You can configure two appliances as an HA (high availability) pair to provide hardware redundancy for core network services and Infoblox Advanced DNS Protection. For more information, see About Infoblox Advanced DNS Protection.
...
| Note |
|---|
Note
|
In HA, each each node must configure two addresses: the VRRP public address on the LAN1 interface and the VRRP HA address on the HA interface. An HA pair consists of a set of five IP addresses, all of which must belong to the same subnet. Each device in an HA pair joins the multicast address on both the HA and public interfaces.
...
| Note |
|---|
NoteAn HA member connecting to the GRID Grid Master over the Management management port should have the LAN1 or HA ports connected to different physical switches to make sure the VRRP packets are exchanged correctly between the active and passive nodes. If the LAN1 or HA ports are connected to the same physical switch, you must configure the LAN1/LAN2 bonding to exchange the VRRP packets between the active and passive nodes. |
...
Check whether the NIOS licenses that you subscribed to support both physical and virtual appliances.
Ensure that the same licenses are installed on both the physical appliance and the virtual appliance.
You cannot have tagged and untagged interfaces on the same subnet on VMware ESXi hypervisors.
Virtual appliances do not support tagging.
LOM (Lights Out Management) is not supported in a hybrid HA setup.
DSCP (Differentiated Services Code Point) services are not supported on virtual appliances. Therefore, you cannot configure the DSCP value in an HA setup.
Because port settings are not available for virtual appliances, you cannot join a node if the port settings are overridden.
You cannot combine a platform on which Advanced DNS Protection hardware is running with a platform on which Advanced DNS Protection Software is running.
You cannot configure MTU (Maximum Transmission Unit) in a hybrid HA setup.
You cannot have a combination of an IB-FLEX and a non IB-FLEX appliance.
Auto-provisioning is not supported on virtual appliances; therefore, you cannot use the auto-provisioning feature in a hybrid HA setup.
A hybrid HA setup may cause some performance impact because hybrid HA performance depends on many factors such as the hardware on which the VM is running, the number of VMs contending for the same CPU, RAM, input/output resources, and the overhead generated by the virtualisation layer.
Minor performance differences are expected between the two nodes of a hybrid HA pair. Hybrid HA performance may vary, and it depends on the hardware components on which different virtualization platforms are running and the performance delivered by Infoblox hardware appliances. Different use cases will produce different numbers (slightly increased or decreased CPU usage, disk access time, and so on). Such performance variation is expected and is not a cause of concern.
About HA Failover
The appliance supports HA through bloxHA™, which provides a robust failover mechanism. As described in Planning for an HA Pair, both nodes in an HA pair share a single VIP address and a virtual MAC address. The node that is currently active is the one whose HA port owns the VIP address and virtual MAC address. When a failover occurs, these addresses shift from the HA port of the previous active node to the HA port of the new active node, as illustrated in the figure below.
...
VRRP advertisements are periodic announcements of the availability of the HA node linked to the VIP. The two nodes in an HA pair include a VRID (virtual router ID) in all VRRP advertisements and use it to recognize VRRP advertisements intended for themselves. Only another appliance on the same subnet configured to use the same VRID responds to the announcements. The active node in an HA pair sends advertisements as multicast datagrams every second. It sends them from its HA port using the source IP address of the HA port (not from the VIP address) and the source MAC address 00:00:5e:00:01:vrrp_id. The last two hexadecimal numbers in the source MAC address indicate the VRID number for this HA pair. For example, if the VRID number is 143, then the source MAC address is 00:00:5e:00:01:8f (8f in hexadecimal notation = 143 in decimal notation).
The destination MAC and IP addresses for all VRRP advertisements are 00:00:5e:00:01:12 and 224.0.0.18 (00:00:5e:00:02:12 and FF02::12 for IPv6 only configurations). Because a VRRP advertisement is a multicast datagram that can only be sent within the immediate logical broadcast domain, the nodes in an HA pair must be in the same subnet together.
As illustrated in the figure below, when you configure an HA pair, only the appliance configured to listen for VRRP advertisements with the same VRID number processes the datagrams, while all other appliances ignore them. The passive node in an Infoblox HA pair listens for these on its HA port and the active node listens on its LAN1 or LAN1 (VLAN) port. If the passive node does not receive three consecutive advertisements or if it receives an advertisement with the priority set to 0 (which occurs when you manually perform a forced failover or request the active node to restart, reboot, or shut down), it changes to the active state and assumes ownership of the VIP address and virtual MAC address.
If both nodes go offline, the one that comes online first becomes the active node. If they come online simultaneously, or if they enter a dual-active state—that is, a condition arises in which both appliances assume an active role and send VRRP advertisements, possibly because of network issues—then the appliance with the numerically higher VRRP priority becomes the active node. The priority is based on system status and events.
If both nodes have the same priority, then the appliance whose HA port has a numerically higher IP address becomes the active node. For example, if the IP address of the HA port on Node 1 is 10.1.1.80 and the IP address of the HA port on Node 2 is 10.1.1.20, then Node 1 becomes the active node.
...
| Drawio | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
| Note |
|---|
Note
|