About IB-FLEX
- Panna .
- Shwetha S
IB-FLEX is a virtual platform that is scalable based on the resource that you allocate to the virtual machine. NIOS automatically detects the capacity of the virtual machine and scales it to the appropriate platform after you provision the IB-FLEX member.
You must first install the Grid license on a non IB-FLEX appliance that is designated as the Grid Master to allow members to join the Grid, even if you have already installed an Flex Grid Activation license. This license does not affect a non IB-FLEX Grid Master.
An IB-FLEX appliance designated as a member does not require any license, either Grid or vNIOS, while joining the Grid. When you register an IB-FLEX member, the appliance checks for the Grid (enterprise) license and changes it to a non IB-FLEX member. For an IB-FLEX appliance, it checks for an Flex Grid Activation Grid-wide license before node registration.
IB-FLEX members can join the Grid through the MGMT interface when Software ADP is enabled. You can configure an IB-FLEX appliance to function as a Grid Master or a member. To enable reporting for a Grid member that is running Software ADP, you must configure the MGMT interface.
A non IB-FLEX appliance designated as a member requires either a Grid and/or vNIOS/NIOS licenses installed to join the Grid. Similarly, for a reporting appliance to join the Grid, you must install a Grid and/or vNIOS/NIOS licenses. You cannot assign pool licenses to an IB-FLEX appliance. IB-FLEX supports HA for appliances that are running Software ADP.
Infoblox supports elastic scaling on IB-FLEX members that use the Flex Grid Activation Grid-wide license. It also supports pre-provisioning for Software ADP on the supported platforms. You must add the new IB-FLEX model to the list of supported pre-provisioning hardware types, so that you can select it during the member pre-provisioning. To pre-provision a non IB-FLEX Grid member, you must have valid pool licenses and pre-provisioned those members in the Grid.
Important
To set up a supported virtual appliance as an IB-FLEX, you must first define the hardware type of the virtual appliance as IB-FLEX before you configure it. Depending on the platform or environment in which you are installing IB-FLEX, you can define the hardware-type parameter to IB-FLEX during the cloud-init process, or you can manually set the hardware type using the set hardware-type CLI command. For more information, see set hardware-type.
Limitations of IB-FLEX
It is not compatible with the traditional node-based licensing and it supports capacity based licensing only.
An IB-FLEX instance will not start if you do not configure the required minimum level of resources.
The resources assigned to IB-FLEX for cores and memory must be equal to or exceed the minimum designated values for the platform. For more information about IB-FLEX platforms, see About IB-FLEX Instances and Platform Settings below.
IB-FLEX does not support DNS64 on appliances running NIOS version 8.2.0.
To effectively use IB-FLEX Grid Master Candidate, it is mandatory to install FLEX Grid Activation license / FLEX Grid Activation for Managed Services license, on the Grid Master.
Installing IB-FLEX
Depending on your network environment, you can install IB-FLEX just like how you install other Infoblox virtual appliances. Before you deploy an IB-FLEX, ensure that you set the hardware type of the appliance to IB-FLEX. You can do so either through the cloud-init process during deployment or manually through the set hardware-type CLI command.
For more information about installing IB-FLEX in the VMware environment, see Deploying vNIOS Appliances on VMware.
For information about installing IB-FLEX in the OpenStack environment, see Deploying vNIOS for KVM in OpenStack Using Elastic Scaling.
About IB-FLEX Instances and Platform Settings
An IB-FLEX instance supports capacity-based licensing only, but it is compatible with NIOS Grid Master that uses node-based licensing. You can upgrade an IB-FLEX instance from a low-end platform to a high-end platform by increasing the resource allocation of the virtual machine. An IB-FLEX instance selects the default internal settings for a respective instance platform based on the resource settings detected during the startup.
An IB-FLEX instance supports VMware ESXi with or without SR-IOV enabled and OpenStack with KVM both with or without SR-IOV. The table below provides information about the IB-FLEX platform resource specification:
Important Note
The stated numbers and recommendations in the following table are for reference only. They represent the results of lab testing in a controlled environment. Enabling additional protocols, services, cache hit ratio for recursive DNS, and customer environment variables will affect performance. To design and size a solution for a production environment, please contact your Infoblox Solution Architect.
