Migrating to a new Network
If the range of IP addresses you chose for your Managed Nebula network is no longer suitable, whether because you've outgrown it, encountered conflicts with other private IP addresses, or have some other reason, you can migrate your existing hosts to a new network. This guide will explain how to do this, while optionally maintaining connectivity and avoiding downtime.
Multiple network support
Your Managed Nebula account supports the creation of multiple networks. Hosts cannot communiate between different networks, but they can use the same roles and tags. This makes it possible to create a new network, add new hosts to it using the same configuration as your original network, and then disable the old network.
Creating a new network
To create a new network, visit Settings -> Networks in your Managed Nebula admin panel (direct link). From there, click the "Add" button in the top right of the page, choose a name, optional description, and IP address range for the new network. If you plan to create dedicated relays, you can uncheck the "Use lighthouses as relays" option—or if you'd like your lighthouses to also act as relays, leave that box checked. Save the new network when ready. Note that you will not be able to edit the IP address range once the network is created.
Moving hosts to your new network
With connectivity interruption
There are two options for migrating your hosts, lighthouses, and relays to the new network. If the Managed Nebula network is not in active use (e.g it was created for evaluation or testing), or you want existing hosts to maintain their current IP addresses, the simplest option is to perform the following steps for each machine:
- Create a new host, lighthouse, or relay to replace the existing one. You can use the same name, role, tags, etc, but choose the new network in the Network dropdown.
- Save and enroll, which will replace the Managed Nebula configuration on disk.
- Stop and restart dnclient in order to apply the new configuration.
You may want to start with your lighthouses, so that as you migrate hosts you can verify that they are connecting to each other successfully.
With zero downtime
If instead you require uninterrupted connectivity while migrating to a new network, you can run multiple instances of dnclient on each machine during the migration. This is only possible if the new network range does not overlap with the existing network's IP range. The steps are largely the same as above, but instead of enrolling and restarting dnclient, pass a -name parameter to dnclient commands (e.g. sudo ./dnclient install -name newNetwork, sudo ./dnclient start -name newNetwork, sudo ./dnclient enroll -code XXX -name newNetwork). The -name parameter must match on all commands.
Any future commands to dnclient must also include the same -name parameter.
You will also need to update any of your DNS or service discovery configs to point to the new IP addresses of the hosts. Alternatively, you can perform yet another migration to move the hosts back to their original IP addresses in yet another network with an expanded range from the first.
Cleanup
Once you have moved all of your machines to the new network and confirmed successful connectivity, delete the hosts, lighthouses, and relays in the old network. Each of the list pages can be filtered to show only a single network, making it easy to identify all of the old, inactive hosts. Once all machines in the previous network have been removed, the network itself can be deleted.
If you used the zero-downtime approach, also be sure to stop the dnclient associated with the old network on each machine and remove its associated configuration files.