- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Getting started with new HA setup
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-27-2020 09:47 AM
Hi guys and girls. I have two shiny te-1405 boxes waiting for me in the office, while I am at home trying to plan stuff. We want to migrate from a single windows dc vm for dns/dhcp to an infoblox cluster. I will start out with 2xTE1405 in the DC, and in a few months time, I'll get another 2xTE1405 for another office.
I assume I will want to cluster the first two appliances into a single HA-entity and create a grid. Then when I get the second set, I will cluster them as well and add them to the existing grid. Correct me if my assumptions are incorrect.
I'm a bit confused as to the recommended setup in regard to interfaces and cables. I have a management vlan and a production vlan.
If I understand correctly, i put the LAN1 interfaces into the production network and the MGMT interfaces in the management network. I first configure using the production network and then configure the management interfaces. But what do I do with the HA interfaces? Do I use a cross cable? Or do I connect them to the production network? Where does the HA vip live? On the LAN1 interface or on the HA interfaces? Do I then still need the LAN1 interfaces?
Looking forward to your recommendations!
Oh, and I'm used to configuring my clients with the dns server ip's of my primary and secondary domain controller (=dns server), but I guess in the new setup I will only configure the single HA vip as the only dns server? How do you guys do this?
AxisNL.
Solved! Go to Solution.
Re: Getting started with new HA setup
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-01-2020 02:20 AM
Cable the HA ports to the same switch as LAN1, do NOT use a crossover cable between appliances.
The VIP address will bind to the HA port of the active appliance.
Configure your clients to use the VIP address as their DNS server address. You should have a second HA pair if you want to provide a second DNS server address to clients.
PCN (UK) Ltd
All opinions expressed are my own and not representative of PCN Inc./PCN (UK) Ltd. E&OE
Re: Getting started with new HA setup
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-01-2020 05:24 AM
Thanks for the reply Paul!
Another question: I get that I need to connect the both HA and LAN1 interfaces to the same subnet, and that the vip address lives on the HA interface (with vrrp).
But if I connect the HA interfaces, why would I still need the LAN1 interfaces? Seems like a waste of cables and ip's?
Re: Getting started with new HA setup
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-01-2020 07:01 AM
That's just the way they designed it I'm afraid, I think some traffic still goes over LAN1 even with HA configured.
My main gripe with all this is that you can do NIC bonding with LAN1 & LAN2 to different switches, but you can't do that with the HA port, which is where the VIP lives. I would have thought in a HA scenario it'll be more important to make the HA ports resilient, but you can't.
I did write a post about this somewhere where it was discussed by a few people, I'll see if I can find it.
PCN (UK) Ltd
All opinions expressed are my own and not representative of PCN Inc./PCN (UK) Ltd. E&OE
Re: Getting started with new HA setup
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-01-2020 07:05 AM
Yer 'tis:
https://community.infoblox.com/t5/DNS-DHCP-IPAM/Lack-of-port-redundancy-for-the-HA-VIP/m-p/14543
PCN (UK) Ltd
All opinions expressed are my own and not representative of PCN Inc./PCN (UK) Ltd. E&OE
Re: Getting started with new HA setup
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-04-2020 08:14 AM
Thanks PaulR, I think I came to the same conclusions as you did. It's not logical, but we have to deal with it