Same Name, Different IP
by Kurt Keller
Recently a customer needed to change their IP addresses from one IP address range to another. DNS (Domain Name Service) , mail and a few other services on the TCP/IP network were involved and of course, if possible, the transition should go smoothly and transparently. Due to physical distance - the network is in the heart of Tokyo, while I do all maintenance and configuration from Switzerland - it was necessary to plan the changeover carefully and avoid mistakes.
The old Network
The old network consists of Win95 workstations connected via ethernet to a Novell network. I'm only responsible for the internet connectivity which lives on the same network, using TCP/IP and a few Unix systems.
The customer is assigned a C-class IP address range. For this explanation let's say the assigned C-class is 192.168.0.0 - 192.168.0.255. (Attention, don't use this address on the internet, as the addresses 192.168.0.0 to 192.168.255.255 are one of three ranges given free for internal use by anyone; they can not be used on the internet.)
DNS is served from one of the Unix systems. The Win95 workstations get their IP addresses assigned dynamically via DHCP (Dynamic Host Configuration Protocol). The DHCP daemon is running on an Unix machine as well.
For mail there is a commercial SMTP gateway to the in-house mail system. However, due to some bug in the software or configuration, mail coming from the internet gets spooled over and over by the gateway. Therefor one of the Unix systems acts as the official mail host. Sendmail on the Unix mailhost receive messages, transforms their envelope and passes it on to the final gateway.
The new Network
The new setup somewhat different. DHCP and a few other services are to be dropped. The sister company, with which the customer is sharing an office building, leaves one half of their C-class IP address range for use by the customer (let's say it is 192.168.3.0 - 18.104.22.168) and at the same time also provides the connection to the internet. DNS for the customers domain is still to be served using the Unix systems, as is mail, since the sendmail hack is still required.
In a first step, the new router (192.168.3.1) is connected to the existing old network. Without change on the existing network it will not be recognized, unless a router detection protocol is running.
The existing Unix hosts are reconfigured for the new setup and at the same time, the old network is laid onto the ethernet adapter as a virtual network. With this configuration, the Unix machines act as if they were connected to both, the old and the new network, even though physically there is only one ethernet adapter and one network. The distinction is made purely logically. Now the Unix systems, offering various services, can be accessed using either the old or the new IP address range from both the internal network and the internet. Connections to the outside will be made using the new router, which is now defined as default router.
The Win95 workstations are not announced via DNS, so there is no hurry to change their configuration. DNS can already be adjusted to the new network numbers; while announcing only the new IP addresses, the DNS server can still be accessed with the old IP address for queries, which gives some flexibility in how quickly the records need to be updated at JPNIC. However, since the sendmail configuration on the Unix mailhost is using DNS for resolution of the final inhouse SMTP gateway, the IP address on the final SMTP gateway needs to be changed as soon as possible. DNS would allow to specify two IP addresses for this host, but mail being down for half a day or so is acceptable and not announcing both addresses prevents one more change later on. Special care needs to be taken with the reverse address resolution (mapping IP addresses to host- and domain names), since the IN-ADDR.ARPA domains for the new IP addresses are served by the DNS servers of the sister company.
Would DHCP also be used in the new network setup, the only change necessary for the Win95 workstations was the DHCP server configuration files. With new static configuration, however, each Win95 machine's TCP/IP settings need to be adjusted. This may well take some time. As there are both networks, the old and the new one, accessible logically on the same physical network, this change is not critical; employees can work with either the old or the new setup, so changes can be made as time allows.
Once all the Win95 workstations are switched over to the new settings and DNS registration has been updated with JPNIC, the virtual old network is removed from the Unix hosts and the old router can be switched off. The switch is complete.
This is only a brief description of a possible solution to this problem and many of the finer details are not mentioned, but it should give you a rough outline of how such a project can be tackled.
© Algorithmica Japonica Copyright Notice: Copyright of material rests with the individual author. Articles may be reprinted by other user groups if the author and original publication are credited. Any other reproduction or use of material herein is prohibited without prior written permission from TPC. The mention of names of products without indication of Trademark or Registered Trademark status in no way implies that these products are not so protected by law.
The Newsletter of the Tokyo PC Users Group
Submissions : Editor
Tokyo PC Users Group, Post Office Box 103, Shibuya-Ku, Tokyo 150-8691, JAPAN