during the past 30 days we moved all the Hardware to a different data center (and provider). We tried to make the migration as seamless as possible but at some point everyone got hurt in the process.
Regarding IP ranges
Our new IP ranges are as follows:
IPv4: 220.127.116.11/27 IPv6: 2a01:1f8:2000::/48
Wait, IPv6? That’s right: We moved all servers to use IPv6 as primary address, with a fallback to IPv4 if needed. We also have some (minor) Servers running IPv6 only; but fear not, no production servers. You do not need to change anything on your end.
While on the matter of re-doing the entire thing I bought a new firewall, a WatchGuard XTM5 (http://www.guardsite.com/XTM-5-Series.asp). I upgraded the rather weak Celeron CPU to a Intel Core2Duo E5700 and increased the memory to 4gb. This is, for a firewall, beyond anything you can imagine. Its’ also fancy red, looking awfully sexy for a firewall (in my techie-opinion):
The firewall is running pfsense now, running (among other things) GeoIP-Block (No more Nigerian Spam), Snort (with subscription) and several other things. Even at full usage of the Up-link port the CPU of the firewall does not exceed 70%– and no packets dropped.
Beware the Dog! If your computer is doing an aggressive port scan or other nasty thing you will get blocked off the network for 1 hour. If you get bitten by accident, please contact me above (after the block is lifted) giving me your IP. I will look up the logs and adjust the firewall accordingly.
I also picked up another Server, a used SuperMicro with 16 cpus and 24gb of ram. Not much, but the 4x4tb hard disks make a great Server to use for backups. For the most part it is identical with the main server: two power supplied, hardware raid doing RAID10, IPMI et all. In a worst case scenario this Server can run most of the important Servers as the main server does.
All your files, emails and whatnot hosted on this network are secured by hourly backups with Bareos, which data is stored on the other hardware. Daily Backups done and moved off-site and weekly dumps off all hardware to an encrypted hardware disk This means that if there is a catastrophic hardware failure the other server can (for the most part) pick up the load. If a plane crashes into the data center, the off-site data will still be available. If some freak software bug arises that wipes all the XenServers clean we have local attached backups and can get back online within a jiffy.
Bottom line: Your data is pretty much safe.
Sorry about the downtimes in the past 30 days. I hope your endurance paid off!