Document toolboxDocument toolbox

Setting Static Routes

Owned by Aliaksei Shautsou (Deactivated)
Last updated: Jul 25, 2022 by Shirly Tsang
5 min read

When you put the NIOS appliance on a segment of the network where there is a single path to and from it, a single default route is sufficient. For example, in Figure 8.10, the appliance is in the DMZ behind a firewall and connects to the rest of the network through the DMZ interface on the firewall. For example, when hosts send DNS queries from the Internet and the internal network to the appliance and when the appliance replies to those hosts, the firewall takes care of all the routing.

Note: This feature is not supported on vNIOS Grid members for Riverbed.


Figure 8.10 Single Default Route


When the NIOS appliance is on a segment of the network where there are multiple gateways through which traffic to and from the appliance can flow, a single default route is insufficient. For an example, see Figure 8.11.

Figure 8.11 Erroneously Routed DNS Replies
 


To resolve the problem illustrated in Figure 8.11, add a second route pointing traffic destined for 10.1.1.0/24 to use the gateway with IP address 1.2.2.2 on firewall-2. This is shown in Figure 8.12.
Figure 8.12 Properly Routed DNS Replies


Whenever you want the NIOS appliance to send traffic through a gateway other than the default gateway, you need to define a separate route. Then, when the appliance performs a route lookup, it chooses the route that most completely matches the destination IP address in the packet header.
When you enable the MGMT port, the gateway you reference in a static route determines which port the NIOS appliance uses when directing traffic to a specified destination.

  • If a route definition references a gateway that is in the same subnet as the IP and VIP addresses of the LAN (or LAN1) and HA ports, the NIOS appliance uses the LAN (or LAN1) or HA port when directing traffic to that gateway.
  • If a route definition references a gateway that is in the same subnet as the MGMT port, the NIOS appliance uses the MGMT port when directing traffic to that gateway


Figure 8.13 Static Routes for the LAN and MGMT Ports


The need for routes can apply to any type of traffic that originates from the appliance, such as DNS replies, DHCP messages, SNMP traps, ICMP echo replies, Infoblox GUI management, and Grid communications.
To set a static route, do the following:

  1. From the Grid tab, select the Grid Manager tab -> Members tab -> Grid_member check box, and then click the Edit icon.
  2. In the Network -> Advanced tab of the Grid Member Properties editor, click the Add icon for the IPv4 Static Routes table, and then enter the following:
    • Network Address: Type the address and netmask of the remote network to which the NIOS appliance routes traffic.
    • Gateway Address: Type the IP address of the gateway on the local subnet through which the NIOS appliance directs traffic to reach the remote network. The gateway address must meet the following requirements:
      • It must belong to a working gateway router or gateway switch.
      • It must be in the same subnet as the NIOS appliance.
        Note: Consult your network administrator before specifying the gateway address for a static route on the appliance. Specifying an invalid gateway address can cause problems, such as packets being dropped or sent to an incorrect address.

    3. Save the configuration and click Restart if it appears at the top of the screen.


Defining IPv6 Static Routes
Principles and applications related to IPv4 static routing in this section apply equally to IPv6. In Figure 8.14, a NIOS appliance supports both IPv4 and IPv6 on its LAN1 port. IPv6 is routed to the internal network while the default IPv4 route remains to the outbound 10.2.2.1 address.
You can use prefix notation to enter an IPv6 network address; the full 128-bit gateway value must be entered. To set an IPv6 static route, do the following:

  1. From the Grid tab, select the Grid Manager tab -> Members tab -> Grid_member check box, and then click the Edit icon.
  2. In the Network -> Advanced tab of the Grid Member Properties editor, click the Add icon for the IPv6 Static Routes table, and then enter the following:
    • Network Address: Type the prefix and prefix length of the remote network to which the NIOS appliance routes traffic. As an example: 2001:DB8::256:/64. The double colon is required at the end of the prefix. NIOS performs validity checks on the address while it is being entered.
    • Gateway Address: Type the IP address of the gateway on the local subnet through which the NIOS appliance directs traffic to reach the remote network. As an example: 2001:DB8::256:ABCD:EF12:1234:1. The gateway address must meet the following requirements:
      • It must belong to a working gateway router or gateway switch.
      • It must be in the same subnet as one of the interfaces of the NIOS appliance.
      • The gateway address cannot be the same value as that for the VIP.
        Note: Consult your network administrator before specifying the gateway address for a static route on the appliance. Specifying an invalid gateway address can cause problems, such as packets being dropped or sent to an incorrect address.

    3. Save the configuration and click Restart if it appears at the top of the screen.


Figure 8.14 Static Routes for IPv6 Traffic



Enabling DNS Resolution
You can specify a network server to perform domain name queries and specify up to two name servers for resolving a DNS name. You can specify the IP address of a preferred name server and that of an alternate name server, plus use a search list for performing partial name resolution.
To enable DNS resolution for a Grid or for an independent appliance or HA pair:

  1. Grid: From the Grid tab, select the Grid Manager tab, expand the Toolbar and click Grid Properties -> Edit.
    Member: From the Grid tab, select the Grid Manager tab -> Members tab -> Grid_member check box, and then click the Edit icon.
    To override an inherited property, click Override next to it and complete the appropriate fields.
  2. In the Grid Properties or Member Properties editor, select the DNS Resolver tab, and then enter the following:
  • Enable DNS Resolver: Select the check box to enable the NIOS appliance to send DNS queries to the preferred or alternate name servers whose IP addresses you specify in the following fields.
    Click the Add icon and enter the IP addresses (IPv4 or IPv6) of the servers to which the appliance sends queries. The appliance attempts to send queries to the servers in the order they are listed if it does not receive a response from a listed name server. To move a server up or down on the list, select it and drag it to its new location or click the up and down arrows.
  • Search List: You can define a group of domain names that the NIOS appliance can add to partial queries that do not specify a domain name. For example, if you define a RADIUS authentication home server as "as1", and you list "corpxyz.com" and "hq.corpxyz.com" in the domain group list, then the NIOS appliance sends a query for "as1.corpxyz.com" and another query for "as1.hq.corpxyz.com" to the preferred or alternate name server. To specify domain names containing IDNs, manually convert it into punycode and specify domain names in punycode.
    To add a domain name, click the Add icon and type a domain name in the Search List field. To remove a domain name from the group, select it, and then click Delete.

     3. Save the configuration and click Restart if it appears at the top of the screen.