IB-FLEX Platform Resource Specification
Resource Type | Allowed Range of Values | Recommended Value | Description |
|---|---|---|---|
Virtual NUMA Nodes | 1 | 1 | Single virtual CPU socket |
Disk Size | 250 GB | 250 GB | Fixed size virtual disk |
IB-FLEX Resource Usage
The table below provides information about the IB-FLEX platform and various platform settings:
Prior to NIOS 9.0.4
Total Resource Usage for Different Use Cases Prior to NIOS 9.0.4
 Intended Use   | Total vCPU | Total Memory GB (Without Software ADP) | Total Memory GB (With Software ADP) | Database Object Count | Grid Master Capable |
|---|---|---|---|---|---|
Small Authoritative DNS | 4 | 8 | Â | 100,000 | No |
4 | Â | 10 | 100,000 | No | |
Medium Authoritative DNS | 8 | 16 | Â | 200,000 | Yes |
8 | Â | 22 | 600,000 | Yes | |
Large Authoritative DNS | 16 | 32 | Â | 5,000,000 | Yes |
16 | Â | 40 | 16,000,000 | Yes | |
Recursive DNS (without acceleration) | 6 | 14 | Â | 100,000 | Yes |
6 | Â | 18 | 200,000 | Yes | |
Large Recursive DNS (without acceleration) | 14 | 28 | Â | 2,000,000 | Yes |
14 | Â | 36 | 5,000,000 | Yes | |
Small Grid Master | 10 | 18 | NA | 600,000 | Yes |
Medium Grid Master | 12 | 22 | NA | 1,000,000 | Yes |
Large Grid Master | 16 | 32 | NA | 5,000,000 | Yes |
Small Recursive DNS (with acceleration) | 10 | 12 | Â | 100,000 | No |
10 | Â | 20 | 100,000 | No | |
Medium Recursive DNS (with acceleration) | 16 | 20 | Â | 100,000 | No |
16 | Â | 28 | 100,000 | No | |
Large Recursive DNS (with acceleration) | 26 | 30 | Â | 100.000 | No |
26 | Â | 38 | 100.000 | No | |
Large Grid Master (with acceleration) | 20 | 38 | NA | 100,000 | Yes |
From NIOS 9.0.4
Total Resource Usage for Different Use Cases From NIOS 9.0.4
Intended Use   | Total vCPU | Total Memory GB (Without Software ADP) | Total Memory GB (With Software ADP) | Database Object Count | Grid Master Capable |
|---|---|---|---|---|---|
Small Authoritative DNS | 4 | 8 | 10 | 100,000 | No |
Medium Authoritative DNS | 8 | 16 | 22 | 600,000 | Yes |
Large Authoritative DNS | 16 | 32 | 40 | 16,000,000 | Yes |
Recursive DNS (without acceleration) | 6 | 14 | 18 | 200,000 | Yes |
Large Recursive DNS (without acceleration) | 14 | 28 | 36 | 5,000,000 | Yes |
Small Grid Master | 10 | 18 | NA | 1,000,000 | Yes |
Medium Grid Master | 12 | 22 | NA | 2,000,000 | Yes |
Large Grid Master | 16 | 32 | NA | 16,000,000 | Yes |
Small Recursive DNS (with acceleration) | 10 | 12 | 20 | 100,000 | No |
Medium Recursive DNS (with acceleration) | 16 | 20 | 28 | 100,000 | No |
Large Recursive DNS (with acceleration) | 26 | 30 | 38 | 300,000 | No |
Large Grid Master (with acceleration) | 20 | 38 | NA | 300,000 | Yes |
Medium Authoritative DNS (with acceleration) | 16 | 64 | 72 | 300,000 | No |
Large Authoritative DNS (with acceleration) | 24 | 120 | 128 | 600,000 | No |
Note the following about IB-FLEX:
You cannot mark an IB-FLEX appliance as a Grid Master or Grid Master Candidate with resources that are intended for small authoritative DNS, small recursive DNS (with acceleration), medium recursive DNS (with acceleration), and large recursive DNS (with acceleration). For more information, see the Total Resource Usage for Different Use Cases table above.
Infoblox recommends that you increase the memory to the following for IB-FLEX members to use certain features:
16 GB, instead of the standard 14 GB, to use DNS analytics.
20 GB, instead of the standard 18 GB, to use Threat Insight when RPZ is assigned to the IB-FLEX member.
To enable Authoritative DNS and DNS Cache Acceleration on the same member, note the following:
The minimum system requirements for Medium Authoritative DNS (with acceleration) are:
CPU: 16 cores
Memory: 64 GB
The minimum system requirements for Large Authoritative DNS (with acceleration) are:
CPU: 24 cores
Memory: 120 GB
If the virtual DNS Cache Acceleration service is running, DNS authority zones can be added.
Adding an authoritative zone is allowed on servers running with virtual DNS Cache Acceleration.
Assigning name server groups with DNS Cache Acceleration members for authoritative zones is allowed.
Authoritative responses from authoritative DNS are not cached in virtual DNS Cache Acceleration.
Zone transfer configuration for authoritative zones on virtual DNS Cache Acceleration enabled members is allowed.
