2572 - Configuring DHCP High Availability in BloxOne DDI
Cloud Services Portal (CSP) is now Infoblox Portal
In early September, Cloud Services Portal (CSP) became Infoblox Portal with a new look-and-feel, and a new URL (https://portal.infoblox.com). As a result of this change, the layout and organization of several menus have been updated.
Unfortunately, this means that our video courseware and lab guides no longer match the new user interface. However, we are currently in the process of updating them, and they should be ready soon.
In the meantime, we have some resources to help you navigate the new interface:
We have created a mapping of the previous menu locations and their new breadcrumb location.
Additionally, you can find a walkthrough video of the new User Interface on Launchpad.
We apologize for any inconvenience this may cause and kindly ask for your patience as we work through this transition.
Scenario
Our DHCP services are online and serving clients for the Techblue NYC Branch. However, we only have a single DHCP Service Host serving these clients and we have requirements for redundancy. We want to add High Availability to our DHCP service.
Estimated Completion Time
15 to 20 minutes
Prerequisites
Administrative access to the CSP
Lab 2801: Deploying BloxOne Hosts
Lab 2570: Configuring DHCP Services in BloxOne DDI
Lab 2571: Creating DHCP Networks in BloxOne DDI
Course References
2170 DHCP Services
2171 BloxOne DDI IP Address Spaces
2152 BloxOne DDI Configuring DHCP High Availability
Tasks
Unassigning existing networks and ranges
Creating an HA Group
Applying a DHCP Config profile to an additional service host
Assigning a subnet and range to the HA Group
Validating that a client can obtain an IP Address via DHCP
Testing DHCP High Availability
Task 1: Unassigning existing networks and range
The existing IP Space Techblue Network has a network and range we deployed for the Techblue NYC Branch of our network. We need to detach from the service instance Techblue DHCP service 1 while we get the DHCP High Availability services configured. Change the configuration of the subnet 172.31.101.0/24 and range 172.31.101.100-172.31.101.199 to disassociate the host service with this subnet and range.
Task 2: Creating an HA Group
We need to create an HA Group with two DHCP Service Hosts. Our design specifications indicate that it should be an Advanced Active/Passive type of High Availability pair. We want to use our two existing DHCP service hosts for this pair, Techblue DHCP service 1 and Techblue DHCP service 2. We'll name our HA Group Techblue NYC Branch HA Group.
Task 3: Applying a DHCP Config Profile to an additional service host
We had been using DHCP Config Profile Techblue NYC Branch to supply specific options (routers, nameservers, etc) to DHCP clients, but we will now be using two DHCP service hosts in an HA pair configuration. We need to apply this DHCP Config Profile to both DHCP service hosts.
Task 4: Assigning a subnet and range to the HA Group
Earlier, we detached the subnet 172.31.101.0/24 and the range 172.31.101.100-172.31.101.199 from the service instance Techblue DHCP service 1. Now that we have created an HA Group, we can assign it to the subnet and range. When this is applied, the DHCP clients will be able to get a lease from the active DHCP service host in the pair. Assign the subnet and range to the new HA Group Techblue NYC Branch HA Group.
Task 5: Validating that a client can obtain an IP Address via DHCP
We need to make sure that our DHCP clients are able to get leases. we should test that the clients are able to get an IP address from this range. Test this out with our Virtual machine testing-linux.
Task 6: Testing DHCP High Availability
Like a file backup system, redundancy is only useful if it actually works. We should test the redundancy of the DHCP High Availability pair to make sure this deployment will work. Simulate a failure of one of the DHCP service hosts and verify that our testing-linux client can still retrieve a DHCP lease. We can also verify which DHCP server handed the client the lease.
Solutions
Task 1: Unassigning existing networks and range
With the Infoblox CSP, navigate to Manage → IPAM/DHCP
Select the Address Spaces tab
Click Address Space Techblue Network to go inside of the Address Space
Click Address Block 172.31.0.0/16 to go inside of the Address Block
Click the menu icon next to the 172.31.101.0/24 Subnet, select Edit
Under Service Instance, click the X on the currently associated Host Service. This will disassociate the Host Service with this Subnet.
Click Save & Close
Click Subnet 172.31.101.0/24 to go inside of the Subnet
Click the menu icon next to the 172.31.101.100-172.31.101.199 Range and select Edit
Under Service Instance, click the X on the currently associated Host Service. This will disassociate the Host Service with this Range.
