I'm managing two offices that are linked by a 1gbps EPL and logically operate as one network. Each office has a main 1gbps DIA connection and a backup 500mbps DIA connection. Currently, our on-prem firewall serves as the gateway, and we handle switching to the backup route without any client-side reconfiguration.
Now, we're considering phasing out the backup DIA at the smaller office in favor of using the EPL as a backup solution. However, doing this could necessitate switching the clients' gateway from our firewall to the one at the other office across the EPL. Transitioning DHCP settings and having everyone release/renew their IP addresses isn't practical.
What's a sensible way to handle this change without disrupting users?
4 Answers
Have you looked into technologies like VRRP or CARP? They're specifically designed for failover scenarios like yours. They help manage IP addressing between redundant gateways seamlessly, making transitions a lot simpler. Also, while IPv6 could handle some of this, it might be a bit overkill depending on your setup.
Consider lowering your DHCP lease time to one hour for the night before the change. When users log in the next morning, they’ll automatically receive the new settings without having to do anything manually. Just keep in mind that if primary fails during the day, you might still need to deal with some clients manually.
During your transition, make sure to clear the ARP cache. This will help in avoiding any stale entries that might point to the old gateway.
What about creating a virtual interface on the backup firewall? You could assign the old IP to this virtual interface when the old one is decommissioned. Since both offices use the same subnet, this should work. Just remember to clear out the ARP caches to prevent any mix-ups.
Good point! But we had instances where the primary went down, and we had to switch during business hours. It can complicate things.