Elastic Scaling provides the capability to automatically pre-provision and deploy vNIOS appliances on-demand for IPAM (IP Address Management), DNS, and/or DHCP. Compared to standard appliance deployment and licensing management, you now have the flexibility to purchase multiple service and feature licenses and install them as dynamic licenses for future vNIOS or cloud deployments based on your evolving business needs and deploy them as needed. When you remove a vNIOS or cloud appliance from the Grid, the dynamic licenses on the appliance are automatically released and returned to the license pool on the Grid Master for reuse at a later time. Elastic scaling includes a full set of APIs for pre-provisioning, deployment, and de-provisioning vNIOS appliances, making it simple to add or remove DNS or DHCP capacity on-demand to meet changing infrastructure requirements, which is critical for realizing the benefits of dynamic Cloud environments. For information about the Infoblox cloud solution, see Deploying Cloud Network Automation.
You can purchase licenses of any type, such as vNIOS, DNS, DHCP, Enterprise (formerly Grid) and Cloud Platform, deploy them as dynamic licenses on the Grid Master , and allocate them to vNIOS virtual appliances manually or automatically through Elastic Scaling.
All dynamic licenses are tied to a specific Grid Master. You must first obtain the LPC_UID (License Pool Container Unique ID) of the Grid Master before obtaining the licenses from Infoblox Technical Support. For more information, see Obtaining Dynamic Licenses.
When you use Elastic Scaling to pre-provision and launch vNIOS appliances, licenses are automatically installed on the newly spun-up appliances during the process as long as you have the correct vNIOS licenses in the license pools for the vNIOS models you plan to deploy. For example, you can install a CP-V1400 license on a CP-V1400 or CP-V800, but you cannot do so on a CP-V2200. If there are no licenses available in the pool for the specified appliance models, the Grid Master notifies you with an error message (for Cloud Platform Appliances, the API calls fail). Note that you cannot add a vNIOS Grid member when no dynamic licenses are available. When you spin down vNIOS appliances, its assigned licenses are released and returned to the NIOS license pool.
The Grid Master keeps track of dynamic licenses that are allocated to vNIOS members and adjusts the total number of available dynamic licenses for each feature and service. You can view the total number of dynamic licenses installed for each feature and service, the number of active and available licenses, their usage, and other related information in the Grid tab -> Licenses tab -> Pool tab of Grid Manager. For information about how to view dynamic licenses, see Viewing Dynamic Licenses.
Infoblox supports elastic scaling for Software ADP profiles on the supported platforms and provides the following pool licenses: Threat Protection (Software add-on) and Threat Protection Update. For more information about Software ADP profiles, see Configuring Threat Protection Profiles. Threat protection members use management port for IPv4 and IPv6 communication with the Grid. Infoblox supports cloud API calls for such members to join the Grid using MGMT port and VPN on the MGMT port. To know more about using the MGMT port, see Using the MGMT Port.
You can also manually allocate and deallocate dynamic licenses as your business requirements evolve. For more information, see Manually Allocating Dynamic Licenses and Manually Deallocating Dynamic Licenses.
Using Elastic Scaling to Pre-provision and Launch vNIOS Members
You can use Elastic Scaling to deploy on-demand vNIOS virtual members in a Grid and in your cloud environment and pre-provision them to manage networks and zones. For information about how to utilize Elastic Scaling to provision Cloud Platform Appliances and join them to the Grid using cloud API calls, see Sample Cloud API Requests for Elastic Scaling.
Complete the following tasks to pre-provision and launch vNIOS appliances:
- Obtain dynamic licenses and install them on the Grid Master, as described in Obtaining Dynamic Licenses. You can also use a temporary license to spin up a Grid Master VM.
- Create an offline Grid member or HA pair, as described in Adding a Single Member or Adding an HA Member.
Pre-provision the offline Grid member you just created, as described in Configuring Pre-Provisioned Members. Note that there are a few guidelines that you might want to review before pre-provisioning your Grid member. For more information, see Guidelines for Pre-provisioning Offline Grid Members.
Note
You must include the Grid and vNIOS provisional licenses for pre-provisioned vNIOS members in order to join them to the Grid.
Generate a token for the Grid member, as described in Generating Tokens for Grid Members.
