Re: how to relocate servers transparently

[Fraser Campbell <fraser@georgetown.wehave.net>]

On Monday 14 June 2004 09:57, Adrian 'Dagurashibanipal' von Bidder wrote:

> This may be obvious, but not to me... is there any difference compared
> to using iptables DNAT?

I believe that you'd have some problems if you used DNAT.  Think of what 
happens to a packet coming into your old colo and being NATed to the 
completely different set of IPs at your new colo ...

- packet from client arrives at oldcolo
- packet is DNATed to newcolo
- newcolo receives packet with source address client, destination address
  newcolo (self)
- newcolo responds to packet by looking in it's routing table, it sees that
  it is responding to a non-local source address and so replies via it's
  default route

Basically, the client would initiate communications with oldcolo but recieve 
replies with from the address of newcolo.  The simple way around this is to 
use a proxy as other people have suggested.

Personally I wouldn't bother with supporting things on the old address, set 
TTLs on the A records very low (let's say 10 minutes) at the point where you 
wish to switch the servers and just do it.  If DNS is done correctly then 
there should be very little downtime.

-- 
Fraser Campbell <fraser@wehave.net>                 http://www.wehave.net/
Georgetown, Ontario, Canada                               Debian GNU/Linux