cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3258
Views
15
Helpful
4
Replies

Building a DNAC Cluster

eagles-nest
Level 1
Level 1

Hi

I will be building my first DNAC cluster soon.  I've built the first node from the 2.1.2.5 iso.  So is there any advantage to completing all application updates first then adding the next two nodes?  Or do I do the initial build and create the cluster then apply the updates?

If I had a single node running for some time it's feasible that it could be at the latest version while any subsequent ones either come with what they are shipped with or are built from an iso but don't have the available platform updates prior to joining a cluster.

My question really is when I join a second and third node to a first cluster member do they go out to Cisco and download all the required updates or does the first node supply all the updated software to the subsequent nodes locally without going out to Cisco?

Also, regarding the Cluster link and its IP address/VIP address I've never been quite clear on this.  When I build a single node I don't need to supply a gateway for the cluster link.  I've also read that the cluster IP does not need to come from a routable subnet.  However, when I build the node and look in System - System 360 the IP address used is from the cluster interface and also it's not the VIP. 

 

system 360.PNG

Why would this IP be used if it comes from a subnet that is supposedly not required to be routed?  I would have thought the Enterprise VIP would be a more appropriate address.  The address above isn't even a VIP address.  It is the address I assigned the Cluster link.  The vip is .3 in each case

IP addresses.PNG

 

So when I start using DNAC and push out config for it to be used as the syslog, netflow and snmp receiver what address would it push out?  Enterprise, cluster or one of their VIP addresses?  In a single node test it seems to push out the Enterprise address.  Would this change in a cluster to the Enterprise VIP?

 

Thanks for any input, Stuart.

4 Replies 4

Tomas de Leon
Cisco Employee
Cisco Employee

Stuart,

 

  • If you building a 3 Node cluster from ISO, I would suggest:
  • Run the Install from ISO for Node 1.
  • Allow Node 1 to come up and verify all services installed are running.
  • Do Not Install the supplementary (or not installed) application packages
  • Run the Install from ISO for Node 2.
  • Allow Node 2 to come up and verify all services installed are running.
  • You should see the 2 nodes active in the UI.
  • Run the Install from ISO for Node 3.
  • Allow Node 3 to come up and verify all services installed are running.
  • You should see the 3 nodes active in the UI.
  • At this time, Download & Install the remaining application packages
  • Allow all Nodes to install & update packages and verify all services installed are running.
  • After all Services and Nodes are healthy, you can enable HA Services for the Cluster

FOR DN2 Appliance (M5) - Model L
---------------------------------
NETWORK ADAPTER #1 1Gbps/10Gbps [eno1] - Management (recommended)
NETWORK ADAPTER #2 1Gbps/10Gbps [eno2] - Cloud Update Connectivity (recommended)
NETWORK ADAPTER #3 10_Gbit port [enp94s0f0] - Enterprise Network (recommended)
NETWORK ADAPTER #4 10_Gbit port [enp94s0f1] - Intra Cluster Link (recommended)

Your Setup:
NETWORK ADAPTER #1 not configured [eno1] - Management (recommended)
NETWORK ADAPTER #2 192.168.1.13 [eno2] - Cloud Update Connectivity (recommended)
NETWORK ADAPTER #3 192.168.2.4 [enp94s0f0] - Enterprise Network (recommended)
NETWORK ADAPTER #4 192.168.3.4 [enp94s0f1] - Intra Cluster Link (recommended)

 

*** Assuming network.1 is the default Gateway for your networks, here is an example of ip addressing your cluster.


NODE NIC PERSONALITY IP SUBNET VIP IP GATEWAY IP
------------------------------------------------------------------------------------------
Node1 [eno1] Management 192.168.1.101 192.168.1.104 ** Add Routes
Node1 [eno2] Cloud Update aa.bb.cc.101 aa.bb.cc.104 default gw
Node1 [enp94s0f0] Enterprise Network 192.168.2.101 192.168.2.104 ** Add Routes
Node1 [enp94s0f1] Intra Cluster Link 192.168.3.101 192.168.2.104 ** ClusterLink [X]

Node2 [eno1] Management 192.168.1.102 ** Add Routes
Node2 [eno2] Cloud Update aa.bb.cc.102 default gw
Node2 [enp94s0f0] Enterprise Network 192.168.2.102 ** Add Routes
Node2 [enp94s0f1] Intra Cluster Link 192.168.3.102 ** ClusterLink [X]

Node3 [eno1] Management 192.168.1.103 ** Add Routes
Node3 [eno2] Cloud Update aa.bb.cc.103 default gw
Node3 [enp94s0f0] Enterprise Network 192.168.2.103 ** Add Routes
Node3 [enp94s0f1] Intra Cluster Link 192.168.3.103 ** ClusterLink [X]

Note: You need a routable IP address and connectivity to the Internet so that you can perform the Download & Install the remaining application packages.

 

The IP address shown in the UI is for the Cluster IP addresses of the Nodes since they are the interfaces that the nodes talk to each other. Since this Cluster network is a private network for the Cluster, you do not need routes into this network and no default route is needed.

 

System360_01.png

Tomas

Thank you for the quick and detailed reply.

You said build each node without the application updates then enable HA services.  I assume at the initial screen I choose to Join an Existing Cluster for the 2nd and 3rd nodes?

However, I am wondering if I can pre-build and update the first node and deploy it on site while I wait for the other 2 nodes to be delivered?  Then join those two into an already up to date first node?  This would seem a reasonable thing to do because we would maybe run for some time as a single node, applying all updates, before adding further nodes into a cluster.

So, in that case, if I join a 2nd and 3rd node to an up to date 1st node how do the last 2 nodes update?  Do they then go to Cisco and download their updates individually?  Or does the first node supply the updates?

If I had all 3 nodes I would build as you suggest.  However, with only 1 node just now my plan was to ship it to our DC, deploy it and then add the other nodes at a later date.

Thank you for any further input, Stuart.

If you only have a single node now....

  • Configure Node1 as mentioned in my first reply.  Meaning configure the Appropriate IP addresses and VIPs that will be on the remote site.  
  • If you cannot configure the interfaces with the Remote IP addresses, there is one restriction with the networking configuration is the NIC configured as the Cluster Link CAN NOT be changed without a complete rebuild.  The other interfaces can be changed onsite but then the CERT would need to be updated since the IP addresses change.
  • You can Download & Install the application packages on Node1 and complete the install. 

Note: You do run into a risk that a "New" Release will come out from the time Node1 is installed and Node 2 & Node 3 arrives.  Remember, that Node 2 & 3 MUST be the same version to be able to join a Cluster.

Cisco DNA Center High Availability Guide, Release 2.1.2
https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/2-1-2/ha_guide/b_cisco_dna_center_ha_guide_2_1_2.html

 

Cisco DNA Center Second-Generation Appliance Installation Guide, Release 2.1.2
https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/2-1-2/install_guide/2ndGen/b_cisco_dna_center_install_guide_2_1_2_2ndGen.html

 

 

Cisco DNA Center is the network management and command center for Cisco DNA, your intent-based network for the enterprise. Provision and configure all your network devices in minutes. Use advanced artificial intelligence (AI) and machine learning (ML) to proactively monitor, troubleshoot, and optimize your network.

Read More: https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/2-1-2/ha_guide/b_cisco_dna_center_ha_guide_2_1_2.html