Changing domain IP’s !!!!

pts.
Tags:
Data analysis
DHCP
DNS
E-mail applications
Hardware
IT architecture
Lotus
Lotus Domino
Microsoft Exchange
Microsoft Outlook
Networking
Networking services
Security
Hi I am going to get our whole network to change IP addresses. This sound really a big silly thing to do, but it needs doing. Our IP?s currently are badly designed and setup. Before I start with that project, I made sure I read up on as much as I could. But I don?t feel comfortable doing it yet. What could be some points to take into account or advice when changing all the IP?s. To give you an id: I?ve got here Server 2003, Server 2000 x2 and a G5 server. Luckily one of the others is pretty clued up on anything Apple related or anything. I?m not sure what to ask, as there are so many things to consider. I?ve got this store and then one more, which connects through a VPN. But that one will soon close down. And I would still like to get this done and see the effects on that store and get them sorted so I know how to go about that, should I meet this issue in the future. Thanks again for taking time to read this and I hope you have some good advice or pointers? W

Answer Wiki

Thanks. We'll let you know when a new response is added.

Hi,

You’ll need to decide a couple of things first -
1. The total number of addresses you need – the 192.168.x.x is suitable for smaller networks( 255 x 255 systems), but the 10.x.x.x is also available for the largest internal networks.
2. Next is are their certain systems that you want to avoid giving access to others. I normally take all major systems and put them on separate networks and block access, for e.g., network devices are on a separate IP addressing scheme, so also for servers etc.
3. Are systems going to have fixed IP addresses or dynamically allotted addresses
4. Lastly and most importantly system naming conventions need to handled carefully and consistently – e.g., I avoid giving server names based on either function or location, any arbitrary name works. Use aliases for function based naming etc. which can be switched easily. Thus MailSvrOne can be easily moved around without the user knowing the administrative details.

