Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

Azure

Reply

vNIOS Refuses to Enable MGMT on AWS

[ Edited ]
New Member
Posts: 2
4233     0

Hi There - We are really struggling to solve this problem:

 

  • 3 InfloBlox vNIOS instances in 3 AZs in AWS
    • AMI: Infoblox NIOS 8.1.2 356916 CP-V1400 BYOL (ami-8eebd998)
  • 2 ENIs (0 and 1) on each EC2 instance 
  • UDP NLB in 3 AZs Fronting 3 InfoBlox Instances
    • This adds some requirements
    • The Targets for a UDP NLB can ONLY be Instance references (not IP)
    • An Instance Target appears to only point to the 0th ENI on an EC2 Instance
    • This requires that we be able to enable DNS on the MGMT interface (which is normally supported)
  • Our user data license has: `temp_license: dns cloud enterprise vnios grid`

 

Problem:

  • We cannot enable the MGMT interface and seem to be caught in a Catch 22 regarding it
    • `set interface mgmt` gives "Cannot enable Management interface when LAN1 is configured with a dynamic address"
    • `set interface lan1` (to try to set the address for lan1) gives: "Error: The AWS IB-VNIOS appliance does not support the set network command."
    • Enabling MGMT through the vNIOS UI allows us to set and save all the parameters
    • However, even after a reboot, `show interface all` will still show that the MGMT interface has no IP and has a "Status: BROADCAST MULTICAST" (lacking status of UP)
    • `show network all` shows "Management Port enabled: true" and shows the settings that we configured

 

The Catch 22:

  • There appears to be no way to disable the DHCP Client on LAN1 and setting the LAN1 values in the UI does not appear to make the address no longer considered "dynamic"
  • We can't change the config for LAN1
  • We can't enable MGMT when LAN1 is dynamic
  • LAN1 is dynamic, and we can't seem to change that
  • STUCK

 

So, is this a limitation in vNIOS when used within AWS?  Is it not possible to actually get the MGMT interface enabled?

 

Note: We have not attached an IAM role/policy to these instances.  If vNIOS needs an IAM role to determine that LAN1 is setup correctly, let us know.

 

 

Thanks for any help!

Re: vNIOS Refuses to Enable MGMT on AWS

[ Edited ]
New Member
Posts: 2
4234     0

I have done some further testing and I have a theory that this was either a bug or a disabled / missing feature:

 

  • 8.1.2 / 8.2.1
    • Cannot enable MGMT interface no matter what I try
  • 8.2.5+ / 8.3.0 / 8.4.0
    • Can enable the MGMT (eth0) interface with no problems at all, 100% repeatable

It appears that not being able to enable the MGMT interface on AWS was indeed a bug up that was fixed sometime after 8.2.1.

 

I was not able to find any workaround (e.g. upgrading through various versions from different starting points, all the UI config tricks in the world, etc) other than upgrading to a version that allows the MGMT interface to be enabled and operational.  I used at least 8.2.5 and was able to get MGMT to work reliably everytime I wanted to enable it.

 

Thanks!

Showing results for 
Search instead for 
Did you mean: 

Recommended for You