• State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 38 subscribers
  • Views 1174 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

HA VIP question: Making the existing IP of my app server the VIP

tigger2

I feel I'm overthinking this one...but I'm low on trusting the "try it the first time in production" philosophy emoticons_happy.png

I want to set up an HA cluster.  From this page :High Availability deployment walk-through - SolarWinds Worldwide, LLC. Help and Support

I see this tiny blurb: "Depending on your network setup, you may be able to change your primary server's IP address to another address in the subnet and use the already established SolarWinds IP address as the VIP address."

You may be able to...? "May" is a little open ended for me emoticons_happy.png. Are these the only steps you would have to do on a standalone NPM v12.1 +SAM +NCM server to prep it to use it's existing IP as the HA VIP:

- Change the "primary" IP of the server/NIC to whatever I want it to be (as long as it's on the same subnet as the secondary HA server and the HA VIP). Basically re-iping the server.

- Add what was the original IP on the server as a secondary IP to the server's NIC/adapter under network adapter -> advanced settings.  This IP will be the HA VIP

- Bounce the Orion services and\/or server/VM for changes to full take effect?  Are there some other steps here other than setting up the secondary HA server?

Are there any internal/database changes to make to Orion to basically change the IP address of the Orion server?  The migration guide(s), even though they say "migrating Orion to a new server with a new hostname AND IP" all talk about steps to deal with hostname changes, but are thin on documentation of IP changes. It seems like if you have a standalone and integrated NPM server you can safely change the IP address of the server without anything else to configure (of course, it impacts SNMP and syslog data, but since I set the VIP on my NIC, it should be mostly  "invisible" to those devices, especially if i make the new IP a higher last octet than the VIP according to the "which IP should I choose for the VIP" doc on the support site, and consider any network firewalls/router configs mirroring the settings of the  VIP for teh new HA servers)

Just curious if anyone else has done this and if there were gotchas.

  • 0

    Hey tigger2​.

    When you add in HA, devices polled by Orion will see the communication coming from any of the three IP addresses you have in your environment post transition, although it'll only be the address for the currently active pool member and the VIP which will be used. For those reading this who are not aware, the three IP addresses within an Orion HA pool (at time of writing) are:

    • The IP address of the active server previously known as the Primary Polling Engine.
    • The Virtual IP Address of the HA pool.
    • The IP address of the secondary/standby server.

    I tend to retain the IP config of the primary polling engine when implementing Orion HA, and assign new IP addresses for the cluster VIP and secondary server. The important thing to make sure of is that all devices permit polls from any of the three IP addresses, as any one of them could be the one seen in the polling packet, depending on which server is live and which server is set to standby. If you ensure that your network devices allow SNMP polls from the three, and you add in ACL entries/routing on any security devices between the management subnet and polled devices, you should be golden.

    With regards to database changes, nothing is needed if you follow the approach of keeping the PPE's IP config as it is.

    tl;dr:

    You don't need to re-address your Orion server prior to adding in HA, so long as you ensure that all three IP addresses within the pool are permitted to poll across your network.

  • 0 in reply to silverbacksays

    I left out a little from my first post, but this is one of the driving factors for re-IPing my Orion server:

    I found this doc: Which IP address is used as the source? - SolarWinds Worldwide, LLC. Help and Support which indicates that you can choose a VIP that causes all polling to come from the VIP and not the active server in the HA pool.

    Because of this, I would like to have the VIP be the IP that's currently on my Orion server, and then to basically re-IP the Orion server (before even setting up the HA cluster, because this can be a step to prepare for building an HA pool) for several reasons:

    - So all the devices sending in SNMP/syslog data don't have to be updated with the new VIP address I would have to choose. It's been indicated this would be a pain for the teams supporting these remote devices, and would take a long time.

