Chapter 5 Deploying a Grid

To deploy a Grid, it is important to understand what a Grid is, how to create a Grid Master and add members, and how to manage the Grid.
This chapter explains these tasks in the following sections:

• Introduction to Grids
  • Grid Communications
  • NAT Groups
  • Automatic Software Version Coordination
  • Grid Bandwidth Considerations
• About HA Pairs
  • Planning for an HA Pair
  • About HA Failover
  • VRRP Advertisements
• Creating a Grid Master
  • Port Numbers for Grid Communication
  • Grid Setup Wizard
  • Creating an HA Grid Master
  • Creating a Single Grid Master
• Adding Grid Members
  • Adding a Single Member
  • Adding an HA Member
  • Changing the Communication Protocol for a Dual Mode Appliance
  • Joining Appliances to the Grid
  • Grouping Members by Extensible Attributes
• Configuring an IPv6-only Grid
  • Transforming to an IPv6-only Grid
• Auto-Provisioning NIOS Appliances
  • Joining Auto-Provisioned Appliances to the Grid
• Pre-Provisioning NIOS and vNIOS Appliances
  • Guidelines for Pre-provisioning Offline Grid Members
  • Configuring Pre-Provisioned Members
  • About Provisional Licenses
  • Guidelines for Joining Pre-Provisioned Members to the Grid
• Configuration Example: Configuring a Grid
  • Cable All Appliances to the Network and Turn On Power
  • Create the Grid Master
  • Define Members on the Grid Master
  • Join Appliances to the Grid
  • Import DHCP Data
  • Import DNS Data
  • Using the Wizard
  • After Using the Wizard
• Managing a Grid
  • Changing Grid Properties
  • Configuring Security Level Banner
  • Configuring Informational Level Banner
  • Configuring Recursive Deletions of Networks and Zones
  • Setting the MTU for VPN Tunnels
  • Removing a Grid Member
  • Promoting a Master Candidate
  • Enabling Read-only API Access on the Grid Master Candidate
• About the Master Grid

Introduction to Grids
A Grid is a group of two or more NIOS appliances that share sections of a common, distributed, built-in database and which you configure and monitor through a single, secure point of access: the Grid Master. A Grid can include Infoblox appliances and vNIOS appliances. A vNIOS appliance is a non-Infoblox hardware platform running the vNIOS software package. For supported vNIOS platforms, see Supported vNIOS Appliance Models and Specifications.
Infoblox appliances support both IPv4 and IPv6 networks and you can configure a Grid in one of the following modes:

• IPv4-only: An IPv4-only Grid uses IPv4 as the Grid communication protocol and it includes an IPv4 Grid Master and the Grid members, which can be either IPv4 or dual mode (IPv4 and IPv6) independent and HA appliances. Note that when you add a dual mode HA member to an IPv4-only Grid, the communication protocol between the two nodes of an HA pair must be IPv4.
• IPv6-only: An IPv6-only Grid uses IPv6 as the Grid communication protocol and it includes an IPv6 Grid Master and the Grid members, which can be either IPv6 or dual mode (IPv4 and IPv6) independent and HA appliances. Note that when you add a dual mode HA member to an IPv6-only Grid, the communication protocol between the two nodes of an HA pair must be IPv6.
• IPv4 and IPv6 (Dual mode): A dual mode Grid can use either IPv4 or IPv6 as the Grid communication protocol. A dual mode Grid includes a dual mode Grid Master and the Grid members, which can be either IPv4, IPv6, or dual mode independent and HA appliances.

---

Note: Infoblox appliances support IPv4 and IPv6 networking configurations in most deployments cited in this chapter. You can set the LAN1 port to an IPv6 address and use that address to access Grid Manager. All HA (high availability) operations can be applied across IPv6. Topics in this and following chapters generally use IPv4 examples. Also note that the LAN2, MGMT, and VLAN ports also support IPv6. DNS services are fully supported in IPv6 for the LAN1, LAN2, MGMT, and VLAN ports. DHCP services are fully supported in IPv6 for the LAN1 and LAN2 ports. Examples throughout this chapter use IPv4 addressing. Interfaces on NIOS appliances support both IPv4 and IPv6 transports and intra-Grid communication is based on the type of IP address used by the Grid member to join the Grid.

