Page 1 of 1

Using Gateway Initiated Netcon to manage HA cluster with only one public ip

Posted: 28 Feb 2017, 14:32
by Aron
This How-to applies to:
  • Clavister cOS Core 11.10
I want to add a remote HA cluster to InControl but I don't have enough public ip addresses to assign each cluster node its own public ip for management.

By using Gateway Initiated on the NetconMgmt object and allowing the cluster nodes to call home to the InControl server instead of vice versa the cluster can be added to and managed from InControl without the need of assigning a public ip address to each node for management.

To achieve this the netcon connection must be initiated from one interface and received on another before it can passed on by the active node to the next-hop router. These interfaces must be isolated from each other by assigning them to separate routing tables.

In this how-to, the interface initiating netcon will be called ge2, the receiver interface will be called gesw and the extra routing table will be called incontrol.

How to accomplish this:
  1. 1. Create a new routing table with ordering Only, in this example called incontrol.
  • 2. Locate an unused interface, in this example this will be the ge2 interface.
    Configure ge2 with both shared and HA ips with addresses from the same subnet used on the gesw interface.
    Under the Virtual Routing tab, check Make interface a member of a specific routing table. and select the incontrol table.
    This is the interface we will be using for initiating the netcon connection.
    ge2 Virtual Routing settings
    ge2 Virtual Routing settings
    vr-ge2.png (43.12 KiB) Viewed 6475 times
  • 3. Likewise on the gesw interface select the main table. By setting Make interface. a member of a specific routing table we make sure that ARP traffic will be handled in the correct routing table for respectively interface.
    gesw Virtual Routing settings
    gesw Virtual Routing settings
    vr-gesw.png (43.51 KiB) Viewed 6475 times
  • 4. Add and verify the routes in main and incontrol routing tables, the gateway for the default route in the incontrol table will be the shared ip on the gesw interface.
    Routes incontrol table
    Routes incontrol table
    incontrol-table.png (74.22 KiB) Viewed 6475 times
    Routes main table
    Routes main table
    main-table.png (58.47 KiB) Viewed 6475 times
  • 5. Configure the NetconMgmt object for Gateway Initiated and for Outgoing Routing Table, select the incontrol table.
    Netcon management settings
    Netcon management settings
    netconmgmt.png (36.16 KiB) Viewed 6475 times
  • 6. Make sure you have an IP policy NATing netcon traffic received on gesw interface out on WAN, and don't forget to physically connect ge2 and gesw to the same broadcast domain.