AWS Multi-AZ Support for Custom DNS

Overview

Infoblox DNS Profile supports adding multiple records for virtual services defined across AWS AZs and also requires State-Based Registration to maintain HA. This can be achieved by:

  • Custom DNS - Multi-VIP and Multi-FQDN support

  • Control Script – Operational state based DNS registration

Custom IPAM/ DNS Profile

NSX Advanced Load Balancer can utilize Custom IPAM/ DNS scripts via the Custom IPAM/ DNS profile feature to integrate with any API-driven third party IPAM/ DNS providers. Custom IPAM/ DNS offers increased flexibility by being completely driven by user-customizable scripts.

The creation of a new virtual service will use the Custom IPAM/ DNS profile and script to automatically create IPAM/ DNS records with the IPAM/ DNS provider.

For more details on Custom DNS profile, refer to Custom DNS Profile on Avi Vantage guide.

Custom DNS Script

Custom DNS script for Infoblox DNS provider supports the following functionality:

  • Multi-VIP functionality

  • Multi-FQDN functionality

  • All virtual service types, such as, V4, V6 and V4_V6 types

Note: Custom DNS profile scripts written prior to this version are still supported, however you must use the latest version of the script to leverage the newly added features.

The script should have all the required functions and exception classes defined, else the system displays the following error message during DNS profile creation:

“Custom DNS profile script is missing required functions/exception classes {function_or_exception_names}.”

The following are the required functions for newer version of the script:

  1. CreateOrUpdateDnsRecords
  2. DeleteDnsRecords

The following are the required exception classes for newer version of the script:

  1. CustomDnsAuthenticationErrorException
  2. CustomDnsRecordNotFoundException
  3. CustomDnsRecordAlreadyExistsException
  4. CustomDnsGeneralException

It is recommended to use logger_name (of auth_params) for script logging. Tenant-specific debug log files are created to save the log statements from the script.

  • For admin tenant — /var/lib/avi/log/custom_dns_script.log
  • For non admin tenant — /var/lib/avi/log/custom_dns_script_<tenant_name>.log

Avi logs for Custom DNS profile can be found in this location: /opt/avi/log/portal-webapp.log

Custom DNS Workflow

The following is the custom DNS workflow:

  1. Create a script object.

    a. Navigate to Templates > Custom IPAM/DNS, click on Create and upload a python script which provides functions for CRUD to the DNS provider.

    custom-ipam-dns-profile

    b. Add the required script params. For instance, username, password, API version, provider server address.

  2. Create DNS profile.

    a. Navigate to Templates > IPAM/DNS Profiles, click on Create. edit-ipam-dns-profile b. Create an DNS profile of type Custom DNS.

    c. Attach the script object created in the Step 1.

    d. Add usable_domain.

  3. Attach DNS profile to the cloud.

    default-cloud

Control Script for State-based DNS Registration

Control scripts are initiated by Alert Actions which themselves are triggered by Events within the system.

A python script that defines functions to register or de-register DNS records based on the VIP oper status.

Control script for Infoblox defines following functions:

  • register_dns_records — Registers DNS records for the VIP, when the VIP_UP alert is triggered.
  • deregister_dns_records — De-registers DNS records for the VIP, when the VIP_DOWN alert is triggered.

Cloud Level Isolation for Control Script

The default behavior of control script is, it gets called for all virtual services defined across all the clouds.

To use control script for specific cloud, where the Custom DNS profile is attached, as a workaround, you can set the variable cloud_uuid defined in the control script with the specific cloud UUID as shown below:

cloud_uuid = <cloud_uuid>

For example,

cloud_uuid = "cloud-5581b2a1-222f-4b0e-b657-2d9668091f29"

By default, cloud_uuid is None.

You can get cloud UUID through the following ways:

  1. Through CLI - show_cloud
  2. Through REST API - /api/cloud

Note: There is a known delay of 90 second plus the processing time between an event generation and an alert trigger.

Control Script Workflow

The following is the workflow for the Control Script:

  1. Upload control script

    a. Navigate to Templates > Scripts > ControlScripts > and click on Create to upload the script.

    Control Script

  2. Set Alert Options

    a. Navigate to Operation > Alert Actions > and click on Create.

    b. Under the Control Script field, choose the script object created in Step 1.

    Alert Action

  3. Set Alert Config.

    a. Navigate to Operation > Alert Config > and click on Create.

    b. Provide the following details:

    i. Provide the Name of the alert config, for instance, operstate_customdns_ib_vip_down.

    ii. Set Throttle Alert (default is 600 sec) to 0. The value 0 indicates that there is no time-based throttling. The alert may only be triggered once within the specified time frame.

    iii. Set Event Occurs to VIP DOWN

    iv. Select alert action created in Step 2, under Alert Action.

    New Alert Configuration

    c. Repeat this step for the VIP UP event.

Note: Expect a delay of 90 second before the alert action takes place after the event is generated.

Script Path

To access these files, you can use SSH or SCP to pull them from the Controller. For more information about SSH connections to the controller, refer FAQ accessing AVI CLI in Additional References section.

Script Workflow Location
Control script for Multi-VIP and Multi FQDN Support Custom DNS Workflow /opt/avi/python/lib/custom_dns/custom_dns_script_infoblox.py
Control Script for State-based DNS registration Control Script Workflow /opt/avi/python/lib/custom_dns/operstate_controlscript_infoblox.py

Additional References

Document Revision History

Date Change Summary
April 06, 2022 Initial Draft