---

The following table summarizes the possible setups of a Grid configuration:

Table 5.1 Possible Setups of Grid configuration

You can also add supported Reporting platforms as a logging and reporting devices in your Grid. Infoblox provides a few Infoblox platforms that you can use as the logging and reporting device. For information about the supported appliances, see About Reporting Clustering. Infoblox reporting solution supports both IPv4 and IPv6 networks and you can configure a reporting member in either IPv4, IPv6, or in dual mode (IPv4 and IPv6) network environment. An IPv4-only Grid uses IPv4 as the Grid communication protocol, so you can add an IPv4 or dual mode reporting member to an IPv4-only Grid. An IPv6-only Grid uses IPv6 as the Grid communication protocol, so you can add an IPv6 or dual mode reporting member to an IPv6-only Grid. However, a dual mode Grid can use either IPv4 or IPv6 as the Grid communication protocol, so you can add an IPv4, IPv6, or a dual mode reporting member to a dual mode Grid. The reporting appliance collects data from members in the Grid and stores the data in the database. It then uses the data to generate predefined and user-defined reports that you can access through Grid Manager. These reports provide useful information about the IPAM, DNS, DHCP, and system activities and usage in your Grid. For more information about reporting, see Infoblox Reporting and Analytics.
Instead of manually provisioning IP addresses and DNS name spaces for network devices and interfaces, you can add Cloud Platform Appliances to leverage DNS and DHCP features of the Grid to manage your CMPs (Cloud Management Platforms). For information about the Infoblox Cloud Network Automation solution and supported Grid configurations, see Deploying Cloud Network Automation.

Figure 5.1 shows the basic concept of a Grid, database distribution (or "replication"), and reporting.

Figure 5.1 Grid and Partitioned Database Replication

The Grid Master can be either an HA master or a single master; that is, an HA (high availability) pair or a single appliance. Similarly, a Grid member can be either a single member or an HA member. You can add single appliances and HA pairs to a Grid, forming single members and HA members respectively. A single Grid member can be either an Infoblox appliance or a vNIOS appliance. An HA Grid member can be a pair of Infoblox appliances or vNIOS appliances. For information, see Supported vNIOS Appliance Models and Specifications.
The Grid Master communicates with every Grid member in a hub-and-spoke configuration. Intra-Grid communication is based on the type of IP address used by the Grid member to join the Grid Master. An IPv4-only Grid Master uses IPv4 and an IPv6-only Grid Master uses IPv6 for intra-Grid communication. However, a dual mode Grid Master uses either IPv4 or IPv6 depending on the IP address type used by the Grid member to join the Grid Master. For an HA member, the Grid Master communicates with the active node, which in turn communicates with the passive node, as shown in Figure 5.2.

Figure 5.2 Grid Communications to an HA Member

When adding vNIOS appliances to a Grid, you centralize the management of core network services of the virtual appliances through the Grid Master. vNIOS appliances support most of the features of the Infoblox NIOS software, with some limitations as described in Appendix E, "vNIOS Appliances".
For additional information specific to each platform, refer to the Quick Start Guide for Installing vNIOS Software on Riverbed Services Platforms and the Quick Start Guide for Installing vNIOS Software on VMware Platforms.
By default, Grid communications use the UDP transport with a source and destination port of 1194. This port number is configurable. For a port change to take effect, one of the following must occur: the HA master fails over, the single master reboots, or the Grid restarts services.
After adding an appliance or HA pair to a Grid, you no longer access the Infoblox GUI on that appliance. Instead, you access the GUI running on the Grid Master. Although you can create multiple administrator accounts to manage different services on various Grid members, all administrative access is through the Grid Master. So even if someone has administrative privileges to a single Grid member, that administrator must access the GUI running on the Grid Master to manage that member.
You can access the Infoblox GUI through an HTTPS connection to one of the following IP addresses and ports on the Grid Master:

• The VIP address, which links to the HA port on the active node of an HA Grid Master
• The IP address of the LAN1 port on a single Grid Master
• The IP address of the MGMT port (if enabled) of the active node of an HA or single Grid Master. See Using the MGMT Port.

Grid Communications
The Grid Master synchronizes data among all Grid members through encrypted VPN tunnels. The default source and destination UDP port number for VPN tunnels is 1194. You can continue using the default port number or change it. For example, if you have multiple Grids, you might want each Grid to use a different port so that you can set different firewall rules for each. Whatever port number you choose to use for the VPN tunnels in a Grid, all the tunnels in that Grid use that single port number.
Before an appliance or HA pair forms a tunnel with the master, they first authenticate each other using the Challenge-Response Authentication Mechanism (CRAM). The source and destination port number for this traffic is 2114. During the CRAM handshake, the master tells the appliance or HA pair what port number to use when building the subsequent VPN tunnel.

Figure 5.3 VPN Tunnels within a Grid

Another type of traffic, which flows outside the tunnels, is the VRRP (Virtual Router Redundancy Protocol) advertisements that pass between the active and passive nodes in an HA pair. The VRRP advertisements act like heartbeats that convey the status of each node in an HA pair. If the active node fails, the passive node becomes active. The VIP (virtual IP) address for that pair then shifts from the previously active node to the currently active node.