    - This would remove the need for making special rules/changes on the network or the devices I'm polling to allow multiple IP addresses to access the devices.  Also: in case I ever need to break the HA pool and add a different server to it (like if I upgrade to a Windows 2016 OS and build a new VM I could just use whatever IP I want for the new server and rebuild the pool with this new server.  No need to then update all external devices for the new IP as a source of polling.  I could just re-use the existing IP of the decommed HA server but  it would be less considerations to document/track and it works better where I am to have every new server just get a new IP rather than immediately re-using the IP from a freshly decommed system.

    - I have several DNS entries that are used (mostly by users I believe) to access the Orion UI, probably saved as shortcuts/favorites in browsers.  After setting up HA, they could continue using that same DNS name/favorites/etc. as it would point to whatever server is active.  I could change the IP address these entries point to, so it's a small thing.  Some users use the IP address directly (sigh), so there would be some retraining.

    - All documentation listing the old IP or DNS names as how you log into Orion or troubleshoot the Orion app would not have to be updated (as much).

    Basically: If I go through the pains to set it up as the link suggests and move the current IP to the VIP then in theory (if it actually works as documented ... or Microsoft doesn't just change how they do it in some patch next month), I don't have to update anything on the network or remote devices or user documentation to build an HA cluster or maintain/change the servers behind it.  I can also build it without any additional coordination/meetings with external teams which makes it "easier" to do from an admin standpoint emoticons_happy.png

  • 0 in reply to tigger2

    Just a follow up if anyone reads this:

    - I have a small Orion environment.  It *was* 1 app server + 1 DB server.  The IP of the App server was, for example 1.1.1.20.  I had some DNS entries set up to point old server names and "easy to use" names to this IP.  For example: "reallyoldhost1", "oldhost1", "currenthost1", "slartibartfast", and "orion" all pointed to this IP.  I have no idea who/what is using all these old DNS entries, or just using the IP address (for traps/syslogs).

    - I stood up a *new* app server (part of an Orion Upgrade, so the old app server was shut down).  The new app server has an IP of say: 1.1.1.50, chosen to have a higher last octet than the current app server. I added the old 1.1.1.20 IP as a secondary IP to the NIC on the new server.  According to the above links, traffic to/from my new Orion app server will use the old 1.1.1.20 IP.  No remote devices need to be changed or new firewall ports opened for the new IP address/hostname.  No users are impacted since all the old DNS entries work as well.  It worked really well.

    - I stood up a *new* app server as the secondary for the HA setup. The new app server has an IP of say: 1.1.1.51.  When configuring up the HA, I removed the old IP as a secondary IP on the NIC and used it as the HA VIP.  

    From what I understand: Since I'm setting up HA *using the same subnet configuration*, Orion/HA adds the HA VIP as a secondary IP address to the NIC on whatever IP address is the "active" member of the HA cluster.  There apparently is a windows service (Not controlled by the Orion Services Manager UI) that appears to manage handling adding/removing the IP from the NIC that's handling the actual HA failover.

    Result: All old DNS entries still work as they point to the HA VIP.  The old IP still works like it used to (all outgoing Orion traffic appears as if it's coming from this IP, all incoming traffic points to this IP) as it's  the "lowest" IP address on the NIC when it's added to it (automatically now, by the windows service when failovers occur).  It's actually working pretty well in my environment.  I'm really glad the really old initial Orion server (it was probably running on an Atari 2600) had a low last octet IP address in that subnet when it was initially built emoticons_happy.png. I have had some small issues with the windows service that handles HA not being part of the Orion service manager UI as I've had to go in and shut it off manually when i had some other issues.  It would be nice if it was shown in the UI, just not shut it down when "shutdhown all services" is pressed.  Kinda make it like RabbitMQ where you can see it's part of Orion and still running when all other services are shut down.

  • 0 in reply to silverbacksays

    >The important thing to make sure of is that all devices permit polls from any of the three IP addresses

    But why there is no opportunity to send polls using VIP interface address?

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.