Jump to content

Change only Subnet Mask on SNIP

Sukhwant Singh1709160818
 Share

Recommended Posts

Sukhwant Singh1709160818 Enthusiast

Sukhwant Singh1709160818

Posted
  • Author
Posted
1 hour ago, Daniel Weppeler1709159306 said:

Hey,

 

Did you try this cli command?

 

set ns ip [SNIP] -netmask [MASK]

 

Cheers,

Daniel
 

Thanks  Dan for the reply. I did not try this command as wasnt sure of the exact command to use. I will try this. 

One other question I do have is, do we have to break our HA pair and do this on each node? Or can we simply leave everything as is and just do this command on primary node and let it sync down to secondary?

Link to comment
Share on other sites
CarlStalhood Grand Master

CarlStalhood

Posted
Posted

Primary node only.

 

If you have to delete the SNIP, then I usually prepare all command lines and run them at the same time. First the "rm" command. Then the "add" command. Outage will be minimal. You might have additional commands that reference the NSIP (e.g. ADNS service) so you'd have to "rm" each of those commands, then "add" the SNIP with the correct subnet mask, and then re-run the other "add" commands that reference the SNIP.

  • Like 1
Link to comment
Share on other sites
Rhonda Rowland1709152125 Mentor

Rhonda Rowland1709152125

Posted
Posted

Changing a SNIP does not break the HA pair as the ADC's communicate NSIP to NSIP.

SNIP (subnet IPs) are a shared configuration and can be changed by changing value on primary and it will propagate to secondary.

 

However, you may not be able to change the netmask on an existing SNIP without deleting and creating a new one.

In that case, you may have to go through extra steps to avoid issues (routes and last remaining snip etc)  But it is still a shared IP and can be adjusted from the primary only.

If you can clarify your scenario then we can adjust the steps.

Also: do the following to see if you other dependencies on this snip before changing and backup your config first before attempting changes.

show ns runningconfig | grep <snip>  

 

 

Now, if you actually meant changing the NSIP's subnet mask...then that is a different conversation.

 

  • Like 1
Link to comment
Share on other sites
Sukhwant Singh1709160818 Enthusiast

Sukhwant Singh1709160818

Posted
  • Author
Posted
27 minutes ago, Rhonda Rowland1709152125 said:

Changing a SNIP does not break the HA pair as the ADC's communicate NSIP to NSIP.

SNIP (subnet IPs) are a shared configuration and can be changed by changing value on primary and it will propagate to secondary.

 

However, you may not be able to change the netmask on an existing SNIP without deleting and creating a new one.

In that case, you may have to go through extra steps to avoid issues (routes and last remaining snip etc)  But it is still a shared IP and can be adjusted from the primary only.

If you can clarify your scenario then we can adjust the steps.

Also: do the following to see if you other dependencies on this snip before changing and backup your config first before attempting changes.

show ns runningconfig | grep <snip>  

 

 

Now, if you actually meant changing the NSIP's subnet mask...then that is a different conversation.

 

Thanks for the reply and suggestions! See below:

We have 8200 MPX appliances in HA mode. We are looking to shrink our IP scheme from a /16 to /22. 

The SNIP mask is currently set to 255.255.0.0. We are looking to make this 255.255.252.0 mask.

No changes to NSIP.

That is all we are looking to do in this exercise. If you can provide some steps on the right way to go about this, that will be extremely helpful.

Link to comment
Share on other sites
Rhonda Rowland1709152125 Mentor

Rhonda Rowland1709152125

Posted
Posted

Yes:

add ns ip <IP> <mask> -type snip

 

If this is the only SNIP in your subnet, before removing and creating a new one, you may want to search the config for any routes/vlans that will be impacted.

show ns runningconfig | grep <snip> -i

Should show any dependencies referencing this.

 

Typically, you can't remove the last remaining SNIP from a system, but you also don't remove a SNIP that is the only SNIP a route or vlan depends on.

So like Carl said, under stand all the dependencies and the replacement commands you need (and backup config first for easy restoration).  Or try to a new snip in the network, and then swap dependencies to new one before removing old...

 

You can use a test vpx to try out the commands before you impact a production system.

 

 

 

  • Like 1
Link to comment
Share on other sites
Sukhwant Singh1709160818 Enthusiast

Sukhwant Singh1709160818

Posted
  • Author
Posted
1 hour ago, Rhonda Rowland1709152125 said:

Yes:

add ns ip <IP> <mask> -type snip

 

If this is the only SNIP in your subnet, before removing and creating a new one, you may want to search the config for any routes/vlans that will be impacted.

show ns runningconfig | grep <snip> -i

Should show any dependencies referencing this.

 

Typically, you can't remove the last remaining SNIP from a system, but you also don't remove a SNIP that is the only SNIP a route or vlan depends on.

So like Carl said, under stand all the dependencies and the replacement commands you need (and backup config first for easy restoration).  Or try to a new snip in the network, and then swap dependencies to new one before removing old...

 

You can use a test vpx to try out the commands before you impact a production system.

 

 

 

We have a total of 3 SNIPs but the one we are changing the netmask on is the one that communicates on the backend to our server vlan.

The goal is here to not remove the current SNIP but just change the netmask on it.

Now if I get a gist of what you are saying, it seems as if I will need to remove this SNIP and then add it back.

I guess my question does the changing of the netmask on the SNIP require me to remove it first. Both you and Carl have mentioned so I'm just trying to clarify so I know what to plan for.

If removing/deleting SNIP following above steps as you and Carl have highlighted.

If just changing netmask on SNIP then "add ns ip <IP> <mask> -type snip" on Primary node would work just fine, correct?

Thanks for all your help! :) 

Link to comment
Share on other sites
Rhonda Rowland1709152125 Mentor

Rhonda Rowland1709152125

Posted
Posted

I believe you have to remove to change it as I can't get it to run a change netmask only on my system BUT in my case the netmask I'm trying to change isn't valid...so its hard to verify for sure.

 

If you have any dependencies on this ONE Snip (routes/vlans) prior to removal you could lose those dependent settings.

So, adding the new snip first with the new netmask may allow you to change routes or vlan/ip netmaks bindings to new entity before removing old.

If you can't add due to a conflict you would want to prep all the commands like carl says so that you can remove and re-add new settings in one simple copy/paste to minimize outage/impacts.

 

 

  • Like 1
Link to comment
Share on other sites
Sukhwant Singh1709160818 Enthusiast

Sukhwant Singh1709160818

Posted
  • Author
Posted
35 minutes ago, Rhonda Rowland1709152125 said:

I believe you have to remove to change it as I can't get it to run a change netmask only on my system BUT in my case the netmask I'm trying to change isn't valid...so its hard to verify for sure.

 

If you have any dependencies on this ONE Snip (routes/vlans) prior to removal you could lose those dependent settings.

So, adding the new snip first with the new netmask may allow you to change routes or vlan/ip netmaks bindings to new entity before removing old.

If you can't add due to a conflict you would want to prep all the commands like carl says so that you can remove and re-add new settings in one simple copy/paste to minimize outage/impacts.

 

 

Got it makes sense now! Thanks for your suggestions! Really appreciate it. 

I'll follow what you and Carl have mentioned. I'll provide an update as to what we do to complete this just so everyone knows for future use. 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

© Cloud Software Group, Inc. All rights reserved.

×
×
  • Create New...