5

We are looking to move office and wanted to know if it was possible to relocate some servers at a time and still keep the network working? (this is to try and avoid a major move)

I have a 24 bit subnet (255.255.255.0), So lets say I have a network running on 192.168.250.xxx

I then move two servers 192.168.250.5 and 192.168.250.6 to the new office. So at the existing office why anything tries to talk to .5 or .6 it wont be found by the local switches. Will it goto the gateway and ask if the gateway knows about it? As that way I can route requests over a VPN to the new office where .5 and .6 are? would this work?

D-W
  • 321
  • 1
  • 5
  • 11
  • Is there a reason you can't make the move all at once? – ewwhite Mar 17 '17 at 11:52
  • Would you want to move 200 users, 20+ servers, 5+SANS, etc.. over a weekend? or if you could move a bit at a time while keeping everyone working you would take advantage off? – D-W Mar 17 '17 at 12:26
  • 7
    I've moved all systems at once, and in multiple scenarios. It's not uncommon. – ewwhite Mar 17 '17 at 12:55
  • 1
    I've moved hundreds of servers over a weekend. It takes a lot of careful planning and may necessitate getting some extra hands, but it isn't hopeless. And it could take less effort than trying to be gradual and careful about it. – chicks Mar 17 '17 at 21:51
  • 1
    If it's an office network that's not critical over the weekend, taking the downtime and moving everything at once could well be far easier than trying to do it piece-by-piece. It depends on your needs. – Zach Lipton Mar 17 '17 at 23:31
  • 1
    Is there any particular reason that you need to keep the IPs or servers on a single subnet? Are hard-coded IP addresses likely to be in use? As long as the old names point to the correct (new) addresses, whether they are on a local subnet may not matter. It depends on the services and how you use them. – BowlOfRed Mar 18 '17 at 04:17

3 Answers3

19

When a host tries to access another host in the same subnet, it issues an ARP request for the host MAC address. If no ARP reply is received, then the host is declared unreachable.

So, therefore you need a L2 VPN between the locations. The VPN server at each point will work as a bridge. It knows which MAC address is at which side of the VPN connection, and will relay traffic to the other side as needed. OpenVPN bridge mode is good for this.

Tero Kilkanen
  • 36,796
  • 3
  • 41
  • 63
  • Agreed. OP should enquire what their local ISP can do - here a fibre service provider can provide an ethernet port on the new site device that is functionally terminated at the other site. – Criggie Mar 17 '17 at 21:50
10

I think you may be asking the wrong question... (X-Y Problem)
It should be:

"How would you recommend I move the IT infrastructure to a new location?"

or

"What factors should I consider in planning a office move?"

Ideally, you could accomplish the move in one shot. There are moving firms that specialize in this, and it's not an uncommon thing.

I've been part of full datacenter moves, multiple facility moves and plenty of small office migrations to a new location.

But, if you don't have the option of making this type of move in one step, consider your applications, networking and other constraints.

VPN is a common approach if you have internet connectivity established at the new location. Make a temporary new subnet, relocate servers as needed. Use DNS to manage how end users connect to the systems.

If the sites are close, you have some easy wireless bridging options.

VPN bridging is an option as per the other answer. Do you want to share any information about the type of firewalls you have in place?

Granted, we don't have any details of what your critical applications are, the inbound/outbound requirements, NAT setup, DNS status... So that's a little tough to condense into one answer.

ewwhite
  • 197,159
  • 92
  • 443
  • 809
2

If an address is in the same subnet as the sender then the sender will not generally send it to the gateway. It will arp for the destination address and if that fails it will generally give up.

There are two practical soloutions to this.

  1. Run a layer 2 VPN so that you have a virtual Ethernet network spanning the two offices.
  2. Use proxy arp so that the gateway router pretends to be the destination and can then pick up the traffic and route it.
Peter Green
  • 4,211
  • 12
  • 30
  • 1
    Did it once (not my decision) and will not do it again. I rather sacrifice one weekend rather than waisting time troubleshooting something that is in place temporarily. – cyzczy Mar 18 '17 at 11:57