Configuration Recommendations for IB-FLEX
The following table lists Infoblox recommendations for IB-FLEX configurations based on the features used. For a mapping of small IB-FLEX, medium IB-FLEX, medium large IB-FLEX, and large IB-FLEX configurations, use the legend below:
Small IB-FLEX: 8 vCPUs, 32 GB memory
Medium IB-FLEX: 16 vCPUs and 64 GB Memory
Medium Large IB-FLEX: 16 vCPUs and 96 GB memory
Large IB-FLEX: 26 vCPUs and 128 GB memory
IB-FLEX Recommendations Based on Features
Feature | Minimum Requirement |
|---|---|
Virtual DNS Cache Acceleration (vDCA) + Reporting | Small IB-FLEX |
Virtual Advanced DNS Protection Software (vADP) + Reporting | Small IB-FLEX |
DNS Cache Acceleration, Virtual Advanced DNS Protection Software (vADP), TCP DNS, DNSTAP, Authoritative DNS, DNS over TLS (DoT), DNS over HTTPS (DoH), and Reporting | Medium IB-FLEX |
Virtual DNS Cache Acceleration (vDCA), Virtual Advanced DNS Protection Software (vADP), TCP DNS, Reporting, and Subscriber services | Medium IB-FLEX |
Virtual DNS Cache Acceleration (vDCA), Virtual Advanced DNS Protection Software (vADP), TCP DNS, DNS over TLS (DoT), DNS over HTTPS (DoH), Authoritative DNS, DNSTAP, Reporting, and Subscriber services | Medium large IB-FLEX |
Virtual DNS Cache Acceleration (vDCA), Virtual Advanced DNS Protection Software (vADP), TCP DNS, Authoritative DNS, Reporting, and Subscriber services with 5 million subscribers only deployment | Medium large IB-FLEX |
Virtual DNS Cache Acceleration (vDCA), Virtual Advanced DNS Protection Software (vADP), TCP DNS, DNS over TLS (DoT), DNS over HTTPS (DoH), DNSTAP, Authoritative DNS, Reporting, and Subscriber services (with allow blocklists) | Large IB-FLEX |
Configuring DNS Cache Acceleration on IB-FLEXÂ
When you enable virtual DNS cache acceleration on the IB-FLEX, the appliance acts as a high-speed DNS caching-only name server. This feature provides DNS cache acceleration support for recursive UDP DNS queries on the IB-FLEX. The DNS cache acceleration feature is bundled with the Tiered licensing. When you install this license, you are entitled to use the DNS cache acceleration feature on IB-FLEX.
IB-FLEX supports RPZ, but the response for RPZ queries are not cached by the DNS cache accelerator. Instead, these queries are bypassed to the host and you can configure cache expiry period for RPZ queries. Note that the maximum cache lifetime for DNS cache acceleration on IB-FLEX is set to 300 seconds if the RPZ license is installed.
You can also use Elastic Scaling to pre-provision DNS cache acceleration on IB-FLEX. IB-FLEX supports Intel x86_64 systems with IOMMU, Hugepages processors, virtio-net, and SRIOV VF’s with Intel and Mellanox family VF based ethernet controllers for DNS cache acceleration.
You can configure DNS cache acceleration on IB-FLEX using the Grid Manager or API. To view accelerated cache details, you can either log in to Grid Manager, or use CLI commands, or Infoblox API. If the tiered license usage is exceeded then a message is displayed in the Grid Manager. A warning message is displayed on the Grid Manager, if the QPS is going over the threshold on these platforms based on Tiered license installed. Â
Infoblox supports Auto Scaling that contains OpenStack packages to automatically scale the required number of resources based on your application. For more information, refer to Auto Scaling for Virtual DNS Cache Acceleration. For detailed information about configuring DNS Cache Acceleration, see Configuring DNS Cache Acceleration.
At present, the TE-23x6, TE-41x6, and IB-FLEX appliances are the only qualified permutations across hardware and VMs with appropriate compute resources.
IB-FLEX in X6 Series Appliances
All of the Trinzic X6 series appliances: TE-1506, TE-1606, TE-2306 and TE-4106 can be used as IB-FLEX members if the hardware type is set to IB-FLEX using the CLI command set hardware-type.
The DNS Cache Acceleration service runs on all Trinzic X6 Series appliances when used as IB-FLEX. Infoblox recommends to use DNS Cache Acceleration only on TE-2306 and TE-4106 appliances. Although, the DNS Cache Acceleration can be enabled on TE-1506, and TE-1606 appliances, Infoblox does not recommend it.
Reports for IB-FLEX
Infoblox supports a selected set of reports on IB-FLEX. To view all available reports, from the Reporting tab, select the Dashboards tab. The table below lists all the supported reports for IB-FLEX. For information about how to create and manage user-defined reports, see Infoblox Reporting and Analytics.
