[84973] in North American Network Operators' Group
Re: [eng/rtg] changing loopbacks
daemon@ATHENA.MIT.EDU (Bruce Pinsky)
Thu Sep 29 16:26:23 2005
Date: Thu, 29 Sep 2005 13:25:48 -0700
From: Bruce Pinsky <bep@whack.org>
Reply-To: bep@whack.org
To: Randy Bush <randy@psg.com>
Cc: nanog@nanog.org
In-Reply-To: <17212.11474.361190.801819@roam.psg.com>
Errors-To: owner-nanog@merit.edu
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Randy Bush wrote:
> so i have junipers, ciscos, and a few <gasp> zebras in an ospf
> and ibgp mesh. they're peering via loopbacks, of course.
> unfortunately, i need to recover the space from which the
> loopbacks are taken. of course, i would like to do so with
> minimal disruption. i am thinking of something like the
> following:
>
> o add second loopbacks to all routers with new address in new
> block
> o set up ibgp peerings to new addresses from existing
> peerings
> o change the source of routing updates to new addresses
> o remove old peerings
> o remove old loopbacks
>
> what [else] am i missing?
>
In addition to what others have said, I'd ask:
- - Any ACL's anywhere that filter based on the old loopbacks?
- - Any VTY access controls on the router based on the old loopbacks?
- - Any external systems like authentication servers, management systems,
etc, etc that need the old loopbacks and can't dynamically adapt?
- - Any internal routing policies that reference the old loopbacks?
- - Any DNS entries that need to be migrated (CNAME->A references)?
- --
=========
bep
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)
iD8DBQFDPE3ME1XcgMgrtyYRApizAKDUz+80NvW2tdMfyivgLGA8+uJ1dQCdF54a
VzUeshCuqbV0dlI3D3Poqxw=
=jOI/
-----END PGP SIGNATURE-----
