Deploying an Independent HA Pair
- Shwetha S
To deploy an independent HA pair, you cable the HA and LAN1, LAN1 (VLAN), or LAN2, LAN2 (VLAN) ports to the network and configure the IP settings for these ports and the VIP address within the same subnet. For more information about HA pairs, see About HA Pairs.
The default LAN1 or LAN2 settings are as follows:
IP address: 192.168.1.2
Netmask: 255.255.255.0
Gateway: 192.168.1.1
You can configure an HA pair using the Infoblox NIOS Startup Wizard. IPv4 and IPv6 network values are supported for the NIOS Startup Wizard and for HA Pair configuration. The NIOS appliance MGMT port also can be configured to support an IPv6 address.
Requirements: HTTPS connections from your management system to the Ethernet ports on the two appliances.
Advantage: The startup wizard provides step-by-step guidance for configuring the network settings of the VIP address and HA and LAN1 or LAN1 (VLAN) ports on both nodes, for setting the host name, admin password, and system clock, and—if using NTP (Network Time Protocol)—for enabling the HA pair as an NTP client.
Using the Infoblox NIOS Startup Wizard to Configure an HA Pair
When you first make an HTTPS connection to the NIOS appliance, the Infoblox NIOS Startup Wizard guides you through various deployment options, basic network settings, and opportunities for changing the password of the superuser admin and for setting the system clock.
Configuring the Connecting Switch
To ensure that VRRP (Virtual Router Redundancy Protocol) works properly, configure the following settings at the port level for all the connecting switch ports (HA, LAN1, LAN1 (VLAN), LAN2, and LAN2 (VLAN)):
Spanning Tree Protocol: Disable. For vendor specific information, search for "HA" in the Infoblox Knowledge Base system at https://support.infoblox.com.
Trunking: Disable
EtherChannel: Disable
IGMP Snooping: Disable
Port Channeling: Disable
Speed and Duplex settings: Match these settings on both the Infoblox appliance and switch
Disable other dynamic and proprietary protocols that might interrupt the forwarding of packets
Note
By default, a NIOS appliance automatically negotiates the optimal connection speed and transmission type (full or half duplex) on the physical links between its LAN1, HA, and MGMT ports and the Ethernet ports on the connecting switch. If the two appliances fail to auto-negotiate the optimal settings, see Modifying Ethernet Port Settings for steps you can take to resolve the problem.
Putting Both Nodes on the Network
Use one of the methods described in Deploying a Single Independent Appliance to configure the network settings of the LAN1 port of each node so that they are on the same subnet and you can reach them across the network.
Cable the LAN1 port and the HA port on each node to the network switch.
Cable your management system to the network switch.
Configuring Node 1
Open an Internet browser window and enter https://* *<the IP address of the appliance> to make an HTTPS connection to the first node. For information about supported browsers, see Supported Support Matrix Browsers.
Several certificate warnings may appear during the login process because the preloaded certificate is self-signed and has the hostname www.infoblox.com, which may not match the destination IP address that you entered in step 1. To stop the warning messages from occurring each time you log in to Grid Manager, you can generate a new self-signed certificate or import a third-party certificate with a common name that matches the FQDN (fully qualified domain name) of the appliance. For information, see Creating a Login Banner.Enter the default username and password (admin and infoblox) on the Grid Manager login page, and then click Login or press ENTER. For information, see Logging on to the NIOS UI.
Read the Infoblox End-User License Agreement, and then click I Accept to proceed.
Click OK. Grid Manager may take a few seconds to load your user profile.
In the first screen of the Grid Setup wizard, select Configure a Grid Master and click Next.
Specify the following:
Grid Name: Type the name of the Grid. The default name is Infoblox.
Shared Secret: Enter the shared secret that both nodes use to authenticate each other when establishing a VPN tunnel for ensuing bloxSYNC traffic. The default shared secret is test.
Confirm Shared Secret: Enter the shared secret again.
Host Name: Enter a valid domain name for the node.
Type of Network Connectivity: Select the type of network connectivity from the drop-down list:
IPv4 and IPv6: Select this to configure a dual mode HA pair.
IPv4: Select this to configure an IPv4 HA pair.
IPv6: Select this to configure an IPv6 HA pair.
Select Yes in the Is the Grid Master an HA pair field for the first appliance of the HA pair.
Send HA and Grid Communication over: Select either IPv4 or IPv6. This field is displayed only when you configure a dual mode (IPv4 and IPv6) HA pair.
Click Next and complete the following to set properties for the first node:
Virtual Router ID: Enter the VRID (virtual router ID). This must be a unique VRID number—from 1 to 255—for this subnet.
Ports and Addresses: This table lists the network interfaces depending on the type of network connectivity. For IPv4 HA pair, specify the network information for VIP (IPv4), Node1 HA (IPv4), Node2 HA (IPv4), Node1 LAN1 (IPv4), and Node2 LAN1 (IPv4) interfaces. For IPv6 HA pair, specify the network information for VIP (IPv6), Node1 LAN1 (IPv6), and Node2 LAN1 (IPv6) interfaces.
