[Micronet] [Announce] Upcoming Campus DNS, DHCP and IP Address Management (DDI) Changes

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[Micronet] [Announce] Upcoming Campus DNS, DHCP and IP Address Management (DDI) Changes

Isaac Orr
TL;DR: You may need to read all of this, even though it's very long.

STL;SWR [Still Too Long; Still Won't Read]: We are making major
changes to systems that are critical for the functioning of the campus
network.  If you support users who need network connectivity, or work
with DNS changes, you should read this entire (long) announcement, and
understand what it means for you and your users.

On Wednesday October 28th, 2015, Network Operations and Services will
be abating its legacy infrastructure supporting the following critical
campus network services:

* DNS
* DHCP
* IP Address Management

Important schedule and configuration change information follows below.
If you make DNS changes regularly, or perform other network
configuration tasks for your department, you should make sure you
understand the potential impact for your area.

The back end infrastructure supporting the above services was
hand-crafted in house many years ago, and is now showing its age. In
addition to deploying new DNS servers with improved performance and
reliability, we will be replacing our DHCP servers and the
database/management system which handles all DNS and IP address
registration changes.  These functions will be handled by
purpose-built appliances.

The planned changes have been structured in such a way that there will
be no outage for campus users of  DNS and DHCP services.  However, in
order to ensure a smooth transition, we will be placing moratoriums on
various types of DNS and DHCP changes in the lead up to October 28th.
In addition, as of October 28th, the method used by campus network
users to register their devices for the DHCP service will change.

DHCP Configuration Changes:
On October 28th, new appliances will begin serving DHCP leases to
campus hosts.  The IPv4 addresses from which DHCP server responses
originate WILL CHANGE for all hosts that use the campus DHCP service.

The new DHCP servers will be within the 10.255.0.0/16 subnet.
Typically no changes are necessary for end users of the DHCP service
to accommodate this change.  However, if you currently have firewall
rules which restrict DHCP traffic by the addresses of the existing
campus servers, you will need to correct them.  Network Operations and
Services recommends not filtering the source of DHCP, since campus
routers already control which hosts can provide DHCP to a subnet.  The
current DHCP servers are:

169.229.252.130
169.229.252.134

If you are unsure if you need to make any changes so that DHCP will
continue to function for your subnet(s) after October 28th, please
contact the network group.

DNS Changes:
One benefit of the new system being implemented is its flexibility and
adaptability to new requirements.  In the past, DNS changes requested
via email to [hidden email] went into production every
morning around 3:00 AM as our systems pushed updates to the campus DNS
infrastructure.

After October 28th, any changes to DNS will, by default, take effect
at the moment that we make the change in the IP Address Management
(IPAM) systems.  However, it will still be possible to request that
your changes take effect at a specific time.  If you would like your
changes to be handled this way, please be sure to let us know when
making the request.  To avoid problems, we will be checking with
requestors as well, while everyone becomes accustomed to the new
system. One clear benefit of this will be that system owners will have
broad flexibility in the scheduling of their DNS changes in the new
system.

DHCP Changes:
Today campus users use the Wired Network Device Registration tool
(https://net-sec2.berkeley.edu/cgi-bin/dhcp_registration/dhcp_mac_registration.pl)
to enable their devices to use the campus DHCP service, and thus
obtain wired network connectivity.

This tool will be replaced on October 28th with a new DHCP
registration portal within Information Security and Policy's NetReg
tool (https://netreg.berkeley.edu/).  IS&P will be providing further
information about the new portal as the change approaches.

Impacts to DNS and DHCP Services:
In order to achieve a smooth transition to the new systems, we will be
implementing the following freezes and moratoriums on changes:

* No requests for new subdomains (DNS Zones) will be processed after
close of business on Wednesday September 30th.  We do not expect this
to impact users and departments because these types of requests are
infrequent.

* After the close of business on Wednesday October 21st, no requested
changes to DNS will be processed until after cutover and testing work
is completed on Wednesday October 28th.

* No new Wired Network Device registrations will be accepted in the
old system after close of business on Wednesday October 21st, until
the new system is in place on October 28th.  Note that this means that
no new device can obtain campus DHCP IP addresses and thus wired
network connectivity during this time period.

While the changes we are making will be major, we have spent many
months planning, developing and testing the new systems which will be
put in place on October 28th.  We expect that there will be no visible
impact to campus network users as a result of these changes.  If you
have any questions or concerns, please get in touch with me, or open a
ticket via the normal paths.

Regards

iso


--
Isaac Simon Orr
Manager, Network Operations and Services
IST Telecommunications, UC Berkeley
P: +1 510 643 9837 C: +1 510 517 9408 E: [hidden email]


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

ANNOUNCEMENTS: To send announcements to the Micronet list, please use the [hidden email] list.