• State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 2 subscribers
  • Views 1598 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Orion HA in multiple subnets. How to handle the Source IP Address?

ivangoldin

Hey Colleagues,

I´m planning an Orion HA deployment, with the primary and the standby located on different Datacenters (and also network segments). The big question is it will work with Virtual Hostnames instead Virtual IPs but I wasn´t able to find useful information about how this deployment would handle the source IP address.

For sure I´m trying to avoid opening many and many ports on the enterprise firewalls and continue taking advantage of providing a geographical redundancy because I have 2 DCs but so far VXLAN isn´t an option for me at this time.

I did that with servers in the same segment and it worked smoothly. I deployed the Orion + 2 APE groups with no issues.

Thanks in advance,

Ivan

  • 0

    On a multi-subnet HA deployment each server would just use their individual IP as their source, there is no VIP moving between them after a failover.  They do trigger a DNS update for the virtual hostname when the failover happens, but if DC1SERVER is active then it will source from the IP on DC1SERVER and when DC2SERVER takes over then traffic will source from that one instead.  All of the HA aspects in this case are handled by DNS.  Since firewalls and most network gear completely ignore DNS you will want to make sure your firewall rules include both servers in all the appropriate directions. 

    The other fun challenge is that due to lag in DNS replication and local browsers caching of name resolutions you can have problems where after a failover users can't actually access the GUI again via the DNS name for quite a while after it comes up.  Worst case you can just tell people to open a new browser and magically everything is good again, but that's obviously a less than ideal solution.  I've had to build lots of complicated workarounds for dealing with that with clients in the past.  Things like manually forcing DNS updates on a dozen DNS servers, building scripted tools to update DNS on systems like Infoblox that SW didn't natively support writing changes to.

  • 0 in reply to mesverrum

    Thank you very much mesverrum! I was thinking in the same idea, but I guess the better scenario is to have the APEs on the same segment and the Orion Server in different subnets.

    In this case only the APEs will poll the network devices.

    Ivan

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.