Best way to do this... (relocating IPs)

[EricMartello]

This is not something I have attempted to do before, but I'm pretty sure it is possible:

Network 1:
Server 1 has 20 external IPs routed to it locally. These are statically assigned addresses. This server is not behind a NAT layer; it's connected directly to the internet though a managed switch.

Network 2:
Server 2 is has 1 external IP address and is connected to the internet.

I would like to make it so that the 20 IPs on Server 1 act as if they are local to Server 2, so that requests to and from one of the 20 IPs Server 1 will be sent to and received from Server 2.

What is the best way to do that, without introducing a lot of networking overhead or latency?

 

[Emulex]

what is the protocol and application?

if it was CDN web i'd say squid reverse proxy cache.

 

[EricMartello]

It's not a CDN. Ideally this is how it would work:

LAN 1 <===> Server 1 IPs <===> Internet <===> LAN 2 <===> Server 1 External IPs Assigned to Server 2

In other words, if one of the 20 IPs on Server 1 are 123.123.123.200, after setting this up, all traffic to and from 123.123.123.200 would go to Server 2 as if it were locally assigned to Server 2 even though the IP is physically assigned to Server 1.

 

[ViviTheMage]

Just to clarify, the internet/WAN is between each network?

Is there a reason you're doing this? It sounds like you're just adding extra latency/travel in between the servers. IF there is NO reason to go to Server 1, then why have it?

 

[seepy83]

IF there is NO reason to go to Server 1, then why have it?

If I'm understanding his post correctly, it sounds like he's got a block of public IPs at Location 1, and wants to redirect traffic to those public IPs to a server at Location 2...

OP - is that what you want to do?

 

[ViviTheMage]

If that's true, it doesn't make sense, you're just adding another hop of latency. UNLESS that other server is behind your WAN in the cloud, at another location, on another network.

Need details OP!

 

[EricMartello]

Just to clarify, the internet/WAN is between each network?

Is there a reason you're doing this? It sounds like you're just adding extra latency/travel in between the servers. IF there is NO reason to go to Server 1, then why have it?

Yes, there are any number of reasons for wanting to do this but it isn't relevant to the question of how to do this.

If I'm understanding his post correctly, it sounds like he's got a block of public IPs at Location 1, and wants to redirect traffic to those public IPs to a server at Location 2...

OP - is that what you want to do?

Yes, but not just traffic. I want an external IP on Server 1 to become the external IP of Server 2. It should be fully transparent in its operation.

If that's true, it doesn't make sense, you're just adding another hop of latency. UNLESS that other server is behind your WAN in the cloud, at another location, on another network.

Need details OP!

Server 1 is in a different geographic location than server 2. The idea is to make them both appear to be neighbors on the same LAN, with access to the same IP resources.

I want to assign the IPs which are routed to Server 1 to Server 2, so that Server 2 appear to be on the same subnet/LAN as Server 1. The internet would be connecting Server 1 LAN to Server 2 LAN. The question is what's the best way to do this without introducing a lot of latency or overhead...obviously it will reduce performance to an extent.

 

[alpineranger]

Sounds like you want to make the two sites (or at least a subset of hosts in each one) appear like they're on the same LAN. VPLS (L2 tunneling over MPLS) if you can involve your service provider, plain old VPN tunnel otherwise. I'm not an expert, others can add more.

 

[jlazzaro]

Yes, there are any number of reasons for wanting to do this but it isn't relevant to the question of how to do this.

considering your lack of details and technical knowledge, it has everything to do with the question at hand. there are an endless amount of ways to accomplish this, all depending on your specific requirements, infrastructure, WAN, etc.

if you really want "help" i suggest you post what your end goals are.

 

[spidey07]

This doesn't make any sense on any reason why you would want to do this. The only valid reason would be VMware clustering that need layer2 adjacency and you could use a tunneling technology to achieve it. Or are you attempting to do some kind of load balancing? If so then use a load balancer.

Not to mention the routing problems you'd run into. What are you really trying to accomplish here and a more reasonable solution can be presented.

 

[imagoon]

Server 1 is in a different geographic location than server 2. The idea is to make them both appear to be neighbors on the same LAN, with access to the same IP resources.

