03-27-2020 09:47 AM
Hi guys and girls. I have two shiny te-1405 boxes waiting for me in the office, while I am at home trying to plan stuff. We want to migrate from a single windows dc vm for dns/dhcp to an infoblox cluster. I will start out with 2xTE1405 in the DC, and in a few months time, I'll get another 2xTE1405 for another office.
I assume I will want to cluster the first two appliances into a single HA-entity and create a grid. Then when I get the second set, I will cluster them as well and add them to the existing grid. Correct me if my assumptions are incorrect.
I'm a bit confused as to the recommended setup in regard to interfaces and cables. I have a management vlan and a production vlan.
If I understand correctly, i put the LAN1 interfaces into the production network and the MGMT interfaces in the management network. I first configure using the production network and then configure the management interfaces. But what do I do with the HA interfaces? Do I use a cross cable? Or do I connect them to the production network? Where does the HA vip live? On the LAN1 interface or on the HA interfaces? Do I then still need the LAN1 interfaces?
Looking forward to your recommendations!
Oh, and I'm used to configuring my clients with the dns server ip's of my primary and secondary domain controller (=dns server), but I guess in the new setup I will only configure the single HA vip as the only dns server? How do you guys do this?
Solved! Go to Solution.
04-01-2020 02:20 AM
Cable the HA ports to the same switch as LAN1, do NOT use a crossover cable between appliances.
The VIP address will bind to the HA port of the active appliance.
Configure your clients to use the VIP address as their DNS server address. You should have a second HA pair if you want to provide a second DNS server address to clients.
04-01-2020 05:24 AM
Thanks for the reply Paul!
Another question: I get that I need to connect the both HA and LAN1 interfaces to the same subnet, and that the vip address lives on the HA interface (with vrrp).
But if I connect the HA interfaces, why would I still need the LAN1 interfaces? Seems like a waste of cables and ip's?
04-01-2020 07:01 AM
That's just the way they designed it I'm afraid, I think some traffic still goes over LAN1 even with HA configured.
My main gripe with all this is that you can do NIC bonding with LAN1 & LAN2 to different switches, but you can't do that with the HA port, which is where the VIP lives. I would have thought in a HA scenario it'll be more important to make the HA ports resilient, but you can't.
I did write a post about this somewhere where it was discussed by a few people, I'll see if I can find it.
04-01-2020 07:05 AM