BlueCat: Transition Guide


LSU University Network and Infrastructure department is transitioning to a new IP Address Management solution.  What follows is the transition plan and recommendations to ensure there are little to no interruptions in service.

Transition Timeline

The planned deployment to the new BlueCat IP Address system is:

  1. Training classes are being scheduled for February 2nd, February 9th, February 15th, and February 23rd.
  2. The IPControl name and address reservation system will be offline (again) the week of February 20th – 24th to re-import data from the legacy IP address systems into the BlueCat IP Address system.
  3. On Sunday, February 26th at 8am, UNI staff will be on campus to cut over to the new BlueCat IP Address systems.  This date has been changed from Saturday, February 25th due to conflicts in the LSU and LSU Online academic calendar.  By making the cut over on Sunday, DNS systems outside of UNI's control will have the necessary time to refresh changes to LSU’s DNS records.  Please remember that changes to DNS records do not propagate throughout the world immediately, but require all caches to expire and refresh after the Time To Live (TTL). 
  4. After the cutover to the new DNS system, all devices previously registered via NetReg will need to be registered by the responsible user in the BlueCat Device Registration Portal (DRP).

Planning and Preparation for the Transition

On January 6th and 9th, UNI staff moved the Start of Authority for the lsu.edu zone from the existing DNS environment to the BlueCat system.  In both instances, issues were discovered with services utilized by the entire LSU system, so the changes were rolled back.  The core issues had to do with networked servers and applications many of which are statically rather than dynamically configured. We need your assistance in fixing these underlying issues before we cutover to BlueCat on Sunday, February 26.  

UNI recommends that all server, service, device, and application administrators perform the following tasks before Sunday, February 26th:

  1. Attend one of the training sessions for the new BlueCat IP Address system.
  2. Review the DNS configuration of any system (server, service, or application) that is critical, ensuring that
    1. If your system is on-campus, verify that it utilizes 130.39.254.33 as its DNS server (the DNS server address provided via DHCP).
    2. If your system is off-campus:
      1. Attempt a connection to 130.39.254.33 via a VPN connection.  If your off-campus provider does not update their DNS records in a timely manner, you can utilize a VPN connection to connect directly to the LSU DNS servers.
      2. You should notify your system (server, service, or application) provider that the Start of Authority for the lsu.edu zone is changing on February 26th, 2017.  Your provider may need to refresh their DNS servers’ cache of the LSU records before your system can resolve on-campus systems.
  3. Review system (server, service, or application) firewall configurations to ensure that they do not reference NetReg user devices by IP Address.
  4. Verify that the host name configured on NetReg user devices (LSU owned desktops, laptops, and media devices where the end user is the responsible party) matches the host name currently configured for that device's DNS address.
  5. Communicate to your users that they will need to register their NetReg user devices (desktop, laptops, and media devices) in the new Device Registration Portal after Sunday, February 26th.  You can provide them with a copy of BlueCat Device Registration Portal: Register Your Computer Grok Article.

The Cutover

On Sunday, February 26th, UNI staff will move the Start of Authority for lsu.edu and the Anycast Address (130.39.254.33) from the legacy IP Address system to the new BlueCat IP Address system. The DHCP options on switches across campus will be configured to point DHCP requests to the new BlueCat IP Address system.  The legacy recursive DNS servers will be configured to send requests to the BlueCat DNS systems.  UNI recommends that all server, service, and application administrators perform the following tasks after 12pm CST on Saturday, February 26th

  1. Verify that all critical servers, services, or applications are working properly
    1. All on-campus resources should continue to utilize 130.39.254.33 for domain name resolution.  If there are issues resolving the DNS name of an on-campus resource from a device on-campus, please open an incident with the NOC to review your record.
    2. Systems that are off-campus and utilize third party DNS systems may take several hours to reflect the changes to LSU’s DNS systems.  If an off-campus system is experiencing issues resolving names to on-campus resources, you can perform the following tasks:
      1. Clear the DNS cache on the off-campus system (web browser and operating system).
      2. Make changes to the off-campus system(s) host file.
      3. Establish a VPN connection to the LSU campus on the off-campus system(s).
      4. Open an incident with your off-campus service provider asking them to update their DNS records
      5. Wait for your off-campus service provider to update their DNS records.
  2. NetReg user devices (desktop, laptops, and media devices) can be registered in the BlueCat IP Address system’s Device Registration Portal.  See Grok Article 18751 for more information.  Because the entire DHCP system is changing, NetReg user devices will receive a new IP address. 
  3. Flush cached DNS information from applications or operating systems.

