Hi, An excellent migration plan, but I'm trying to avoid renumbering. I'm consolidating the internet connections of customer LANs which have long had their own networks and don't want to change their numbering. Some of them have equipment that can only have their IP address altered by serial connection; very tedious. Could I re-create the network with a single router by adding some sort of extra internal interfaces and routing based on ingress interface as well as destination address (and SNAT twice as at present)? Loopback interfaces don't seem to be suitable as they don't have two ends and there is only one of it. Chris. ----- Original Message ----- From: "Martin A. Brown" <mabrown-lartc@securepipe.com> To: "Chris Paulson-Ellis" <chris@edesix.com> Cc: <lartc@mailman.ds9a.nl> Sent: Saturday, February 15, 2003 8:07 PM Subject: Re: [LARTC] How do I collapse this configuration into 1 router. > Chris, > > : I want the collapse the following configuration into 1 router... > : My question is how I can collapse this into a single router (Router3), > : eliminating LAN3, without renumbering LAN 1 or 2 so they don't have > : duplicate adresses? > > Perhaps you have already read Bartek's suggestion. He prefaces his > suggestion as follows: > > If they don't have duplicate addresses connect them together and leave > Router3 with SNAT. > > If no hosts on your LAN1 and LAN2 use the same IP (same final octet), you > are in a great position--Bartek's solution will serve beautifully. In > short, he is suggesting host routes to each destination on the interface > to which it is connected. > > I'm responding to make a suggestion if there are duplicate addresses on > LAN1 and LAN2. You'll need to use a two router solution, but you can > configure the second router in a clever way to aid in your transition to a > new and non-clashing IP space. The benefit is you can slowly readdress > all of the machines in LAN2 (or whichever) to the new IP addressing > scheme. This makes your router consolidation project a two phase > endeavour. I'll choose an arbitrary numbering scheme for the new network. > > Phase I: > > - consolidate router3 and router1 > - ethA internet > - ethB 10.0.0.0/8 > - ethC 192.168.1.0/24 (LAN1) > - ethD 192.168.254.0/24 (router2) > - configure router2 to NAT 192.168.254.0/24 into LAN2 192.168.1.0/24 > - ethA 192.168.254.0/24 > - ethB (or ethA!) 192.168.1.0/24 (LAN2) > > Phase II: > > - renumber machines in LAN2 to use 192.168.254.0/24 > - when renumbering is finished, turn off router2 > > So, here's a description of phase I: > > The best part of this, is that your router2 machine doesn't need to have > multiple interfaces--you can perform the translation on a single media > segment. Here's an example, assuming that router3 has 192.168.254.1 (our > gateway), and that your duplicate IP addresses (in LAN2) are 192.168.1.17, > 192.168.1.18, 192.168.1.44, etc.... > > router2# ip addr add 192.168.254.254/24 dev eth0 > router2# ip addr add 192.168.1.254/24 dev eth0 > router2# ip route add default via 192.168.254.1 > router2# for hostoctet in 17 18 44 $( seq 50 89 ) ; do > > ip route add nat 192.168.254.$hostoctet via 192.168.1.$hostoctet > > ip rule add nat 192.168.254.$hostoctet from 192.168.1.$hostoctet > # done > > Now, the hosts in LAN2 will be accessible from router3's perspective as > 192.168.254.$hostoctet, but router2 will be performing NAT to the > 192.168.1.0/24 IP configured on the individual machines. > > Conditions of this example: > > - all of the LAN2 hosts are connected to the same ethernet as router3's > ethD interface and router2's interface > - LAN2 (192.168.1.0/24) must use router2's 192.168.1.X IP as a default > gateway > - router3 must not be configured for proxy ARP nor to answer any ARP > query for 192.168.1.0/24 > - router3 must forward all packets for 192.168.1.0/24 to the "REAL" > 192.168.1.0/24, LAN 1 > > Finally, you must be very careful about ARP issues. If you are using > proxy ARP on router3, this will break in strange and wonderful ways, so > you'd be better off making router2 a traditional two-interface router. > > and a description of phase II: > > This is the easy part. You visit the machines which need to be > readdressed (at your convenience) and give them IPs in the > 192.168.254.0/24 network. If you give these machines the same final octet > as in the 192.168.1.0/24 network, you'll need to remove the NAT entry on > router2. Otherwise, it should be an easy and convenient transition. No > cable swapping, no muss, and no fuss. > > -Martin > > -- > Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ >
