07-09-2018 04:25 AM
Good day to you.
I want to discuss about how Infoblox routing really works.
As all we know that Infoblox appliance has LAN1 and LAN2 interface. let's say we configured both interfaces with respective default gateway that means two default routes in one appliance. In TCP/IP architecture, there cannot be 2 default routes without special option that means one default route must have higher priority than other in order to choose from which route, packets should be forwarded. In our scenario, LAN1 has public IP that can query to root server and LAN2 has private IP that can only be reachable by clients. Let's say if client send recursive query to LAN2, infoblox check this query is in cache or not. if cached, reply back to client and if not cached, infoblox send iterative query to root server via LAN1 and reply back to client via LAN2. In this case, how infoblox know between two default gateways( default routes) to query via LAN1 and then reply back to clients via LAN2.
I don't understand this routing architecture at all.
Feel free to discuss in here and I would be very thanks to your discussion.
Solved! Go to Solution.
07-09-2018 03:04 PM
This can be a bit confusing because Infoblox appliances do provide a bit of routing capability because of the multiple network interfaces available but it's important to keep in mind that they are not routers and are not intended to serve that purpose.
To best see how your appliance will route general traffic, you would want to connect to it via SSH and run the command "show routes". This will allow you to analyze the exact routing table that the appliance will use for network traffic.
Further muddying these waters is that some types of traffic can be configured to go out using a specific interface. For example, navigate to Data Management -> DNS -> Members/Servers and edit the properties for your Infoblox appliance. Click on the "Toggle Advanced Mode" link if not already enabled and you will see different menu options that you can use to control which interface will be used for different types of DNS traffic.
Lastly, it does not matter what interface a packet is received on. The appliance will follow its routing table and configuration when sending its response, a path that might be different from how the packet was received.
07-10-2018 12:24 AM
Thanks for your kindly answer.
One thing I understood is even tho we configured multiple default gateway in each LANs, infoblox takes as default routes from LAN1 default gateway. We can check by running in cli "show default_route".
Another thing I confuse is even our default route is via LAN1, then how infoblox can send back to client via LAN2. Requesting query to DNS root server via LAN1 is understandable because it's default route. Infoblox can go anywhere whatever it want via default route. But if Infoblox have to send query back to clients, refer to my scenario: clients are connected via LAN2, it must have routes that can reach to client right? So, if Infoblox don't have any specific static routes to these clients, is there any other miracle way to send back query to clients via LAN2?
07-10-2018 09:08 AM
For any specific use cases where the default routes do not work as required, you would want to configure static routes and these can be configured in the network settings for each appliance (under the Advanced tab).
02-07-2019 05:41 AM
It is also worth mentioning that it is possible to select whether you want the default router for LAN1 or LAN2 to be the default route for the device as a whole. This is done via the CLI command "set default_route LAN1" or "set default_route LAN2".
For any more specific routing, you would use static routes as Tony said. For example, if you had LAN1 facing the Internet and LAN2 was facing internally, you could set static routes for all RFC-1918 IP space (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16) to point to the gateway of LAN2.
The inverse could also be true if, for example, you wanted the LAN1 side facing internally so you could take advantage of something like HA for your internal clients. In that scenario, you would set the static routes for RFC-1918 to the gateway of LAN1, and then change the default route setting to LAN2, as shown above.
What Infoblox need is Mac Based Forwarding. Like Netscalers for example. Incomming traffic (traffic initiated by client to Infoblox) leaves (without routing) the interface it arrived at. Outgoing traffic (traffic initiated by the Infoblox) follows the routing table.