Versions Compared

Version Old Version 20 New Version 21
Changes made by

Sri Raghu

Sri Raghu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Before starting work on building an IPsec VPN tunnel between your on-prem firewall/router and the Infoblox’s NIOS-XaaS, you will need to setup some pre-requisites in the Infoblox Portal. 

...

NIOS-XaaS does not currently support dynamic routing. You will need to configure a static route(s) on your firewall/router to direct traffic destined for the NIOS-XaaS service IP through the VPN tunnel(s). If a DNS query is sent to the cloud via one tunnel, the response will routed back down that same tunnel (same for DHCP traffic). The service IP is pingable which can be used for route monitoring by your firewall/router. You can also configure ECMP for the Service IP Route.

 Routes Routes should also be created for the primary neighbor IP and secondary neighbor IP address. The primary neighbor IP address can only be accessed through the primary VPN tunnel. The secondary neighbor IP address can only be accessed through the secondary VPN tunnel. For this reason, route monitoring and ECMP should not be used for the routes for primary and secondary neighbor IP addresses.

...

The following tunnel service statuses are reported:

  • Not Ready (status color ORANGE ): Indicates that the service is in the process of being provisioned at the Infoblox POP (service location). This is a one-time state; it will not revert back to this state once it changes.

  • Ready (status color ORANGE): Indicates the backend for the tunnel(s) is provisioned, but the link is not physically connected at the customer site. This is a one-time state; it will not revert to this state once it changes. 

  • Connected (status color GREEN): All tunnels are active and operational on both ends: both the Infoblox PoP and the customer site (router). 

  • Not Connected (status color RED): Indicates that all tunnels are down.

  • Degraded (status color ORANGE): Indicates that there are multiple tunnels to one Availability Zone and one or more (not all) of the tunnels go down, or if any existing tunnel fails, it results in a degraded state. Degradation is based on tunnel metrics such as latency and packet loss.

...