Disaster recovery configuration - Main Site VIP not showing

ilja.sas · ‎11-28-2023

Hello community,

I am running into an issue with a deployment of DR for DNA-C which i am unable to solve.

We have a brownfield implementation of DNA-C and want to add a secondary unit/cluster so we can do DR.

When trying to configure the main site(the already excisting unit), it shows the following message:
"Please setup main site's enterprise VIP first before registering for the disaster recovery system"
and the VIP Main Site field is empty and blocked out.

The VIP address has been configured for both Enterprise and Cluster networks. Also it displays under the "System Health" section.

When we look at the new DNA-C appliance, we don't have this issue, VIP is recognized and we can complete the configuration.
Anyone has an idea how to solve this issue?

Both DNA-C units run 2.3.5.3-70194 software
DR version : 2.1.613.360017

pieterh · ‎11-29-2023

the VIP shown under "system health" is for internal communications within the Kubernetes network (DNA internal process communication), this address is not routable to your internal network

the VIP you need to configure is for communication to your network devices, so your network devices can communicate with a single IP-address to either primary or backup node

-> recheck your interface configuration and VIP addresses

ssh into the DNA server using user maglev and port tcp/2222
it will show you output like (also on a single node):

Welcome to the Maglev Appliance

System information as of Wed Feb 9 09:02:56 UTC 2022

System load: 14.91
Usage of /: 19.9% of 28.03GB
Memory usage: 90%
Swap usage: 50%
Processes: 2389
Users logged in: 1
IP address for management: x.x.x.x
IP address for enterprise: y.y.y.y
IP address for cluster: z.z.z.z
IP address for docker0: 169.254.0.1
IP address for node-local-dns: 169.254.20.10
IP address for tunl0: w.w.w.w
Last login: Wed Feb 9 09:02:56 2022 from m.m.m.m

pieterh · ‎11-29-2023

look further down on the disaster recovery page:
you first need to enter the DR VIP in the route advertisement section, not in the Site VIP/IP address,

ilja.sas · ‎11-29-2023

I've tried that, but i am still not allowed to register. Button is greyed out.

I also would like to be able to reuse the Main Site Enterprise VIP IP address as the DR VIP IP address as all devices are already communicating with that IP (.99).
This is an option which is available on the DR node (10.240.249.89 / .90), if i would select it as Main site.

balaji.bandi · ‎11-29-2023

below guide help you to understand the process :

https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2023/pdf/BRKOPS-2161.pdf

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

ilja.sas · ‎11-29-2023

I've gone trough this slidedesk numerous times, but it does not explain why DR setup does not recognize the Enterprise VIP.
The node which we plan to use as a DR site has similar IP configuration, and does not have this issue.

From the slidedeck: expected display when starting DR configuration:

What I get :

balaji.bandi · ‎11-29-2023

is the DNAC setup as standalone before and you looking to convert that in to DR ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

ilja.sas · ‎11-29-2023

Correct,

Currently the customer is using a single node cluster which has been running for 7 months.
We are now expanding the setup with a DR node and Witness server.
The current active DNAC node needs to become the Main Site and it's Enterprise VIP needs to migrate to DR VIP.

ilja.sas · ‎11-29-2023

The Enterpise VIP under system Health matches the VIP ip address we configured on the Enterprise interfaces during the maglev installation. This IP address is also reachable an currently being used for communication with network devices etc.
The welcome message only shows the NODE interface IP's, but not the VIP's.
We use 10.240.249.100 as node ip , and 10.240.249.99 as it's VIP. (This is a single node setup).

ssh -l maglev -p 2222 10.240.249.99
Welcome to the Cisco DNA Center Appliance

Password:
Last login: Wed Nov 29 08:51:37 UTC 2023 from 10.240.249.110 on pts/0

Welcome to the Maglev Appliance

System information as of Wed Nov 29 11:03:33 UTC 2023

System load: 8.78
Usage of /: 6.9% of 60.71GB
Memory usage: 65%
Swap usage: 0%
Processes: 2604
Users logged in: 1
IP address for enterprise: 10.240.249.100
IP address for cluster: 169.254.6.66
IP address for docker0: 169.254.0.1
IP address for node-local-dns: 169.254.20.10
IP address for kube-ipvs0: 169.254.48.229

Maglev Restricted Shell is active

m.maier · ‎12-02-2023

I have the same problem as described above. We've installed two single DNAC with an Enterprise and UI address w/o any VIP (isn't a cluster setup). Any DNAC appliance are configured as a single box and build a DR 1+1+ with Witness. The Cisco Guidelines are not described entirely correctly. Today we have one DNAC running but the second single DNAC comming soon up.

Question:

A VIP address must be defined in the Maglev wizard for Enterprise and UI/MGMT?
What other settings are still necessary?

I'm looking forward to your feedback.

ilja.sas · ‎12-04-2023

As far as I understand, a VIP address for the Enterprise interface is mandatory, even if u do not intent to create a 3 node cluster.
We did configure a VIP address with the initial configuration of the node, which makes it odd that the Disaster Recovery Wizard is unable to recognize it when we try to assign it as Main Site.

pieterh · ‎12-04-2023

when I look at your output

IP address for enterprise: 10.240.249.100
IP address for cluster: 169.254.6.66
IP address for docker0: 169.254.0.1
IP address for node-local-dns: 169.254.20.10
IP address for kube-ipvs0: 169.254.48.229

I do not recognize a VIP (virtual IP address)
here I expect two addresses that are reachable from your client network a host IP-address AND a virtual IP address

ilja.sas · ‎12-04-2023

Hi,

You are correct, it does not display the VIP within the welcome message. Also on the DR unit it does not display a VIP. I do not know if I need to expect a VIP address here.

Anyone know of a different wat to check the configured IP addresses for a DNA-C unit?

System information as of Mon Dec 4 11:40:58 UTC 2023

System load: 8.0
Usage of /: 5.0% of 60.71GB
Memory usage: 62%
Swap usage: 0%
Processes: 2566
Users logged in: 0
IP address for enterprise: 10.240.249.90
IP address for cluster: 169.254.6.129
IP address for docker0: 169.254.0.1
IP address for node-local-dns: 169.254.20.10
IP address for kube-ipvs0: 169.254.62.194

pieterh · ‎12-04-2023

>>> Also on the DR unit it does not display a VIP. <<<
that is interesting, those CLI outputs are similar, but the DR unit does show a VIP in the GUI ?

pieterh · ‎02-16-2024

I have re-imaged the second appliance as new single node cluster
I specified the cluster VIP in the maglev configuration wizard,
NB! this is a blank system there was no further configuration within DNA center
this does not show up as "Main Site VIP" while the same warning does come up:
Please setup main site's enterprise VIP first before registering for the disaster recovery system."

could be related to this bug (but I re-imaged, not use the pre-manufactured cluster)
Cisco Bug: CSCwi51939 - when select " Start using DNAC pre-manufactured cluster " the intra_cluster_link will be Null.

Known Affected Releases DNAC2.3.5.4

Known Fixed Releases DNAC2.3.7.5, DNAC2.3.5.6

My version 2.3.5.5