Support Central: KB #4469: How to Configure DDI HA Pair
We've seen a number of calls recently regarding configuring DDI HA pair. Let us know what questions you may have and we'll look into the "vault" and publish answers to your questions.
How to configure Infoblox DDI (Secure DNS, DHCP, and IPAM) High Availability(HA) Pairs.
Infoblox Grid with HA
NIOS 6.x and NIOS 7.x
Step 1: Planning for your DDI HA Pair
- You will need 5 IP addresses, to configure your HA pair
- All 5 IP addresses must be in the 'same' subnet
- Node 1 will be considered the 'active' node
- Node 2 will be considered the 'passive' node
VIP: Once the HA pair is active, use this IP to manage both devices
Node 1 HA: Source IP for the VIP and the VRRP advertisements
Node 2 HA: Listens for VRRP advertisements
Node 1: LAN 1: SSH management of Node 1(also used to listen for VRRP advertisements from the HA port)
Node 2: LAN 1: Source IP for SSL VPN to the VIP of the 'active' node (also receives bloxSYNC from the VIP)
Step 2: Select HA
- Grid > Grid Manager > Member and select Member > Edit Grid Member Properties > Network > Basic
- Select High Availability Pair
- Provide a VRID (Virtual Router ID) for the HA pair (this number must be between 1 and 255)
Reminder: DDI HA pair utilizes VRRP for the peering relationship
Step 3: Ports and IP Addresses
- By default, the LAN1 address of the 'active' node will become the VIP
- This is not required and is configurable, however in an existing deployment, the reason the node 1: LAN1 IP is moved to the VIP is to accommodate instances where the customer's end host population is pointing to a specific IP address for functions such as DHCP.
Node 1 HA
Node 2 HA
Node 1: LAN 1
NOTE: As mentioned above, by default, the LAN1 address of the active node will become the VIP. It is necessary to select a new address for the Node 1: 1 LAN 1 port.
Node 2: LAN 1
Assuming you already have Node 2 up and running, with an IP, enter that data here.
IMPORTANT: Remember all IPs must be in the same subnet
Port Settings: From the drop-down list, choose the speed and duplex settings. Select automatic to instruct the NIOS appliance to negotiate the optimum speed and duplex with the connecting switch. Automatic is the default setting.
NOTE: You cannot configure port settings for vNIOS appliances.
Save and Close your Grid Member Property Editor
NOTE: If you encounter a Duplicate IP error message, be sure that your NODE 2 device is NOT already joined to the GRID where it is to become an HA member
Step 4: Join Passive Node 2 to the Grid
From the CLI of Node 2:
From the UI of Node 2
Grid > Grid Manager > Select your member > Toolbar > Join Grid
From the Join Grid menu enter:
- VIP of the Grid Master
- Grid Name: Infoblox
- Grid Shared Secret: test
NICE TO KNOW:
- The key exchange is done over port 2114 and that is NOT configurable
- The VPN tunnel uses a default port of 1194 and IS configurable
- For information about VRRP, refer to RFC3768, Virtual Router Redundancy Protocol (VRRP) and VRRP Advertisements in the NIOS Admin Guide.