Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
689
Views
1
Helpful
2
Replies

Clarification on the use of NDFC Persistent IPs

malcolmsalmons
Level 1
Level 1

‎11-01-2023 05:25 AM

Hi

I’m hoping you can help me.

We’re currently in the process of deploying a NDFC cluster and as part of this I’m trying to understand the roles of persistent IPs for the management service under external service pools.

We’re looking to do layer 3 POAP from the management (OOB) network and so from what I can see we need 2 persistent IPs in the management network. From NDFC these are listed as:

  1. Syslog-trap-mgmt
  2. PoAP-mgmt-http-ssh

These look to be virtual addresses that basically float between ND cluster nodes in the event of failure to ensure consistent addresses for devices to target.

 

So my questions relating to these IPs are:

  1. For the ip helper address on the switch management VLANs do I add the PoAP address or the physical IPs on the management interfaces of the 3 NDFC servers?
  2. Our NDFC devices will sit behind FWs and access will be tied down. So are we able to manage the NDFC cluster by the persistent IP (like a VIP) or do we need to access the NDFCs directly and so add the 3 devices to the FW rule?

I’ve had a read round and can’t find anything that really clarifies this so any help is appreciated.


Thanks

Malc

2 Replies 2

M02@rt37
VIP
VIP

‎11-01-2023 07:54 AM - edited ‎11-01-2023 07:54 AM

Hello @malcolmsalmons,

In the context of your NDFC cluster and Layer 3 POAP setup, you should configure the IP helper address on the switch management VLANs to point to the persistent IP address associated with the PoAP-mgmt-http-ssh service. This is the address that should be used for DHCP relay so that devices in the management VLAN can receive IP addresses and other configuration information.

You can manage the NDFC cluster using the persistent IP (PoAP-mgmt-http-ssh) like a VIP. It's typically used for management and provides a consistent point of access to the NDFC cluster. You don't necessarily need to access the NDFC servers directly. Ensure that your firewall rules allow traffic to and from the persistent IP address for management purposes. The NDFC cluster nodes should have proper connectivity to this persistent IP.

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

malcolmsalmons
Level 1
Level 1
In response to M02@rt37

‎11-02-2023 03:47 AM

Hi

Thanks for the response and info.

Do you have any links or documents where this behavior is explained or is this something that you've seen when deploying NDFC?

Thanks

Malc

0 Helpful
Customers Also Viewed These Support Documents