For a dual mode HA pair, if you select IPv4 in the Send HA and Grid Communication over field in step 2 of the NIOS Startup wizard, specify the network information for the following interfaces: VIP (IPv4), Node1 HA (IPv4), Node1 LAN1 (IPv4), Node2 HA (IPv4), Node2 LAN1 (IPv4), VIP (IPv6), Node1 LAN1 (IPv6), and Node2 LAN1 (IPv6) ports. If you select IPv6 in the Send HA and Grid Communication over field in step 2 of the NIOS Startup wizard, specify the network information for the following interfaces: VIP (IPv4), Node1 LAN1 (IPv4), Node2 LAN1 (IPv4), VIP (IPv6), Node1 LAN1 (IPv6), and Node2 LAN1 (IPv6).
Click the empty fields and complete the following information:Interface: Displays the name of the interface. You cannot modify this.
Address: Type the IPv4 or IPv6 address depending on the type of interface.
Subnet Mask (IPv4) or Prefix Length (IPv6): Specify an appropriate subnet mask for IPv4 address or prefix length for IPv6 address. The prefix length ranges from 2 to 127.
Gateway: Type the IPv4 or IPv6 address of the default gateway depending on the type of interface. For IPv6 interface, you can also type Automatic to enable the appliance to acquire the IPv6 address of the default gateway and the link MTU from router advertisements.
Port Settings: Select the port settings from the drop-down list. The list contains all settings supported by the hardware model. The default is Automatic. The appliance automatically detects the port settings.
Click Next and complete the following to set admin password:
Yes: To change the default password.
No: To keep the default password.
If you select Yes, complete the following:Password: Enter a password for the superuser admin account. The password cannot contain spaces and it must be at least four characters long. The password is case-sensitive.
Retype Password: Enter the same password.
Click Next and complete the following to configure time settings:
Time Zone: Select the applicable time zone from the drop-down list. The default is (UTC) Coordinated Universal Time.
Would you like to enable NTP?:
Select Yes to synchronize the time with external NTP servers. Click the Add icon. Grid Manager adds a row to the NTP Server table. Click the row and enter either the IPv4 or IPv6 address or the resolvable host name of an NTP server. You can view a list of public NTP servers at ntp.isc.org.
Select No to specify a date and time.
Date: Enter the data in YYYY-MM-DD format. You can also click the calendar icon to select a date from the calendar widget.
Time: Enter the time in HH:MM:SS AM/PM format. You can also click the clock icon to select a time from the drop-down list.
Click Next to view the summary of the configuration. Review the information and verify that it is correct. You can change the information you entered by clicking Previous to go back to a previous step.
Click Finish.
Configuring Node 2
Open an Internet browser window and enter https://* *<the IP address of the appliance> to make an HTTPS connection to the second node. For information about supported browsers, see Support Matrix.
Several certificate warnings may appear during the login process because the preloaded certificate is self-signed and has the host name www.infoblox.com, which may not match the destination IP address you entered in step 1. To stop the warning messages from occurring each time you log in to Grid Manager, you can generate a new self-signed certificate or import a third-party certificate with a common name that matches the FQDN (fully qualified domain name) of the appliance. For more information, see Creating a Login Banner.Enter the default username and password (admin and infoblox) on the Grid Manager login screen, and then click Login or press ENTER. For more information, see Logging on to the NIOS UI.
Read the Infoblox End-User License Agreement, and then click I Accept to proceed.
Click OK. Grid Manager may take a few seconds to load your user profile.
In the first screen of the NIOS Setup wizard, complete the following:
Type of Network Connectivity: Select the type of network connectivity from the drop-down list:
IPv4 and IPv6: Select this to configure a dual mode HA pair.
IPv4: Select this to configure an IPv4 HA pair.
IPv6: Select this to configure an IPv6 HA pair.
Select Configuring an HA pair to configure an independent HA pair and click No to configure the first node of an HA pair
Click Next and complete the following to configure network settings:
HA Virtual IP address: Enter the VIP (virtual IP) address and its netmask.
HA Pair Name: Enter a name for the HA pair. The default name is Infoblox. Ensure that you use the same name as the first node.
Shared Secret: Enter a text string that both nodes use as a shared secret to authenticate each other when establishing a VPN tunnel. The default shared secret is a test. This must be the same shared secret that you entered on the first appliance.
Show Password: Click this to display the shared secret. Clear it to conceal the shared secret.
Click Next, and then complete the following to set properties for the second appliance:
IP Address: Enter the IPv4 or IPv6 address of the appliance.
Subnet Mask: Enter the subnet mask of the appliance.
Or
Prefix Length: Enter the prefix length if you have entered the IPv6 address in the IP Address field. The prefix length ranges from 2 to 127.Gateway: Enter the IP address of the gateway of the subnet of the interface.
Click Next to view the summary of the configuration. Review the information and verify that it is correct. You can change the information you entered by clicking Previous to go back to a previous step.
Click Finish.
The setup of the HA pair is complete. When you next make an HTTPS connection to the HA pair, use the VIP address.
The communication protocol for all the services in a dual mode (IPv4 and IPv6) HA appliance is the same protocol as the one used for VRRP advertisements. For example, if you select IPv4 in the Send HA and Grid Communication Over field on the first screen of the NIOS Setup wizard, then IPv4 is set as the communication protocol for all the services. However, you can override the communication protocol for all the services in a dual mode HA pair. For information, see Changing the Communication Protocol for a Dual Mode Independent Appliance.
Â