Post Cutover

Starting Monday, February 27th 2017, users on campus will

  1. Register new and existing Ethernet (wired) user devices (LSU owned desktops, laptops, and media devices where the end user is the responsible party) via the Device Registration Portal (DRP) in BlueCat. 
  2. Register new DHCP reservations and static assignments in the BlueCat Address Manager (BAM).  This includes:
    1. Servers
    2. Printers
    3. Lab Computers
    4. Kiosk Computers
    5. Computers attached to Instrumentation
    6. Public use computers
  3. Need to flush their application (web browser) cache or operating system cache if they are still experiencing issues resolving DNS names.

Reporting an Issue

Should you need to submit a Footprints ticket during the cutover for a break/fix, it is CRUCIAL that you provide as much information as possible.

  1. If you are experiencing issues registering a device into the BlueCat IP Address system, you MUST provide
    1. The Hardware (MAC) address
    2. The Host Name
    3. The IP Address
    4. The results from an “ipconfig /all” in Windows or an “ifconfig” in Linux from the machine attempting to register.
  2. If you are experiencing issues resolving a name, you MUST provide
    1. The DNS name that is not resolving
    2. The results from an “ipconfig /all” in Windows or an “ifconfig” in Linux from the client machine.
    3. The results from a “dig” or “nslookup” from the client machine for the DNS name that will not resolve.

Frequently Asked Questions

Will I need to re-address?

Devices that are registered through the Device Registration Portal (previously NetReg) will pull a new DHCP address.  Reservations made in IPControl will be migrated into the BlueCat Address Manager and remain the same.

What do users need to do after the afternoon of February 26th?

Register their personal, wired devices via the BlueCat Device Registration Portal.  If users are experiencing issues resolving names, they will need to clear the DNS cache from their operating systems and/or web browsers.  If users are still experiencing issues, they should open an incident with the ITS Help Desk.

Why can’t my computer/gaming device connect to the Internet via its Ethernet port?

Using your MyLSU ID, log into the BlueCat Device Registration Portal at http://drp.lsu.edu and verify the MAC Address of your computer or gaming device.  If you are still experiencing an issue, please open an incident with the ITS Help Desk.

Will I need to re-register all my lab machines?

All the registrations that were in NetReg and tied to a lab account are being imported into the BlueCat Address Manager (BAM).  The data is being reviewed to insure it imports properly into BAM.  All lab computers are going to become DHCP reservations via BAM; lab machines will no longer be registered by a single account in the Device Registration Portal.  You can find a list of lab accounts at the GROK Article NetReg: NetReg Lab Accounts.

Are entries in IPControl not being migrated into BlueCat?

The data in IPControl is being copied over to the BlueCat Address Manager application.  Everything that was in IPControl will be migrated.  Registrations associated with Lab IDs in NetReg will also be migrated to the BlueCat Address Manager.  All other registrations in NetReg will have to be registered via the BlueCat Device Registration Portal.

What types of systems are likely to experience issues during the cutover to BlueCat?

We’re recommending that all service owners verify their service’s configurations and understand how their services utilize DNS and DHCP.   The biggest issues will arise around those services where the service owner has not updated or repaired their configurations.

As an example, think of a print server presenting multiple network attached printers. If the printers are configured in IPControl, where the addresses and names are reserved, and the print server is connecting to the printers via DNS name or static IP address, then there should not be any problem. If the printers are configured in NetReg, where the printer’s DNS name and IP Address will change during the migration, then the print server will experience issues connecting to the printers (this is also the reason that we’re requiring all printers to be input to BlueCat Address Manager).

What type of issues are we likely to encounter during the cutover to BlueCat?

There’s three things that could go wrong:

  1. Your users don’t register their machine, so they cannot pull a proper IP address and access resources on the network.  The solution here is to have the users register their machines.
  2. A client or server component caches an old, incorrect DNS record.  The solution here is to flush the DNS cache in the application and operating system.
  3. A DNS record is corrupted/lost in copying data to the new system.  The solution here is to recreate the DNS record.
Can I check my records before the cutover to BlueCat?

Yes!  On Thursday, February 23rd, you can log on to the BlueCat Address Manager to verify your records.  If your records from IP Control have not copied over by the 23rd, please open an incident with the ITS Help Desk and include the DNS name, IP Address, and MAC Address that is missing from the BlueCat Address Manager.

Additional References:


19607
1/30/2019 5:02:36 PM