I want to assign the IPs which are routed to Server 1 to Server 2, so that Server 2 appear to be on the same subnet/LAN as Server 1. The internet would be connecting Server 1 LAN to Server 2 LAN. The question is what's the best way to do this without introducing a lot of latency or overhead...obviously it will reduce performance to an extent.

Purchase your own IP range from ARIN, and get your BGP entry in the internet routing table, then have your routers configured to handle fail over.

or

Get a provider that will do that part for you. Use IP network balancers and either a VPN tunnel or MPLS connection so they can notify your provider of your perferred route, mean while moving data that arrives at the wrong side over the VPN or MPLS.

Contrary to your comment above, what your doing does change the best way. HTTP can be handled via round robin DNS where the failed site gets taken out. This eliminates the reliance on 1 IP. SMTP has these features built in from the ground up (server ranking.) In most cases you should be using DNS rather than IP as IP's are far less 'movable' unless you own your own ARIN range and can peer at multiple locations in to BGP. Trying to bridge L2 is not all that effective and rarely if ever needed.

--looks like spidey07 beat me to my point--

 

[EricMartello]

It looks like there is a program called vtun which can be made to work with Linux's built-in bridging support to create a bridge between a local interface and a tunnel interface. That may work but it would burn the other nic on the server solely for this purpose.

DNS is not really for IPs; it's for resolving hostnames to IPs...but is there any thing I can do with DNS to make this work the way I want it to?

 

[spidey07]

What you trying to do? It doesn't make any sense. What are you trying to accomplish by going against all practice of "doing it right". There's a lot of pros on this forum that could suggest an easy way to meet the goals but you haven't really described what that goal is. Trying to have external IPs reside in different locations just goes against everything that makes networking work.

Are you doing a migration or trying to do poor man's load balancing?

 

[EricMartello]

considering your lack of details and technical knowledge, it has everything to do with the question at hand. there are an endless amount of ways to accomplish this, all depending on your specific requirements, infrastructure, WAN, etc.

if you really want "help" i suggest you post what your end goals are.

It's not a lack of details; it's a lack of reading comprehension. I stated multiple times what I am trying to do...if you don't know then you don't need to reply.

What you trying to do? It doesn't make any sense. What are you trying to accomplish by going against all practice of "doing it right". There's a lot of pros on this forum that could suggest an easy way to meet the goals but you haven't really described what that goal is. Trying to have external IPs reside in different locations just goes against everything that makes networking work.

Are you doing a migration or trying to do poor man's load balancing?

Repeating my post from earlier today:

Server 1 is in a different geographic location than server 2. The idea is to make them both appear to be neighbors on the same LAN, with access to the same IP resources.

I want to assign the IPs which are routed to Server 1 to Server 2, so that Server 2 appear to be on the same subnet/LAN as Server 1. The internet would be connecting Server 1 LAN to Server 2 LAN. The question is what's the best way to do this without introducing a lot of latency or overhead...obviously it will reduce performance to an extent.

Either you know how to do this or not...but I have provided all the information you need. THAT is what I want to do.

 

[spidey07]

Nope, I know of many ways to do it. It's just a very bad idea all around. There is just a few scant reasons why you EVER would want to do this. It's a terribly bad idea. So far you haven't given any of them.

What is the application?
Why do they need L2 adjacency?
What are you trying to do here other than make things incredibly complicated?

If you must, then use some sort of tunnel to provide the L2 adjacency and decrease the MTU on each host to accomodate the tunneling protocol so you won't run into performance problems because of IP fragmentation. There will be performance hits if you must do this in the OS, better to let "the network" do it.

Good luck on dealing with the routing issues.

 

[EricMartello]

Nope, I know of many ways to do it. It's just a very bad idea all around. There is just a few scant reasons why you EVER would want to do this. It's a terribly bad idea. So far you haven't given any of them.

Read the original post, and either answer the question or ignore the thread. I asked how...either you know a way to do this or not.

What is the application?
Why do they need L2 adjacency?
What are you trying to do here other than make things incredibly complicated?

If you must, then use some sort of tunnel to provide the L2 adjacency and decrease the MTU on each host to accomodate the tunneling protocol so you won't run into performance problems because of IP fragmentation. There will be performance hits if you must do this in the OS, better to let "the network" do it.

