To create a Grid, you first create a Grid Master and then add members. Although you can define a single appliance as a Grid Master, using an HA pair provides hardware redundancy for this vital component of a Grid. You can create an HA Master in either IPv4, IPv6, or in dual mode. An IPv4 HA Master uses IPv4 as the communication protocol between the two nodes and for Grid communication. An IPv6 HA pair uses IPv6 as the communication protocol between the two nodes and for Grid communication. But in a dual mode HA pair, you can select either IPv4 or IPv6 as the communication protocol between the two nodes and for Grid communication. The following procedure explains how to put two NIOS appliances on the network and use the Grid Setup Wizard to configure them as Nodes 1 and 2 to form an HA Grid Master. For information about which vNIOS appliance supports configuration as a Grid Master, see vNIOS Appliances.

If you are setting up HA with vNIOS instances deployed in AWS, Azure, or GCP cloud, as a prerequisite, you must set up a DNS resolver from the Grid Properties Editor for NIOS to resolve the cloud service URL. For more information, see Enabling DNS Resolution.

Configuring the Connecting Switch

To ensure that VRRP (Virtual Router Redundancy Protocol) works properly, configure the following settings at the port level for all the connecting switch ports (HA, LAN1, and LAN2):

• Spanning Tree Protocol: Disable this or enable this with Portfast. For vendor specific information, search for "HA" in the Infoblox Knowledge Base system at https://support.infoblox.com.

• Trunking: Disable.

  Note that if VLAN tagging is enabled on an Infoblox HA appliance, you must enable trunking at the port level.
  Ether Channel: Disable.

• IGMP Snooping: Disable.

• DHCP Snooping: Disable or Enable Trust Interface.

  Note that you must disable DHCP Snooping to successfully run DHCP services on the Grid. For more information about DHCP services, see About Infoblox DHCP Services.

• Port Channeling: Disable.

• Speed and Duplex settings: Match these settings on both the Infoblox appliance and switch.

• Disable other dynamic and proprietary protocols that might interrupt the forwarding of packets.

Placing Both Appliances on the Network

1. Connect the power cable from each NIOS appliance to a power source and turn on the power. If possible, connect the appliances to separate power circuits. If one power circuit fails, the other might still be operative.

2. Connect Ethernet cables from the LAN1 port and the HA port on each appliance to a switch on the network.

3. Use the LCD on one appliance or make a console connection to it and configure the network settings of its LAN1 port so that it is on the local subnet and you can reach it on the network. LCD supports only IPv4 addressing and not IPv6 addressing. You can configure IPv6 address for the appliance through CLI or GUI. IPv4 addressing is supported on the LCD; ensure that you have the correct network address values before configuration of the appliance.

   Note that for details about using the LCD and console, refer to the installation guide that shipped with your product.

4. Similarly, configure the LAN1 port on the other appliance so that it is in the same subnet as the first appliance.

5. Connect your management system to the network so that it can reach the IP addresses of the LAN1 ports on both appliances.

 HA Master – Node 1

1. On your management system, open a browser window, and connect to https://ip_addr, where ip_addr is the IP address of the LAN1 port on Node 1. IPv4 and IPv6 values are valid, based on the LAN1 port configuration.

2. Log in using the default username and password: admin and infoblox. For detailed information about logging in to the GUI, see Logging on to the NIOS UI.

3. Read the Infoblox End-User License Agreement (EULA), and then click I Accept.
   Note that if you want to view the privacy policy of Infoblox, then on the EULA screen, click Infoblox Privacy Policy. Grid Manager displays the policy on a new browser tab.

4. Click OK. The Grid Setup wizard appears. 

5. On the first screen, select Configure a Grid Master and click Next.

6. On the next screen, specify the Grid properties and click Next:

   • Grid Name: Enter a text string that the two appliances use to authenticate each other when establishing a VPN tunnel between them. The default Grid name is Infoblox.

   • Shared Secret: Enter a text string that both appliances use as a shared secret to authenticate each other when establishing a VPN tunnel between them. The default shared secret is test.

   • Confirm Shared Secret: Enter the shared secret again.

