Re: how to relocate servers transparently
On Monday 14 June 2004 09:57, Adrian 'Dagurashibanipal' von Bidder wrote:
> This may be obvious, but not to me... is there any difference compared
> to using iptables DNAT?
I believe that you'd have some problems if you used DNAT. Think of what
happens to a packet coming into your old colo and being NATed to the
completely different set of IPs at your new colo ...
- packet from client arrives at oldcolo
- packet is DNATed to newcolo
- newcolo receives packet with source address client, destination address
- newcolo responds to packet by looking in it's routing table, it sees that
it is responding to a non-local source address and so replies via it's
Basically, the client would initiate communications with oldcolo but recieve
replies with from the address of newcolo. The simple way around this is to
use a proxy as other people have suggested.
Personally I wouldn't bother with supporting things on the old address, set
TTLs on the A records very low (let's say 10 minutes) at the point where you
wish to switch the servers and just do it. If DNS is done correctly then
there should be very little downtime.
Fraser Campbell <firstname.lastname@example.org> http://www.wehave.net/
Georgetown, Ontario, Canada Debian GNU/Linux