Good luck on dealing with the routing issues.

I realize there are potential performance hits which is why I started this thread...in order to get some ideas to minimize these hits. Seems everyone has a preoccupation with my reasons for wanting to do this rather than actually telling me something I don't know.

Anyway, since nobody here has exceeded grade 2 reading skills or "How to follow directions", allow me to provide an answer to my own question for anyone else who may want to do something like this: The linux program Vtun will work just fine, combined with kernel-based bridging.

Basically you create a network interface on the system that represents the "tunnel" from the remote system and bridge it to the interface on the local system that has the IP you want to use. If you bridge a virtual interface you can probably do this with one nic too. One tunnel for each IP you want to relocate should do it. Performance hit is minimal and operation is fully transparent. This can be done on any linux system with kernel 2.4 or newer using the standard "bridge-utils" program and Vtun.

Let's hear it for a lack of basic problem-solving skills in Murrrica. WOOOOOO....crack open a cold one and git er done!

 

[Fardringle]

I'm glad you found a solution that you think will work for you, Eric. However, everyone in this thread has been trying to help you in spite of your apparent lack of desire to be truly helped. Since you said that you want to minimize performance hits, asking the questions that have been asked are VERY good "basic problem-solving skills".
Anyone could give you an answer that might work generally, but as others have said, there are many different ways to accomplish what you are asking and without really knowing exactly why you want to do this and what you want to do with it, it's impossible to give you the answer that will give you the best results for stability, performance, compatibility, etc.

 

[EricMartello]

I'm glad you found a solution that you think will work for you, Eric. However, everyone in this thread has been trying to help you in spite of your apparent lack of desire to be truly helped. Since you said that you want to minimize performance hits, asking the questions that have been asked are VERY good "basic problem-solving skills".
Anyone could give you an answer that might work generally, but as others have said, there are many different ways to accomplish what you are asking and without really knowing exactly why you want to do this and what you want to do with it, it's impossible to give you the answer that will give you the best results for stability, performance, compatibility, etc.

Nobody who replied provided any type of answer whatsoever. Why I want to do something is not important in this context. The only thing I asked is how. I would have been more than satisfied with something as simple as a list of possible ways to do this...anyway it's a dead horse now so you guys can continue beating it all you want.

 

[azev]

I am doing something similar to this via GRE tunnels between 2 cisco routers. Very easy to do with network gear, but looks pretty complicated if it has to be done using servers.

 

[James Bond]

People are asking questions to give a good answer, not to be difficult.

Douche.

 

[Emulex]

well you wanted to do something without the obvious side effects? That's like saying tell me how to get 0.00001ms latency always on a hard drive without using SSD technology. i'm sure there's some theoretical way to do it but nothing practical. it's not hard to tunnel/vpn but the penalties are pretty obvious since you did not want them in your request. which is why we asked what you are doing.

 

[EricMartello]

I am doing something similar to this via GRE tunnels between 2 cisco routers. Very easy to do with network gear, but looks pretty complicated if it has to be done using servers.

Right, but I don't have access to the router on the other end since it is managed by the datacenter.

People are asking questions to give a good answer, not to be difficult.

Douche.

No, they were just wasting my time by asking why why why instead of simply providing a method to do what I wanted to do. Amazingly, I was able to provide a concise answer to my own question.

well you wanted to do something without the obvious side effects? That's like saying tell me how to get 0.00001ms latency always on a hard drive without using SSD technology. i'm sure there's some theoretical way to do it but nothing practical. it's not hard to tunnel/vpn but the penalties are pretty obvious since you did not want them in your request. which is why we asked what you are doing.

No, I wanted people to tell me ways of doing this so I could consider the pros and cons of each method for myself. The solution I provided has very minimal performance penalties - most of which are increased network activity on the remote host...but nothing it cannot handle.

 

[Emulex]

so tell us how you achieved your vpn-like scenario without penalty dude. we're dying to know. finish the topic.

 

[EricMartello]

so tell us how you achieved your vpn-like scenario without penalty dude. we're dying to know. finish the topic.

Post #16 was the end of this thread, brotato. We're just smacking the donkey now.