   • Hostname: Enter a valid domain name for the appliance.

   • Type of Network Connectivity: Select the type of network connectivity from the drop-down list:
     Note that HA configuration with IPv6 networks is not supported on public cloud platforms.

     • IPv4 and IPv6: Select this to configure a dual mode HA Master.

     • IPv4: Select this to configure an IPv4 HA Master.

     • IPv6: Select this to configure an IPv6 HA Master.

   • Is the Grid Master an HA pair?: Select Yes.

     • Send HA and Grid Communication over: This field is displayed only when you are configuring a dual mode HA pair. Select either IPv4 or IPv6 as the communication protocol for VRRP advertisements.

     Note:

     • Infoblox recommends that you back up the configuration after you convert a Grid to a different mode.

     • Restoring the old backup by performing a forced restore, may prevent the Grid members from rejoining the Grid Master after the restore.

7. On the next screen, specify the network properties and click Next:
   Note: If you are deploying HA over public cloud platform such as AWS, Azure, or GCP, see the HA Master - Node 1 Deployed on Public Cloud section for additional steps.

   • Virtual Router ID: Enter the VRID (virtual router ID). This must be a unique VRID number—from 1 to 255—for this subnet.

   • Ports and Addresses: This table lists the network interfaces based on the type of network connectivity of the HA Master.
     For IPv4 HA Master, specify the network information for VIP (IPv4), Node1 HA (IPv4), Node2 HA (IPv4), Node1 LAN1 (IPv4), and Node2 LAN1 (IPv4) interfaces.
     For IPv6 HA Master, specify the network information for VIP (IPv6), Node1 LAN1 (IPv6), and Node2 LAN1 (IPv6) interfaces.
     For a dual mode HA Master, if you select IPv4 in the Send HA and Grid Communication over field, specify the network information for the following interfaces: VIP (IPv4), Node1 HA (IPv4), Node1 LAN1 (IPv4), Node2 HA (IPv4), Node2 LAN1 (IPv4), VIP (IPv6), Node1 LAN1 (IPv6), and Node2 LAN1 (IPv6) interfaces.
     For a dual mode HA Master, if you select IPv6 in the Send HA and Grid Communication over field, specify the network information for the following interfaces: VIP (IPv4), Node1 LAN1 (IPv4), Node2 LAN1 (IPv4), VIP (IPv6), Node1 LAN1 (IPv6), and Node2 LAN1 (IPv6) interfaces.
     Enter correct information for the following by clicking the field:

     • Interface: Displays the name of the interface. You cannot modify this.

     • Address: Type the IPv4 or IPv6 address depending on the type of interface.

     • Subnet Mask (IPv4) or Prefix Length (IPv6): Specify an appropriate subnet mask for IPv4 address or prefix length for IPv6 address. The prefix length ranges from 2 to 127.

     • Gateway: Type the IPv4 or IPv6 address of the default gateway depending on the type of interface. For the IPv6 interface, you can also type Automatic to enable the appliance to acquire the IPv6 address of the default gateway and the link MTU from router advertisements.

       Note
       You can now define a link-local address as the default IPv6 gateway and isolate the LAN segment so that the local router can provide global addressing and access to the network and Internet. This is supported for both LAN1, LAN2, and VLAN interfaces, as well as LAN1, LAN2, VLAN in the failover mode. However, the link-local address does not support the following:

       • IPv6 link local gateway for the MGMT interface.

       • IPv6 link local is not supported for addresses. It supported only for gateways.

     • VLAN Tag: For a VLAN, enter the VLAN tag or ID. You can enter a number from 1 to 4094. Ensure that you configure the corresponding switch accordingly.

     • Port Settings: From the drop-down list, choose the connection speed that you want the port to use. You can also choose the duplex setting. Choose Full for concurrent bidirectional data transmission or Half for data transmission in one direction at a time. Select Automatic to instruct the NIOS appliance to negotiate the optimum port connection type (full or half duplex) and speed with the connecting switch automatically. This is the default setting. You cannot configure port settings for vNIOS appliances.

8. Optionally, enter a new password and click Next. The password must be a single string (no spaces) that is at least four characters long.