Note
For HA pairs, the appliance generates two tokens—one for each node of the HA pair.
- Use cloud API calls to add network views, networks, or zones and then delegate the objects to the offline Grid member. For information about sample cloud API requests, see Sample Cloud API Requests for Elastic Scaling.
- Use API requests to join the Grid member to the Grid. For sample API requests, see Sample Cloud API Requests for Elastic Scaling. If for any reasons the automated process of Elastic Scaling fails or if you are unable to send API calls, you can use CLI commands to join the Grid member to the Grid as a workaround. For more information, see Using CLI Commands to Join Grid Members.
- Verify the Grid member has successfully joined the Grid, as described in Viewing Status.
- Verify the dynamic licenses have been allocated correctly by viewing the license usage, as described in Viewing Dynamic Licenses.
Generating Tokens for Grid Members
Before you can automatically allocate dynamic licenses to a pre-provisioned member, you must request a one-time token from the Grid Master. This token allows the member to register and authenticate itself to the Grid Master before a specified date and time (the default is 60 minutes from the time you generate the token). When the token is not used after the expiration date and time, it becomes invalid and you must generate another token for the member. You can configure the token usage timeout so the appliance can send syslog messages to alert you about the unused token. For information about how to set the token usage timeout value, see Configuring Token Usage Timeout.
Using a one-time token eliminates the need for the Grid Master credentials to be exposed to other Grid members and the CMP (Cloud Management Platform) in the case of cloud implementation. Note that only superusers can generate and view the token for a pre-provisioned Grid member.
Note
You can use API calls as part of the automated deployment process to generate a token for the vNIOS Grid member before joining it to the Grid. For information about sample API requests you can use to generate a token, see Sample Cloud API Requests for Elastic Scaling. As a workaround, you can also generate a token through Grid Manager.
To generate a token through Grid Manager, complete the following:
- From the Grid tab, select the Grid Manager tab -> Members tab.
- Click the Action icon
next to the vNIOS member and select Generate Token from the list. In the Your Permission Token dialog, the appliance displays the token and the Expiration Date of the token. You must generate a new token for the member if the token is not used before the expiration date.
Note
Copy this token and paste it at the CLI when you use the set token on command to set the token and generate the token file.
Configuring Token Usage Timeout
You can configure the appliance to send syslog messages to alert you about an unused token that has been generated for a pre-provisioned member. Depending on the timeout interval you configure, the appliance sends a syslog message for each timeout interval until the token expires.
To configure the token usage timeout value:
- From the Grid tab -> Grid Manager tab, click Grid Properties -> Edit from the toolbar.
- In the Grid Properties editor, select the General tab -> Basic tab and complete the following:
- Token usage timeout: Enter the time interval (in minutes) for which the appliance sends a syslog message to alert you about the unused permission token for a pre-provisioned member. For example, if you enter 5 here, the appliance sends a syslog message every five minutes. The default is 10.
- Save the configuration.
Using CLI Commands to Join Grid Members
Note
If for any reasons the automated process of Elastic Scaling does not function properly, you can use CLI commands to join Grid members to the Grid as a workaround.
When using Elastic Scaling, ensure that you have generated a token for the member, as described in Generating Tokens for Grid Members before joining the member to the Grid.
To join the vNIOS member to the Grid:
- Access the Infoblox CLI using an SSHv2 connection through an SSHv2 client. You can also access the CLI by connecting a serial cable directly from the console port of a management system to the console port on the appliance, and then using a terminal emulation program such as Hilgraeve Hyperterminal® (provided with Windows® operating systems) and launch a session. The connection settings are:
- Bits per second: 9600
- Stop bits: 1
- Data bits: 8
- Flow control: Xon/Xoff
- Parity: None
- Log in using the default user name and password admin and infoblox. User names and passwords are case-sensitive.
To change the network settings from the default, enter the set network command. Then enter information as prompted to change the IP address, netmask, and gateway for the LAN1 port.
Infoblox > set network
NOTICE: All HA configuration is performed from the GUI. This interface is used only to configure a standalone node or to join a grid.
