0

I'm planning to migrate a virtual machine from one data-center to another. The VM has a public IP address that will change on the new data-center to another public IP address.

I'm planning to change the DNS entry for the VM, so it will reflect the new IP, but I want to keep the machine accessible while the DNS propagates the changes.

Is there a way I can configure some route or iptables rule so that any packet destined to my 1st (old) IP address gets forward to my 2nd (new) IP address?

That way users width cached DNS entry for 1st IP would still be able to access the VM.

After a while, (1 or two days) I could safely remove the routing rule.

I don't know much about IP tables and even less about routing. I was unable to google even a hint on this, except for some academic papers...

Miguel
  • 13
  • 3

2 Answers2

1

I think this is the wrong approach to the problem.

The issue is that you want to maintain the service while DNS propagates, however if you have access to the DNS then you can simply reduce DNS propagation time down to a few seconds, whatever your acceptable outage is.

Your A record for the domain looks something this:

<hostname> 14400 IN A <IP Address>

The second value is the length of time (TTL) the DNS can be cached for in seconds. Change this to

<hostname> 10 IN A <IP Address>

Now everyone will pick up any new updates within 10 seconds. Of course for the duration of this change, there will be an increased burden on your DNS.

So the sequence is

  1. Determine the current TTL value and change it to something small
  2. Wait until the original TTL time has passed, which ensures everyone has the new record with the reduced TTL
  3. Change the IP address for the record (everyone will get this update within the new TTL duration - a few seconds)
  4. Change the TTL back to something more reasonable

The "something small" value is whatever outage your service can sustain within its SLA

Paul
  • 1,288
  • 13
  • 25
  • if he is serving (and storing) dynamic content, then to actually continue using the old machine will be impractical as there will then be two separate systems holding totally different data – Olipro Sep 29 '11 at 13:22
0

Create some sort of tunnel link between the two VMs - OpenVPN, GRE, whatever floats your boat.

Once you've done that, assign the old VM's IP to the tunnel interface of the new VM and remove that IP from whatever interface it's currently assigned to on the old VM.

Once that's done, all you need to do is add a route on the old VM for the IP to be routed to the new VM on the tunnel interface.

Caveats: depending on the type of VM (and hence virtual NIC), this may not be possible. Additionally, if there is any egress filtering along the path of your new VM, packets with the old VM's source address will be dropped; in that instance, you will need to configure the new VM to route via the tunnel interface (and hence the old VM) when the source address is the old address.

As far as actual commands go, read the manpage of iproute2.

Olipro
  • 3,007
  • 19
  • 18