9. Select the time zone of the Grid Master and indicate whether the Grid Master synchronizes its time with an NTP (Network Time Protocol) server.

   • If you choose to enable NTP, click the Add icon and enter the IP address of an NTP server. Entries may be an IPv4 or IPv6 address. You can enter IP addresses for multiple NTP servers.

   • If you choose to disable NTP, set the date and time for the appliance.

   • Click Next.

10. The last screen displays the settings you specified in the previous panels of the wizard. Verify that the information is correct and click Finish. The application restarts after you click Finish.
    Note that the Grid Setup Wizard provides options such as not changing the default password and manually entering the time and date. However, changing the password and using an NTP server improves security and accuracy (respectively), and so these choices are presented here.

    Record and retain this information in a safe place. If you forget the shared secret, you need to contact Infoblox Technical Support for help. When you add an appliance to the Grid, you must configure it with the same Grid name, shared secret, and VPN port number that you configure on the Grid Master.

11. Close the management window. The configuration for Node 1 is complete.

HA Master - Node 1 Deployed on Public Cloud

To set up the node 1 of the HA Master deployed on AWS, Azure, or GCP cloud platforms, configure the following additional settings as part of step 7 in the HA Master - Node 1 section:

• Public Cloud: Select the checkbox If you are deploying the vNIOS instance on a public cloud platform, and then choose the platform from the drop-down list. This option appears when you select Yes for Is the Grid Master an HA pair?.

• Ports and Addresses: According to the platform you selected in the Public Cloud field, the Ports and Addresses table displays an additional field that you must configure for the HA interface of both nodes:

  • Interface ID for AWS: Specify the network interface ID of the HA interface configured for the corresponding VM instance in the Amazon EC2 console.

  • Nic Name for Azure: Specify the name of the HA interface configured for the corresponding VM instance in the Microsoft Azure portal.

  • Compute Name for GCP: Specify the compute name configured for the corresponding VM instance in the GCP console.
    Note that for vNIOS for GCP instances, you must also specify values in the Subnet Mask and Gateway fields as they are not auto-populated.

For steps that must be performed in the cloud platform portal, see the Infoblox vNIOS installation guide of the corresponding cloud platform.

HA Master – Node 2

1. On your management system, open a new browser window, and connect to https://ip_addr, where ip_addr is the IP address of the LAN1 port on Node 2. IPv4 or IPv6 values are valid.
   When you enter an IPv6 address, enclose the address in square brackets (as in https://[ip_addr] or https://[2001:db8::256:ABCD:EF12:34:1].

2. Log in using the default username and password admin and infoblox.

3. Read the Infoblox End-User License Agreement (EULA), and then click I Accept.
   Note that if you want to view the privacy policy of Infoblox, then on the EULA screen, click Infoblox Privacy Policy. Grid Manager displays the policy on a new browser tab.

4. Click OK. The Grid Setup wizard appears.

5. On the first screen, select Join Existing Grid and click Next.

6. On the next screen, specify the Grid properties and click Next.

   • Grid Name: Enter a text string that the two appliances use to authenticate each other when establishing a VPN tunnel between them. This must match the Grid name you entered for Node 1.

   • Grid Master's IP Address: Enter the same VIP you entered for Node 1.

   • Shared Secret: Enter a text string that both appliances use as a shared secret to authenticate each other when establishing a VPN tunnel between them. This must match your entry in Node 1.

7. On the next screen verify the IP address settings of the member and click Next. 
   The last screen displays the settings you specified in the previous panels of the wizard.

8. Verify that the information is correct and click Finish.
   The setup of the HA master is complete. From now on, when you make an HTTPS connection to the HA pair, use the VIP address.

The communication protocol for all the services in a dual mode (IPv4 and IPv6) HA Master is the same protocol as the one used for VRRP advertisements. For example, if you select IPv4 in the Send HA and Grid Communication over field in step 2 of the Grid Setup wizard, then IPv4 is set as the communication protocol for all the services. However, you can override the communication protocol for all the services in a dual mode HA Master. For information, see Changing the Communication Protocol for a Dual Mode Appliance.