Enter IPv4 address [Default: n.n.n.41]: <Enter the LAN1 port IP address>
Enter netmask: [Default: 255.255.255.0]: <Enter the LAN1 port netmask>
Enter gateway address [Default: n.n.n.1]: <Enter the gateway IP address>
NOTICE: Additional IPv6 interface can be configured only via GUI.
Become grid member? (y or n): nNote
You must enter n to use Elastic Scaling. If you enter y, the member becomes a Grid member and you will not be able to set token and join the pre-provisioned member to the Grid.
- Use the
set token oncommand to set the member token, the Grid Master IP address and certificate to the token file. Following is an example:Infoblox > set token on
Enter GM-IP [Current: not defined]: <Enter the Grid Master IP address>Enter Token [Current: not defined]: Copy token from the Your Permission Token dialog in Grid Manager.
New Token Settings:
GM-IP: 1.1.1.1
Token: b25lLnZpcnR1YWxfbm9kZSQx
Is this correct? (y or n): y
Do you want to download the certificate form GM and validate (y or n): y
Is this correct and valid (y or n): y
Are you sure to apply and save settings to file?: y
The token and certificate are saved. To verify the token:
Infoblox > showtoken
The CLI displays the current token setting and certification information. Verify this information.Note
If there is incorrect information, use set token off to remove the token file.
- Use the
set token joincommand to register the Grid member and get licenses from the license pool before joining the member to the Grid. Once the member joins the Grid, the token become invalid—you can use the token only once.Infoblox > set token join
Are you sure to start Member registration Client? (y or no): y Starting Member registration Client...Connecting...Note
For HA pairs, repeat the CLI commands on both nodes.
Using OpenStack cloud-init template to configure Grid Master and join Grid members
You can use the following OpenStack cloud-init template to configure an IB-V815 as a Grid Master:
#infoblox-config remote_console_enabled: y default_admin_password: infoblox temp_license: nios IB-V815 dns dhcp enterpriselan1:
v4_addr: 10.2.0.132 v4_netmask: 255.255.255.0 v4_gw: 10.2.0.1
mgmt:
v4_addr: 10.1.0.69 v4_netmask: 255.255.255.0 v4_gw: 10.1.0.1
You can use the following OpenStack cloud-init template to join an IB-V815 member to the Grid:
#infoblox-config remote_console_enabled: y default_admin_password: infoblox temp_license: nios IB-V815 dns dhcp enterprise sw_tp tp_sub lan1:
v4_addr: 10.2.0.140 v4_netmask: 255.255.255.0 v4_gw: 10.2.0.1
mgmt:
v4_addr: 10.1.0.77 v4_netmask: 255.255.255.0 v4_gw: 10.1.0.1
gridmaster:
token: xqyv+gEcPiUp9ETdHqmS2VcPIHEd81/U ip_addr: 10.39.8.109 join_intf: mgmt certificate:-----BEGIN
