Nerd blog.

25 Nov 2014

Phased Service Moves

This evening I successfully moved a second set of services from service provider IP space to BGP IP space. The first phase of this project began over a year ago – I turned up AS62758 in early December 2013 prior to the migration of a Learning Management System. With this second phase now complete, most externally offered services are now running on BGP IP addresses. I have two more remaining phases, to move the access NAT network, and to move a Student Information System. These remaining two phases will be happening over the next two weekends.

Pre-Change Changes

  • Reduced TTL values on affected records a week before the change.
  • Pre-configured new firewall with new IP addresses, 1:1 NATs, and allow/deny rules.
  • Pre-configured PTR records.
  • Pre-modified SPF record to add new IP range.
  • Tested several of the port forwards with a simple Debian VM running an nginx server to display a success page.


  • Changed affected VM’s network from old to new network.
  • Made several cabling changes/additions.


All testing was successful, which makes sense, as no changes needed to be made on the systems themselves, just firewall, and physical/virtual cabling changes.

Theodore Baschak - Theo is a network engineer with experience operating core internet technologies like HTTP, HTTPS and DNS. He has extensive experience running service provider networks with OSPF, MPLS, and BGP.