Infoblox’s global team of threat hunters uncovers a DNS operation with the ability to bypass traditional security measures and control the Great Firewall of China. Read about “Muddling Meerkat” and the many other threat actors discovered by Infoblox Threat Intel here.

NIOS DNS DHCP IPAM

Reply

Issues with creating a grid

New Member
Posts: 3
1207     0

I'm new to IB and have been working through a POC as my company is evaluating DDI. I've had success with trialing some core features of IB DDI using a single node, but I'm running into multiple issues with building out the platform of the solution - i.e., HA and grid deployment. I'm a veteran IT professional so I'm a bit puzzled as to why I'm having so many issues. Am I missing something completely obvious, is the environment I'm building this in inherently wrong, or is this a common thing IB users deal with?

 

Anyways, I'll start with the grid setup... Below is the basic network topology and shows were these nodes are connected. This is all internal and there are no FWs filtering traffic between the nodes

 

General setup

  • These are all newly deployed servers running 8.6.2.
  • Post deployment I logged into each server and ran 'set network' and configured an IP address for LAN1. The AWS instance is slightly different because it required two NICS - LAN1 and MGMT0
  • On each node's CLI I ran 'set temp_license' and selected option #2 (DNS, DHCP, GRID)
  • I have full network connectivity between each node (they can all ping each other).
  • The Vmware distributed portgroup's security settings (promiscuous mode, mac address changes, and forges transmits) and all set to accept.

 

Grid master setup

  • I logged into the node I want to be a master and followed the wizard to setup the grid. This is a standalone non-HA member.
  • Changed the grid name from infoblox to infobloxlocal
  • Added the secret key for the grid
  • I added two members to the grid (I made sure they were added as Virtual NIOS nodes)

 

Grid member setup

  • I changed the "Host Name" under the "Grid member properties" to match what the grid master has them enter as. So on the grid master I added a member for infoblox2.local and infoblox3.local. On each of those members I changed their names to infoblox2.local and infoblox3.local. I don't know if this is required or not, I suspect it's not.
  • On the toolbar on the right I selected 'join grid' and entered the required information.

 

Once I tell the member to join the grid it will reboot and then try to contact the grid master. From this point it will take some time but it eventually fails. Interestingly, from the member nodes I can see them generate traffic to the grid master on UDP port 2114, which accordingly to the documentation (yes I read the documentation) is used for the member key exchange. The odd thing is the traffic is unidirectional - the member gets no response from the master. I've already established I have bidirectional network connectivity so this tells me a service on the grid master isn't running, or something…

 

Sorry for the long post, and hopefully this is appropriate for this forum.

Network topology
Infoblox topology.jpeg
Grid master members configuration
gird-master.jpg
Grid member to master successful ping
member-to-master-communication-ping.jpg
Grid member to master flow

member-to-master-communication.jpg


Grid member failed to join

failed-member.jpg

 

 

 

 

 

Re: Issues with creating a grid

Superuser
Posts: 45
1207     0
Hello Chester,

Thank you for your inquiry. We are excited that you are evaluating NIOS DDI as a POC. Your questions on this issue are best answered through conversations with your Solution Architect or by submitting a support ticket where our staff can provide direct assistance. Please follow-up with them and let us know if we can be of further assistance. Thank you.

Best regards,

Bob Rose
Principal Product Marketing Manager
Infoblox NIOS DDI Product & Strategy
M: +1 360.584.8360 | My I.D.TM is 7553<>
[signature_1684467986]<>
PTO ALERT: 6/22-7/5/23

Re: Issues with creating a grid

New Member
Posts: 3
1207     0

Hi Bob,

 

Thanks for the response. Do I have access to support during evaluation?

Re: Issues with creating a grid

New Member
Posts: 3
1207     0

The resolution was setting the hardware type which is required for non-physical appliances.

 

Enter 'set temp-license'. Choose #4, then choose the hardware type
Showing results for 
Search instead for 
Did you mean: 

Recommended for You