Thread: Temporarily re-direct traffic to another site
View Single Post
  #6 (permalink)  
Old 2007-11-15
lammbo lammbo is offline
Senior Member
  
Join Date: 2006-02-09
Location: Charleston, SC
Posts: 277
Rep Power: 3
lammbo has an average reputation (10+)
Default Re: Temporarily re-direct traffic to another site
Thanks for all the info guys!

Management has finally abandoned the re-direct notion. The plan is now to move the BGP advertisements to the new data center while we are down during the move (both Data Centers are onboard with this). Of course, this now adds a different challenge (or if my assumption is correct, no impact).

More topology info:
All gateways managed by same SCS (R65 HFA_02)
Each site has it's own Policy - set to install only to it's appropriate gateway cluster
SiteA (old) (R60 HFA_04)
SiteB (new) (R65 HFA_02)
SPLAT gateways using Auto-NAT
OldHost@SiteA has x.x.x.x as NAT - Only set to NAT at SiteA (not ANY)
NewHost@SiteB has x.x.y.x as NAT - Only set to NAT at SiteB (not ANY)


When I started this, I stood up the new firewalls with new subnets. I cloned every host object (we'll call this OldHost@SiteA) from the old site. When I did this, I renamed the cloned host (we'll call this NewHost@SiteB); I changed private IP octets 2 and 3 to match the new site's topology and changed the Public IP for the exposed servers to match what was going to be, in the original plan, the new Public IP range (only the 3rd octet changed).

With this new development, I will have to go back to these NewHost@SiteB hosts and change back the 3rd octet on the Public IP.

Given this information and the fact that BGP will not be advertising at SiteB until we go down for the move, is it possible for me to pre-change NewHost@SiteB back to the original NAT from Site A x.x.x.x, as opposed to x.x.y.x, and still be able to push policy without breaking the NAT at SiteA.

My thoughts on this are that I should be able to do so because the NAT is set to install only to a specific gateway. Therefore, when I push policy to SiteA, it will not try to auto-NAT using SiteB private IPs since the NAT is not installed on that cluster for cross-site hosts.

NewHost@SiteB will now have the same Public IP as OldHost@SiteA in the rulebase/NAT table, but SiteA should continue to function even though SiteB is ready for the hosts as soon as BGP adverts start at SiteB.

Is this a correct assumption? Otherwise, the fallback plan is that I change everything in the rulebase now and can't push policy until SiteA is down @ 3AM on Sunday.
__________________
There's no place like 127.0.0.1
Last edited by lammbo; 2007-11-15 at 08:09. Reason: typos
Reply With Quote