Hope this helps you start

Discuss This Question: 12  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • petkoa
    Hi, You did't give enough details about your current setup - are you using DHCP and/or NATting your address space? Also, some more information about your plans would be helpfull e.g, do you plan to use real or private IPs, and as tmehta noted, do you want them static or dynamic? Anyway, whether you want them NATted or not, static or dynamic, I'd advice to use DHCP, if you have more than 2 hosts ;o). This will save you a lot of foot-work in the future. Also I'd like to accentuate on p.4 of tmehta - alias-based naming convention is great for DNS menagment. BR Petko
    3,120 pointsBadges:
    report
  • Solutions1
    Is this IP cleanup elective and you can look at options? IPv4 is getting pretty old and IPv6 adoption is beginning to take hold. If you are looking to future-proof your operation, you might look at migrating to IPv6.
    0 pointsBadges:
    report
  • ItDefPat1
    Depending on number of hosts, I agree that DHCP is probably the best idea. It is pretty straight forward to do, and any of your OS (MS, Mac, Linux...) providers will probably have lots of info on how to do it. IF you have customers that are on a fixed IP (not under your control), the NAT (network address translation) is probably a good choice. This could be done on router or firewall between you and them. This is also well documented by the likes of Cisco and Check Point. The only tricky thing is coordinating NAT with the VPN (depending on products and your network design)
    15 pointsBadges:
    report
  • N0bytes
    Tmehta and Petkoa are both bang on. Following up on the DHCP portion, which is the 'only way to go' for your workstations; you might want to allocate a specific static address range for servers (10.0.0.2~>10.0.0.9) a specific static address range for printers (10.0.0.10~>10.0.0.20), and then a specific static address range for firewalls or other routing devices (10.0.0.250~>10.0.0.254). This will still allow 10.0.0.21~>10.0.0.249 for a couple of hundred workstations! Of course you would want to make sure you reserved those address ranges in your DHCP scope so they wouldn't be handed out. Just use the ipconfig /all utility or a good network topology pack to get a listing of each device's ip and MAC address as you will need that info for the reserved pool. You're doing the right thing in planning proactively. I am too often in a re-active mode...... Regards, n0bytes
    0 pointsBadges:
    report
  • ItDefPat1
    IPv6 is a great suggestion, but you need to have compatible hardware and possibly applications. Most OS will support. I would probably suggest going with the other suggestions and working IPv6 into the future. You can get some IPv6 Security features in IPv4 by utilizing IPSec. You can do this, but it also will cause some changes. Read up and prepare for a while before attempting.
    15 pointsBadges:
    report
  • EAJewett
    DHCP for workstations & static for the "plumbing" (servers, printers, routers, etc) sounds like a solid approach. Something you didn't mention was if you use the Notes client or using a browser to get to your Domino servers. The Notes client has a habit of caching the IP address, even if you have always set things up to use the host name to connect. I would guess there is a cleaner way around it, but under User Preferences and Ports, you can Trace a connection and it will tell you how it is determining how to get to the server and should eventually drop down to asking DNS for the address, establish the connection and cache the new address. If you used IP addresses instead of hostnames on connection documents in their personal address book, you probably have a desk-to-desk vist in your future, unless you have a programmer that can write a "mail button" that would change the connection document (and possibly location document) to use host name instead. It's not terribly difficult but depending on the number of workstations, it may be easier to take the low-tech approach. Good luck
    630 pointsBadges:
    report
  • Manipulator
    Changing IP's is very simple, administering a network is real challange. Goode luck. GS
    0 pointsBadges:
    report
  • Dargandk
    There are many things to consider before you plan to change the IP address scheme 1- Do you have a public IP address space ? or private IP address space 10.0.0.0 , 192.168.0.0 , 172.16.0.0 - 172.31.0.0 ? 2- If you are moving from private to private IP address space. The change over is mainly internal and may not affect the external routing that much. Majority of the services inside the network would be affected. For the public address space (which is routable on the internet) you have many things to do specially on the Border routers. It would be helpful, if you are specific. Dharminder Dargan
    0 pointsBadges:
    report
  • Hedgehog
    Hi WikusIT, Just a little addition to what the others have already said. If you're planning to add more remote locations (esp if not all will be under your control), I suggest you do *not* pick one of the "typical" ranges of internal addresses like 192.168.0.x or 192.168.1.x or 192.168.2.x, etc which everybody uses (Class C should suffice; I imagine you don't have 1000's of hosts to require Class A). As you have now pretty much complete freedom, pick something like 192.168.78.x (or 176.16.x.x - 172.31.x.x) which not too many people out there use. That'll make it much less probable that the remote subnet of the site you try to VPN into will clash with yours. Good luck!
    0 pointsBadges:
    report
  • Bobkberg
    Ah ha! Once again, most of the good answers are already taken. That will teach me to go on vacation!! However, there's something to be said for drifting down the Colorado river on a raft, where the only electronic thing in sight is the boatman's wristwatch. Seriously though, before embarking on a project like this, there are a number of relatively non-technical questions that should be asked and answered: 1) Why do you need to do this? 2) What parties are involved? 3) Do you need or could benefit from their buy-in? 4) If the answer to 2) is more than just you, and the answer to 3) is Yes, then you need to bring the relevant parties into the planning process. This might make the project itself more difficult, but the political price of acting in a vacuum will be MUCH cheaper. 5) How much autonomy do you really have? 6) Who/what are you going to affect if you do this? 7) Where are you in the "food chain", and do you have (or can get) the authority to act independently? 8) Do your plans allow for changes, reorganizations, growth, acquisition, etc.? 9) If things go badly wrong, do you have a back-out plan, to put things quickly back the way they were? On a technical note, whatever scheme you pick may well be "overlaid" onto the existing network to make the change less visible to the end-users. And THAT will make YOU look much better in their eyes. Remember that most end-users view us network/server folks with a jaundiced eye to begin with. They rarely notice when things are working smoothly, but they sure do when things go wrong! Bob
    1,070 pointsBadges:
    report
  • MennoT
    Just a few things: - Carefully investigate whether anywhere IP addresses instead of DNS names are used for accessing the machines to be renumbered. The message to use DNS names rather than IP addresses should be communicated to all users. - DHCP was already mentioned by others. What I didn't see was the advice to assign addresses by DHCP for *any* device possible, i.e., also for devices that need fixed IP addresses, like servers and printers, wherever possible. This will make your job much easier in future. - Take care of DNS. Before you make the change, make sure you reduce the time-to-live for caching enties. - Yet another issue with DNS: by nature, DNS servers are addressed by IP address. Make sure anyone using the DNS server is aware of the new IP address of it. - Take care of possible firewall rules or Access Control Lists that are based on IP addresses. - Take care of applications that do not respect DNS expiration terms. An example I once was confronted with is SAP printing: initially, DNS resolving is done and the IP addresses are kept forever - the only way to refresh (according to SAP experts I consulted) is to restart the task.
    0 pointsBadges:
    report
  • Guardian
    Another issue is for you to document all these changes, and how you configure the settings. Also like mentioned before the rules. I suppose you're using bandwidth since you mentioned VPN. Becareful on the IP address range. And you did not mention what IP address range you were using or the one you plan on using? I trust your network diagram is up-to-date. Also be mindful of office or device (PC's,Printers and others) that might change locations. And as written above group certain device in a specific range (th heavy loads on a certain subnet).You are going to have to discuss with the other guys on that other VPN (especially access rights and trusts) Regards Newton
    900 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following