Click Save & Close
Task 2: Creating an HA Group
With the Infoblox CSP, navigate to Manage → IPAM/DHCP
Select the HA Groups tab
Click Create HA Group
Give the HA Group a Name: Techblue NYC Branch HA Group
Change the HA Configuration Type to Advanced Active/Passive
Next to Advanced AP Active Service Instance 1, click Select Active Service Instance, select the DHCP Service Host Techblue DHCP service 1, and click Select
Next to Advanced AP Passive Service Instance 2, click Select Passive Service Instance, select the DHCP Service Host Techblue DHCP service 2, and click Select
Click Save & Close
Task 3: Applying a DHCP Config Profile to an additional service host
With the Infoblox CSP, navigate to Manage → IPAM/DHCP→DHCP Config Profiles
Edit the Techblue NYC Branch configuration
Under SERVICE INSTANCES, click Add, select your other DHCP service instance Techblue DHCP service 2, and click Select
Click Save & Close
Task 4: Assigning a subnet and range to the HA Group
In your CSP browser window, navigate to Manage → IPAM/DHCP
Select the Address Spaces tab
Click Address Space Techblue Network to go inside of the Address Space
Click Address Block 172.31.0.0/16 to go inside of the Address Block
Click the menu icon next to the 172.31.101.0/24 Subnet, select Edit
Under Service Instance, click Select Service Instance, Select HA Groups, and then select Techblue NYC Branch HA Group. Click Select on the right
Click Save & Close
Click Subnet 172.31.101.0/24 to go inside of the Subnet
Click the hamburger icon next to the 172.31.101.100-172.31.101.199 Range, select Edit
Under Service Instance, click Select Service Instance, Select HA Groups, and then select Techblue NYC Branch HA Group. Click Select on the right
Click Save & Close
Task 5: Validating that a client can obtain an IP Address via DHCP
On the testing-linux Virtual Machine, open a Terminal window
Enter the following command to show the leases on the network interface ens160:
sudo show-dhcp-lease
You should see DHCP Lease information that has been assigned to the testing-linux machine. We can also see the IP address of the DHCP server which offered the client an IP address under option dhcp-server-identifier. This is important because we can determine which of the two DHCP service instances handed this lease to the client.
Example:training@testing-linux:~ $ sudo show-dhcp-lease--- Raw DHCP Lease Informationlease {interface "ens160";fixed-address 172.31.101.100;option subnet-mask 255.255.255.0;option dhcp-lease-time 240;option routers 172.31.101.1;option dhcp-message-type 5;option dhcp-server-identifier 10.100.0.110;option domain-name-servers 10.100.0.110,10.200.0.110;option ntp-servers 10.100.0.10;option host-name "testing-linux";option domain-name "techblue.net";renew 4 2023/07/20 18:02:50;rebind 4 2023/07/20 18:04:41;expire 4 2023/07/20 18:05:11;}Switch to your CSP browser window. In IPAM/DHCP, within the IP Space, IP Address Block and Subnet you created, click on the 172.31.101.100-172.31.101.199 range to go inside of the range. You should see the corresponding DHCP lease for testing-linux. This verifies that testing-linux can at least get an IP Address from the DHCP servers.
Task 6: Testing DHCP High Availability
We will simulate an outage of one of the DHCP HA Pair On-Prem Hosts to verify that testing-linux can still receive an IP address when one of the DHCP service hosts is down.
First, we need to know which BloxOne Host assigned the lease. On the testing-linux machine, open a Terminal window. The lease information can be found by running the command you ran earlier
Example:sudo show-dhcp-lease...option dhcp-server-identifier 10.100.0.110;....This is the IP Address for our oph1.techblue.net. So, for this example, we will use Techblue DHCP service 1.
Using the VM control UI, click on the left-most icon on the bar (the two screens icon) and view all the VMs by clicking on View all VMs
On the tile for the BloxOne Host which is associated with the lease (which you found in step 1), click the Power Options for this VM button and select Power Off.
Example for oph1.techblue.net:
Give the Host some time to power off. On the testing-linux machine, open a Terminal window.
We had set the lease time to 4 minutes in the DHCP Config Profile. Enter the command
sudo show-dhcp-leaseto show the lease a few times while the 4-minute lease expires.
You should see DHCP Lease information that has been assigned to the testing-linux machine.
Note the IP address identified by option dhcp-server-identifier in the lease information has changed. This should be the remaining online BloxOne Service Host. This test shows that our DHCP High Availability is working as intended.Return the offline BloxOne Host to service. Using the VM control UI again, click on the left-most icon on the bar (the two screens icon) and view all the VMs by clicking on View all VMs. On the tile for the powered-off Host click the Power Options for this VM button and select the Play button (Run this VM).
Confirm that the BloxOne Host is back online and connected to your CSP. Switch to jump-desktop and on your CSP, look at the BloxOne Host status at Manage → Infrastructure → Hosts.