Supported Reports for IB-FLEX
DNS Reports | Security (DNS) Reports | System Reports |
|---|---|---|
DNS Query Rate by Query Type | DNS Top RPZ Hits | SPLA Grid Licensing Features Enabled |
DNS Query Rate by Member | DNS Top RPZ Hits by Client | CPU Utilization Trend |
DNS Daily Query Rate by Member | DNS RPZ Hits Trend By Mitigation Action | Memory Utilization Trend |
DNS Daily Peak Hour Query Rate by Member | ||
DNS Replies Trend | ||
DNS Cache Hit Rate Trend | ||
DNS Top Requested Domain Names | ||
DNS Top NXDOMAIN / NOERROR (no data) | ||
DNS Top Clients | ||
DNS Top Timed-Out Recursive Queries | ||
DNS Response Latency Trend | ||
DNS Top SERVFAIL Errors Sent | ||
DNS Top SERVFAIL Errors Received | ||
DNS Object Count Trend for Flex Grid License | ||
DNS Effective Peak Usage Trend for SPLA Grid License |
IB-FLEX Grid Activation Alerts
After the ability to generate reports for hardware appliances as well, three alerts are generated instead of one. The 'Flex Grid Activation' and 'Flex Grid Activation for Managed Services' licenses now have their own set of alerts. The alerts filter members based on ReportingSPLA extensible attribute value and therefore, the ib-dns-usage-report-per-month alert may not generate data.
Flex Grid Activation for Managed Services alerts:
ib-managed-dns-usage-report-per-month (both "Managed IB-FLEX" and "Managed HW/SW")ib-managed-flex-dns-usage-report-per-month (only "Managed IB-FLEX")ib-managed-hwsw-dns-usage-report-per-month (only "Managed HW/SW")ib-managed-dns-usage-report-per-quarter (both "Managed IB-FLEX" and "Managed HW/SW")ib-managed-flex-dns-usage-report-per-quarter (only "Managed IB-FLEX")ib-managed-hwsw-dns-usage-report-per-quarter (only "Managed HW/SW")
ib-managed-ddi-ip-usage-report-per-month (both "Managed IB-FLEX" and "Managed HW/SW")ib-managed-flex-ddi-ip-usage-report-per-month (only "Managed IB-FLEX")ib-managed-hwsw-ddi-ip-usage-report-per-month (only and "Managed HW/SW")ib-managed-ddi-ip-usage-report-per-quarter (both "Managed IB-FLEX" and "Managed HW/SW")ib-managed-flex-ddi-ip-usage-report-per-quarter (only "Managed IB-FLEX")ib-managed-hwsw-ddi-ip-usage-report-per-quarter (only "Managed HW/SW")
ib-managed-ddi-feature-usage-report-per-month (both "Managed IB-FLEX" and "Managed HW/SW")ib-managed-ibflex-ddi-feature-usage-report-per-month (only "Managed IB-FLEX")ib-managed-hw-sw-ddi-feature-usage-report-per-month (only and "Managed HW/SW")ib-managed-ddi-feature-usage-report-per-quarter (both "Managed IB-FLEX" and "Managed HW/SW")ib-managed-ibflex-ddi-feature-usage-report-per-quarter (only "Managed IB-FLEX")ib-managed-hw-sw-ddi-feature-usage-report-per-quarter (only and "Managed HW/SW")
Flex Grid Activation alerts:
ib-dns-usage-report-per-month (both "IB-FLEX" and "HW/SW")ib-flex-dns-usage-report-per-month (only "IB-FLEX")ib-hwsw-dns-usage-report-per-month (only "HW/SW")ib-dns-usage-report-per-quarter (both "IB-FLEX" and "HW/SW")ib-flex-dns-usage-report-per-quarter (only "IB-FLEX")ib-hwsw-dns-usage-report-per-quarter (only "HW/SW")
ib-ddi-ip-usage-report-per-month (both "IB-FLEX" and "HW/SW")ib-flex-ddi-ip-usage-report-per-month (only "IB-FLEX")ib-hwsw-ddi-ip-usage-report-per-month (only "HW/SW")ib-ddi-ip-usage-report-per-quarter (both "IB-FLEX" and "HW/SW")ib-flex-ddi-ip-usage-report-per-quarter (only "IB-FLEX")ib-hwsw-ddi-ip-usage-report-per-quarter (only "HW/SW")
ib-ddi-feature-usage-report-per-month (both "IB-FLEX" and "HW/SW")ib-ibflex-ddi-feature-usage-report-per-month (only "IB-FLEX")ib-hw-sw-ddi-feature-usage-report-per-month (only "HW/SW")ib-ddi-feature-usage-report-per-quarter (both "IB-FLEX" and "HW/SW")ib-ibflex-ddi-feature-usage-report-per-quarter (only "IB-FLEX")ib-hwsw-ddi-feature-usage-report-per-quarter (only "HW/SW")
The alerts filter members based on ReportingSPLA Extensible Attribute value.