2577 - Configuring DNS Anycast in BloxOne DDI
Cloud Services Portal (CSP) is now Infoblox Portal
In early September, Cloud Services Portal (CSP) became Infoblox Portal with a new look-and-feel, and a new URL (https://portal.infoblox.com). As a result of this change, the layout and organization of several menus have been updated.
Unfortunately, this means that our video courseware and lab guides no longer match the new user interface. However, we are currently in the process of updating them, and they should be ready soon.
In the meantime, we have some resources to help you navigate the new interface:
We have created a mapping of the previous menu locations and their new breadcrumb location.
Additionally, you can find a walkthrough video of the new User Interface on Launchpad.
We apologize for any inconvenience this may cause and kindly ask for your patience as we work through this transition.
Scenario
Our DNS service instances are running but our ultimate DNS design requires speed, redundancy, load balancing, and some DDoS mitigation. We have decided to implement the Anycast protocol with our DNS services to accomplish these requirements. Our network team has already implemented the routes needed and has provided the IP address scheme, so all we need to do is configure Anycast in our BloxOne DDI deployment.
Estimated Completion Time
10 to 15 minutes
Prerequisites
Administrative access to the CSP
Lab 2801: Deploying BloxOne Hosts
Lab 2573: Enabling and Configuring DNS Services
Course References
2159: BloxOne DDI Configuring DNS Services
2151: BloxOne Configuring Anycast
Tasks
Creating an Anycast Configuration
Configuring the Anycast Service Instance
Validating the router is receiving the routes
Task 1: Creating an Anycast Configuration
We need to create an Anycast Configuration first, where we will define our Anycast address. This is the IP address that will be advertised to the routers as the closest (in routing terms) DNS server to the client, using the Anycast protocol. We don't have to configure BGP at this point, but we do need to use the Anycast IP address that our network team provided: 10.24.7.53. We can name our configuration Techblue BGP DNS Anycast and the service it will use will be DNS.
Task 2: Configuring the Anycast Service Instance
Now we can configure DNS Anycast Service Instances. We'll create two service instances using our two BloxOne Hosts, oph1.techblue.net and oph2.techblue.net. We can name the Anycast service instances Techblue Anycast service 1 and Techblue Anycast service 2. We'll use the Anycast Configuration we made previously, named Techblue BGP DNS Anycast, and apply this to each Service Instance. We will finally need to use the BGP configurations given to us by our network team:
Table 2577-1
Service Instance | ASN | Keepalive | Hold Down | Neighbor Router | Remote ASN |
---|---|---|---|---|---|
Techblue Anycast service 1 | 65400 | 4 | 16 | 10.100.0.1 | 65247 |
Techblue Anycast service 2 | 65400 | 4 | 16 | 10.200.0.1 | 65247 |
Task 3: Validating the router is receiving the routes
Now that our Anycast is configured and our service instances are running, we should make sure the routes are being advertised. We can jump onto our router (the vyos VM in our lab environment) and check which BGP routes are showing up with the command show ip bgp. We are looking for BGP routes that show that the Anycast address 10.24.7.53/32 is connected to both of our BloxOne Hosts at 10.100.0.110 and 10.200.0.110.
Solutions
Task 1: Creating an Anycast Configuration
With the CSP browser window, navigate to Manage → Anycast
Click the Create Anycast Configuration button
Give the Anycast Configuration a Name: Techblue BGP DNS Anycast
Specify the Anycast IP Address: 10.24.7.53
Under Service select DNS
Click Save & Close
Task 2: Enabling the Anycast Service
With the CSP browser window navigate to Manage → Infrastructure → Services
Click on Create Service and choose Anycast from the drop-down
Enter a Name: Techblue Anycast service 1
Click on Select Host and locate the Host with the IP address 10.100.0.110 (this should be oph1.techblue.net)
Choose the Host and click on the Select button on the right
Click Next
Under ANYCAST CONFIIG PROFILE click Add and select the Techblue BGP DNS Anycast profile from the drop-down
Next to the Techblue BGP DNS Anycast Anycast Config Profile, check the box for BGP
Expand the BGP section and enter the BGP configuration for Techblue Anycast service 1
Under ASN specify: 65400
Under Keepalive, specify: 4
Under Hold Down specify: 16
Under BGP Neighbor Configuration click Add
For Neighbor Router enter: 10.100.0.1
For Remote ASN enter: 65247
Click Add and then Next
Click Save & Close
Repeat the above steps for oph2.techblue.net using the same configuration, except use the name Techblue Anycast service 2 and enter 10.200.0.1 as the Neighbor Router IP address.
Task 3: Validate VyOS Router is Receiving Routes
On either jump-desktop or testing-linux virtual machines, open a Terminal window
Open a secure shell connection to vyos-router at IP address 10.100.0.1:
ssh vyos@10.100.0.1
When prompted, enter the password:
vyos
Enter the following command to view the BGP route information:
show ip bgp
You should see the following output showing routes being received from both 10.100.0.110 and 10.200.0.110 (it may take several minutes for the route to show up)vyos@vyos-router:~$ show ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 10.24.7.0/24 0.0.0.0 0 32768 i
*= 10.24.7.53/32 10.200.0.110 0 0 65400 i
*> 10.100.0.110 0 0 65400 i
*> 10.35.22.0/24 0.0.0.0 2 32768 ?
*> 10.100.0.0/24 0.0.0.0 2 32768 ?
*> 10.200.0.0/24 0.0.0.0 2 32768 ?
*> 10.254.254.0/24 0.0.0.0 2 32768 ?
*> 172.31.101.0/24 0.0.0.0 2 32768
This route entry indicates that network traffic directed to 10.24.7.53 can reach either 10.100.0.110 or 10.200.0.110:*= 10.24.7.53/32 10.200.0.110 0 0 65400 i
*> 10.100.0.110 0 0 65400 i