Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

NIOS DNS DHCP IPAM

Reply

Getting started with new HA setup

New Member
Posts: 3
6665     0

Hi guys and girls. I have two shiny te-1405 boxes waiting for me in the office, while I am at home trying to plan stuff. We want to migrate from a single windows dc vm for dns/dhcp to an infoblox cluster. I will start out with 2xTE1405 in the DC, and in a few months time, I'll get another 2xTE1405 for another office.

 

I assume I will want to cluster the first two appliances into a single HA-entity and create a grid. Then when I get the second set, I will cluster them as well and add them to the existing grid. Correct me if my assumptions are incorrect.

 

I'm a bit confused as to the recommended setup in regard to interfaces and cables. I have a management vlan and a production vlan.

 

If I understand correctly, i put the LAN1 interfaces into the production network and the MGMT interfaces in the management network. I first configure using the production network and then configure the management interfaces. But what do I do with the HA interfaces? Do I use a cross cable? Or do I connect them to the production network? Where does the HA vip live? On the LAN1 interface or on the HA interfaces? Do I then still need the LAN1 interfaces?

 

Looking forward to your recommendations!

 

Oh, and I'm used to configuring my clients with the dns server ip's of my primary and secondary domain controller (=dns server), but I guess in the new setup I will only configure the single HA vip as the only dns server? How do you guys do this?

 

AxisNL.

 

Re: Getting started with new HA setup

Expert
Posts: 185
6666     0

Cable the HA ports to the same switch as LAN1, do NOT use a crossover cable between appliances.

 

The VIP address will bind to the HA port of the active appliance.

 

Configure your clients to use the VIP address as their DNS server address. You should have a second HA pair if you want to provide a second DNS server address to clients.

Paul Roberts
PCN (UK) Ltd

All opinions expressed are my own and not representative of PCN Inc./PCN (UK) Ltd. E&OE

Re: Getting started with new HA setup

New Member
Posts: 3
6666     0

Thanks for the reply Paul!

 

Another question: I get that I need to connect the both HA and LAN1 interfaces to the same subnet, and that the vip address lives on the HA interface (with vrrp). 

 

But if I connect the HA interfaces, why would I still need the LAN1 interfaces? Seems like a waste of cables and ip's?

Re: Getting started with new HA setup

Expert
Posts: 185
6666     0

That's just the way they designed it I'm afraid, I think some traffic still goes over LAN1 even with HA configured.

 

My main gripe with all this is that you can do NIC bonding with LAN1 & LAN2 to different switches, but you can't do that with the HA port, which is where the VIP lives. I would have thought in a HA scenario it'll be more important to make the HA ports resilient, but you can't.

 

I did write a post about this somewhere where it was discussed by a few people, I'll see if I can find it.

Paul Roberts
PCN (UK) Ltd

All opinions expressed are my own and not representative of PCN Inc./PCN (UK) Ltd. E&OE

Re: Getting started with new HA setup

Expert
Posts: 185
6666     0

Yer 'tis:

 

https://community.infoblox.com/t5/DNS-DHCP-IPAM/Lack-of-port-redundancy-for-the-HA-VIP/m-p/14543

 

Paul Roberts
PCN (UK) Ltd

All opinions expressed are my own and not representative of PCN Inc./PCN (UK) Ltd. E&OE

Re: Getting started with new HA setup

New Member
Posts: 3
6666     0

Thanks PaulR, I think I came to the same conclusions as you did. It's not logical, but we have to deal with it Smiley Wink

Showing results for 
Search instead for 
Did you mean: 

Recommended for You

This widget could not be displayed.

Demo: Infoblox IPAM plug-in integration with OpenStack Newton

" class="expert-of-month-image"/>