon Marshall · ‎04-21-2015

You have a good plan outlined.

The two main things you don't mention -

1) hardcoded IP addresses. If you are very lucky all clients etc. will be using DNS to resolve the hostname to IP address for all applications.

But even now there can still be legacy type apps that have a hardcoded IP address of a server within the client software and this will obviously break when you readdress the server.

You may be fine but you need to understand exactly how all your applications work in terms of IP addresses because it is not a good feeling when suddenly an application stops working and more often than not it turns out to be one of the most important ones :-)

2) DNS - when you readdress servers etc. the clients will have a DNS record for the old server IP so be aware you may need to clear DNS caches.

What you can do temporarily when you are looking to migrate the servers is lower the TTL for the DNS record s the clients do not keep it in their cache or readdress servers after main working hours and as long as the entry has been removed from the cache by the next morning you should be fine.

The above are the main ones but you also don't mention if you are going to be using the same DHCP servers for the new subnets. If you are then when you come to readdress the DHCP server(s) don't forget about the "ip helper-address .." commands under the SVIs.

It's not as hard as it seems at first because with clients using DHCP a lot of it can be done with relatively little disruption but there are always a few things that catch you out.

Jon

Vishnu Reddy · ‎04-22-2015

Thanks for providing the valuable information. Will keep these in mind when implementing.

My manager wants me to come up with configuration on the switches and routers with new IP addressing in place without disrupting the existing ones as no one wants the network down. Thats really ugly situation.

I liked the idea what Joseph had mentioned as to create new gateways and keep the existing ones in place so that will make sure it won't break the existing ones.

I mean I have to add the IP helper address to each new vlan created since DHCP server is in seperate VLAN.

Here what i desire to acheive is:(e.g. showing for one VLAN )

1. Create a new vlan for existing vlan in core switch which will do intervlan routing

2. On the interface vlan assign the new IP address for intervlan routing on core switches

3. Assign HSRP group IP address for that VLAN

4, Configure IP helper address for that VLAN

5. Configure trunking for new vlans so these can be reachable to old and newly created vlans.

6. Here's the difficult part switching all the access ports to new VLAN once the above steps 1-5 are completed.

a. I have to make sure that I have to use interface range command to accomodate all the hosts for that new vlan. Make sure that the switchports are in the shutdown mode before configuring the command on the access switches and once done use the no shut command so that all the host will acquire the new address from the DHCP server.

b. For the IP phones there will be new vlans. Let me know if IP Phones need special handling.

Note: This would be my first migration project over a large scale around1500 users covering 15 remote locations.

Also as Jon mentioned that I need to clear the DNS cache for each clients either through group policy as individual machines doesn't make any sense.

Please let me know if I am missing anything so as not to disrupt the network upgrade.

I would really appreciate your feedback.

Best,

Joseph W. Doherty · ‎04-21-2015

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

As Jon has already noted, hard coded (host) IP addressed can be an issue. What can sometimes assist in such migrations is having multiple gateway IPs (old and new) on same VLAN. Then, hosts can work using either old or new IP. Also, when dealing with hard coded hosts, verify they really, really still need to be hard coded. Sometime they don't, and if they don't, why setup yourself up for needing to re-IP the host again, sometime in the future. If you have dynamic DNS, even some servers can be converted to use DHCP.