CERTIFICATE-----MIIDdzCCAl8CEBgaTP/XX2lAxDokwClJub4wDQYJKoZIhvcNAQEFBQAwejELMAkGA1UEBh MCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8GA1UEChMISW5mb2Jsb3gx FDASBgNVBAsTC0VuZ2luZWVyaW5nMRkwFwYDVQQDExB3d3cuaW5mb2Jsb3guY29tMB4XDTE3MDMwNTE0NTE1M1 oXDTE4MDMwNTE0NTE1M1owejELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1 bm55dmFsZTERMA8GA1UEChMISW5mb2Jsb3gxFDASBgNVBAsTC0VuZ2luZWVyaW5nMRkwFwYDVQQDExB3d3cuaW 5mb2Jsb3guY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsRf7VSVyYgRZCsdEgqU5m531Pk0H qOlZ5CqWrcyGiKDYrbByPGATWSOKcQ9opUMj7VF3vttXOoY/f2pI8OAKrOr8ADWh70fqXFDWFAYsxGmP0dkFTd NajI0reIrlYE0tF3FTBOZiXixfTUsI0hX96xNMU/0tHptloQxXz9+Uolf7ovFi6D0QBwjtBHmcVYhIJh0CfRUm MsIZgCupKVfwXNo3BMQfyNKsePjfVvoxCWTXF+KfAv3JSOOARbwuAZiYcMl2rdKb+8vBq4+IaMwr83QaJV8cph Ahyt5s7PebgS+GJLWzcIdUXSecDl3HEpJxLMnV0ko8ZByN5T4mywz6GQIDAQABMA0GCSqGSIb3DQEBBQUAA4IB AQCWYwlB8Z5usHU0HL2WgyMkAZW8PYsjQNlv/aI/0kEkiJsvZc5H72frgbTA+whnz/CqsRu8Rd06VEi+3UqR7n +0wRwSL6gWmlVBLNP3BZfsTKn0Bhd89hzUrSGtK07xF/kY2qUEb6LnJ91B1O46h7LUJutmzSPK2w10yY295kLe NhQgG35oMWgztc7II6V7ViTnkqzEPWxILV0W1odIAodG46eycOCu5NPRWpN/FRn9gzSvL03YilJ4d/bii31s0S BZumFP+Q5e0i7bcElTmmhy5gsweITpfybUrFZAhXNs09832Ej11Q3lVKL42IDsiXTKIFwbG+cNM7b7zfC0Oj81 ----END CERTIFICATE
You can use the following OpenStack cloud-init template to join an IB-V1415 member to the Grid:
#infoblox-config remote_console_enabled: y default_admin_password: infoblox temp_license: nios IB-V1415 dns dhcp enterprise sw_tp tp_sub #temp_license: nios IB-FLEX
lan1:
v4_addr: 10.2.0.28 v4_netmask: 255.255.255.0 v4_gw: 10.2.0.1
ha:
v4_addr: 10.2.0.30 v4_netmask: 255.255.255.0 v4_gw: 10.2.0.1
mgmt:
v4_addr: 10.1.0.29 v4_netmask: 255.255.255.0 v4_gw: 10.1.0.1
gridmaster:
token: 0rPidqD1Iau91adaIL7zlO7sZb0qxuk1 ip_addr: 10.39.52.19 join_intf: mgmt
certificate: -----BEGIN
CERTIFICATE-----MIIDdzCCAl8CEChqLtGPEl/kEVjEE488HtkwDQYJKoZIhvcNAQEFBQAwejELMAkGA1UEBh MCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8GA1UEChMISW5mb2Jsb3gx FDASBgNVBAsTC0VuZ2luZWVyaW5nMRkwFwYDVQQDExB3d3cuaW5mb2Jsb3guY29tMB4XDTE3MDIyMjA5MDEyOV oXDTE4MDIyMjA5MDEyOVowejELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1 bm55dmFsZTERMA8GA1UEChMISW5mb2Jsb3gxFDASBgNVBAsTC0VuZ2luZWVyaW5nMRkwFwYDVQQDExB3d3cuaW 5mb2Jsb3guY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA02LEbIeAjjRZhBQSsPRIMoeR6GZC SftQV+DPHPQAmvzPeJqaH8obCcRi6pfrPToxTKRCde7W87Tdy/uurZVXbJNWdtW7xhfelFVmdFuUGR+PId7oJd nd9qmBLmUUPRniQDkk5pM8+g+olWjXPv2yn+zad+LaZpXUslP7TSfVvIeo6t2lwsUUxyozUnGLN9Pm91u/k/pz Cog2e+3y/F2WPYQzmAC5KU5vY8Rl8iX8z/03eHhnVFITSrk15xgE5IQtlJG5C/RksFt/b5gcAFqh/7yUhCPvW2 pd8/xw/caXsY2nFUC1b3jgUg+EfXpXE7EMD/thxqkhMNNK9GOhPrbVdQIDAQABMA0GCSqGSIb3DQEBBQUAA4IB