training@infoblox.com v2.

0 - 2013-11

Infoblox DDI
Grid Master (GM)
Maintains database of all records in the Grid Central point of administration/GUI Recommended in High Availability setup Only one active Grid Master at any time Generally largest appliance in architecture Often runs no services, but can under certain conditions Not supported on T-100, TE-810/V810, Cisco or Riverbed

Grid Master Candidate (GMC) Maintains database of all records in the Grid Must be same appliance size/model as GM Can be promoted to Grid Master at any time (DR) Often runs services, but may be dedicated in certain
conditions Grid may contain multiple Grid Master Candidates Not supported on T-100, TE-810/V810, Cisco or Riverbed

Appliance T-100 TE-810 TE-820 TE-1410 TE-1420 TE-2210 TE-2220 IB-4010 IB-4030

DB Objects 18k 33k 110k 440k 880k 880k 1.8m 8m --

DNS QPS 1.5k 4k 15k 30k 50k 61k 143k 200k 1m (rec)

DHCP LPS 15 60 105 210 300 375 600 1020 --

Grid Member Maintains subset database of required records Can be any model appliance Runs user facing services (e.g. DNS, DHCP, NTP, FTP,
TFTP, HTTP - all or selected)

Appliance MS Objects MS Servers Grid Max TE-810 33k 5 -TE-820 110k 20 50 TE-1410 440k 50 75 TE-1420 880k 75 150 TE-2210 880k 75 150 TE-2220 1.8m 100 200 IB-4010 4m 150 500

Grid Master Model TE-820 TE-1410 TE-1420/TE-2210 TE-2220 IB-4010

Max No. of Members 5 10 40 60 250

Run DNS+DHCP on GM? Yes Maybe If <8 Members No No

Can GMC be the logging member? Yes Yes No No No

Physical/Virtual Appliance Models

T-100 IB-VM-100 SOHO, Retail Branch TE-810 IB-VM-810 Small Office, Retail Branch TE-820 IB-VM-820 Branch, Large Store TE-1410 IB-VM-1410 Medium/ Large Office TE-1420 IB-VM-1420 Regional Office, DR Site TE-2210 IB-VM-2210 Regional Office, DR Site TE-2220 IB-VM-2220 Medium HQ, Central Office IB-4010 Large HQ, Data Center, Carrier CO IB-4030 High Perf. Caching, DDoS Protection

Note: not all virtual models are available on all virtual platforms, consult latest product documentation.

Solution Design Guidelines

General Grid
If Grid Master is not HA, there MUST be a GMC GM and GMC should be the same model Plan for growth, especially on the GM/GMC Dont run HA between two datacenters if the connectivity is not redundant (leads to split brain) RPZ feature should be enabled on the recursive servers closest to the client Sell with Reporting server for best experience (otherwise customer will have to use manual syslog+scripts) DNS Firewall has 30% impact on DNS QPS performance Take into account object count of MS objects when planning for grid capacity Configure at least two DNS servers for AD integrated zones managed by two different members Each AD domain in a forest needs to be separately configured for synchronization The managing member for data synchronization should be located "close" to the MS server being managed (RTT <50ms) Ensure the MS servers are running a supported version of Windows. Each sync member supports a max # of load balancers: TE-1410 (#4), TE-1420 (#12) TE-2220 (#24), 4010 (#48) Sync occurs from both the sync member and the GM Sync member requires license Plan on approx. 1100 DB Objects per load balancer Don't use GM/GMC as sync member

DNS Firewall

Multiply by # of Hosts/Devices Function IPv4 Only IPv4+IPv6 IPAM 1 2 +DHCP 2 3 +DNS 4 7 +DDNS 5 9 +DNSSEC 17 33
Target 60% capacity at rollout If IPv6 planned for the future, allow at least 2 the number of current hosts/devices Don't forget to include Microsoft Managed objects (2 per IP address for DNS (A+PTR) and 1 per DHCP reservation/lease)

Microsoft Management

Load Balancer Manager

Model NT-1400 NT-2200 NT-2200 NT-4000 NT-4000 NT-2200 NT-4000

Role Standalone/Collector Standalone/Collector Standalone/Collector Standalone/Collector Standalone/Collector Operations Center Operations Center

SDC Devices 50 100 250 1,000 2,400 5,000 10,000

Total Devices Discovered Devices Interfaces/SPM Ports Collectors Target Maximum Maximum Maximum 1,000 1,400 70,000 70,000 n/a 3,500 5,000 250,000 250,000 n/a 4,500 3,150 225,000 225,000 n/a 4,900 7,000 350,000 350,000 n/a 4,550 6,500 325,000 325,000 n/a 13,000 9,100 650,000 650,000 16 17,850 25,500 1,300,000 1,300,000 16

Plan at least 20% appliance-sizing buffer (customers always have more network than they esitmate) Plan at least 5% growth per year Plan to license all network devices Appliance figures are based on 13 month history retention Extremely large or complex environments require Infoblox Architecture Review Board approval

Network Automation