Move IP from one server to another without disruption

Question

I have an internal DNS server running on a VM. I've rebuilt the server from scratch in a new VM, and I want to cut over from the old to the new at some point. In order to do this, I'll need to take down the old server bring up the new one with the same IP as the old one.

I'm wondering what is the best way to do this without disruption. How quickly will the other machines on the subnet work out the new MAC address of that IP? I know I could accelerate this by flushing the arp cache on them all, but I don't have an easy way to do this on all boxes at the same time. I'm wondering if "nmap -sn 192.168.101.0/24" (i.e. ping all hosts on the subnet from the new box) will speed up the change?

Alternatively, being VMs I could set the new one to have the same MAC as the old one, but I'm concerned that the switch might get upset about this. Is this a better way to do it, and if so, what do I need to watch out for?

Does the switch have Port Security turned on ? Is it MAC binded ? Are both VM's on same Physical box ? — Garfield Carneiro, Dec 05 '13 at 11:25
Why can't you just swing the name over to a new IP on the new box, run the two in parallel until all cached DNS records are flushed, and not worry about moving the IP? — John, Dec 05 '13 at 12:36

score 1 · Accepted Answer · answered Dec 05 '13 at 12:36

1

Providing no MAC-aware security is in the network, there is no problem to move MAC from one system to another. The only condition - do not allow duplicated MACs simultaneously.

As soon as a switch receives a frame with old MAC from new target It should rewrite MAC table and make the target accessible.

You can test It separately in advance.

answered Dec 05 '13 at 12:36

Veniamin

863
6
11

That said, obviously higher level than IP protocols WILL have a disrutpion. TCP for example. Because the new VM does not know th state of all the connections. – TomTom Dec 05 '13 at 12:49
1

@TomTom your are right, but the main concern was about ARP cache timeout. Since client DNS requests are mostly UDP packets they will not experience disruption. Generally known, solid-rock DNS service requires at least two servers placed in independent subnets, but It looks like this is not that case. – Veniamin Dec 05 '13 at 13:07
I actually do have two DNS servers placed on two subnets, but from what I've read the idea of primary and secondary DNS is bogus and multiple DNS servers were originally for load balancing, not failover. That means clients are free to hit any DNS in the list first, not just the first one. Also I see in practice it takes clients 5 seconds or more to time-out their DNS request and try another server, which creates serious problems. – JohnCC Dec 05 '13 at 14:45

Move IP from one server to another without disruption

1 Answers1