AQBiTz2cbVfUHIoQiLefSaf5Yv1fM6AyZ/sjPlVjYa0DBOdn4n1iiIL0tibPML3v3SVd2suAFPLmZdf1XTqkaT rN8SLE0RR7fS/7Nz7eibPlXWGgeY6se8Br9cLWm+1AP7ugAPvjSZxBn87Spz6BfZKQ7L1NKHeqfu0UDuUvv2rO tdlbRSHhb0INmm20LlMmLwmLxTCg/o7W2YaJa9lggyzz20oaZHGD1dLEP+mh2TsRyX/fxXYpwiAvmZ/VkccLgC xcj/fU44hxLfFa+Ibz5sjYp1gExYfGFwUBDuf/7ftrBNh90qcXzXncrQAebGBHhRYtsDpRnpWH+qGAzTdJXTm8---END CERTIFICATE---
You can use the following OpenStack cloud-init template to join an IB-V825 member to the Grid:
#infoblox-config remote_console_enabled: y default_admin_password: infoblox temp_license: nios IB-V825 dns dhcp enterprise
lan1:
v6_addr: 2620:10a:6000:2708::17 v6_cidr: 64 v6_gw: 2620:10a:6000:2708::1
mgmt:
v6_addr: 2620:10a:6000:2701::a v6_cidr: 64 v6_gw: 2620:10a:6000:2701::1
gridmaster:
token: IDUxCCzc/o08PHUURVVTG2KoeSUsq0x0 ip_addr: 2620:10a:6000:2701::8 join_intf: mgmtcertificate: -----BEGIN
CERTIFICATE-----MIIDdzCCAl8CEDdxmmxPWBgZpzPXFjO1fzowDQYJKoZIhvcNAQEFBQAwejELMAkGA1UEBh MCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8GA1UEChMISW5mb2Jsb3gx FDASBgNVBAsTC0VuZ2luZWVyaW5nMRkwFwYDVQQDExB3d3cuaW5mb2Jsb3guY29tMB4XDTE3MDExMTEzNDY0OV oXDTE4MDExMTEzNDY0OVowejELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1 bm55dmFsZTERMA8GA1UEChMISW5mb2Jsb3gxFDASBgNVBAsTC0VuZ2luZWVyaW5nMRkwFwYDVQQDExB3d3cuaW 5mb2Jsb3guY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArDd9+rSVV7zah8S/zRSFPtmiEO0X 6SLPbXWFtI+5PdVyIzl+IcGrl0Z09hoNGddZvXTyzCJCKI/J5WA9+PzjJJnjRRjGaB8QLe3Pq8Dpe24VVpaL92 vVSkHAruKS9IjNZk2OxGrPC0EMVb8/8H6Q/Ym1Wmm8IocHXxL9syaSG6lyhJstsaNDV/J1U7d0Qwmx/wJ0OZv2 pJsHFKWGC8pnxH4IWSCPyKv1scJYmgUttVKzCzlAgQ6+qEbAMJXkfAF39Hak/gKwLArENOheQVZg0lbZV6fhIl etmXNsr84wzELT7h2Xe4i6Dd01g287MCZAaLXzqDSGAhfVKcBkaCvs4wIDAQABMA0GCSqGSIb3DQEBBQUAA4IB AQACqr/Sjo8e07Vqp/gUhzwRv27NISHpI0VXp0/j2Vl4JZ3kkPAIDgcmT9flHr6QLJc2KsU2WVyt8XPB0XYWes jEJ4m468NVwGDkveDCnJ5le7/oYub3aKOYN8/Bkd5hju/GNmcKXybx8yPjw9hnXfG1sPT6H9UaMpxHx2cVH9se EvLNbxIF2hVg/yX0kE+YOQP892up9IANVKjSFCsQEkZ6os961IZjzY/MQYr4aWoP1KfU825chZ7BqCCDQMj0Vx CX2pHKzuFoCYB8a3/Tt0znlm/7ulRuHftqHAKLXeabLmxMJBW/5ZoX0RSjbr4OvcekwS2e7MuklnCMuSlJA2uL---END CERTIFICATE---
To configure an IB-FLEX Grid Master using the Flex Grid Activation license, you can use the following OpenStack cloud-init template:
#infoblox-config
remote_console_enabled: yhardware_type: IB-FLEXtemp_license: flex_gridlan1:
v4_addr: 10.39.51.33 v4_netmask: 255.255.255.0 v4_gw: 10.39.51.1
mgmt:
v4_addr: 10.39.50.22 v4_netmask: 255.255.255.0 v4_gw: 10.39.50.1
lan2:
nic_bonding_enabled: Y bonding_failback_interface: lan1
mac:
mgmt: fa:16:3e:14:3a:ae lan1: fa:16:3e:01:29:0b ha: fa:16:3e:25:43:8a lan2: fa:16:3e:8e:26:4c