- Clavister cOS Core 11.10
I want to add a remote HA cluster to InControl but I don't have enough public ip addresses to assign each cluster node its own public ip for management.
By using Gateway Initiated on the NetconMgmt object and allowing the cluster nodes to call home to the InControl server instead of vice versa the cluster can be added to and managed from InControl without the need of assigning a public ip address to each node for management.
To achieve this the netcon connection must be initiated from one interface and received on another before it can passed on by the active node to the next-hop router. These interfaces must be isolated from each other by assigning them to separate routing tables.
In this how-to, the interface initiating netcon will be called ge2, the receiver interface will be called gesw and the extra routing table will be called incontrol.
How to accomplish this:
- 1. Create a new routing table with ordering Only, in this example called incontrol.
- 2. Locate an unused interface, in this example this will be the ge2 interface.
Configure ge2 with both shared and HA ips with addresses from the same subnet used on the gesw interface.
Under the Virtual Routing tab, check Make interface a member of a specific routing table. and select the incontrol table.
This is the interface we will be using for initiating the netcon connection.
- 3. Likewise on the gesw interface select the main table. By setting Make interface. a member of a specific routing table we make sure that ARP traffic will be handled in the correct routing table for respectively interface.
- 4. Add and verify the routes in main and incontrol routing tables, the gateway for the default route in the incontrol table will be the shared ip on the gesw interface.
- 5. Configure the NetconMgmt object for Gateway Initiated and for Outgoing Routing Table, select the incontrol table.
- 6. Make sure you have an IP policy NATing netcon traffic received on gesw interface out on WAN, and don't forget to physically connect ge2 and gesw to the same broadcast domain.