IB-FLEX is a virtual platform that is scalable based on the resource that you allocate to the virtual machine. NIOS automatically detects the capacity of the virtual machine and scales it to the appropriate platform after you provision the IB-FLEX member.
You must first install the Grid license on a non IB-FLEX appliance that is designated as the Grid Master to allow members to join the Grid, even if you have already installed an Flex Grid Activation license. This license does not affect a non IB-FLEX Grid Master.
An IB-FLEX appliance designated as a member does not require any license, either Grid or vNIOS, while joining the Grid. When you register an IB-FLEX member, the appliance checks for the Grid (enterprise) license and changes it to a non IB-FLEX member. For an IB-FLEX appliance, it checks for an Flex Grid Activation Grid-wide license before node registration.
IB-FLEX members can join the Grid through the MGMT interface when Software ADP is enabled. You can configure an IB-FLEX appliance to function as a Grid Master or a member. To enable reporting for a Grid member that is running Software ADP, you must configure the MGMT interface.
A non IB-FLEX appliance designated as a member requires either a Grid and/or vNIOS/NIOS licenses installed to join the Grid. Similarly, for a reporting appliance to join the Grid, you must install a Grid and/or vNIOS/NIOS licenses. You cannot assign pool licenses to an IB-FLEX appliance. IB-FLEX supports HA for appliances that are running Software ADP.
Infoblox supports elastic scaling on IB-FLEX members that use the Flex Grid Activation Grid-wide license. It also supports pre-provisioning for Software ADP on the supported platforms. You must add the new IB-FLEX model to the list of supported pre-provisioning hardware types, so that you can select it during the member pre-provisioning. To pre-provision a non IB-FLEX Grid member, you must have valid pool licenses and pre-provisioned those members in the Grid.
IMPORTANT: To set up a supported virtual appliance as an IB-FLEX, you must first define the hardware type of the virtual appliance as IB-FLEX before you configure it. Depending on the platform or environment in which you are installing IB-FLEX, you can define the hardware_type parameter to IB-FLEX during the cloud-init process, or you can manually set the hardware type using the set hardware-type CLI command. For more information, see set hardware-type.
Limitations of IB-FLEX
- It is not compatible with the traditional node-based licensing and it supports capacity based licensing only.
- An IB-FLEX instance will not start if you do not configure the required minimum level of resources.
- The resources assigned to IB-FLEX for cores and memory must be equal to or exceed the minimum designated values for the platform. For more information about IB-FLEX platforms, see About IB-FLEX Instances and Platform Settings.
- IB-FLEX does not support DNS64 on appliances running NIOS version 8.2.0.
Depending on your network environment, you can install IB-FLEX just like how you install other Infoblox virtual appliances. Before you deploy an IB-FLEX, ensure that you set the hardware type of the appliance to IB-FLEX. You can do so either through the cloud-init process during deployment or manually through the
set hardware-type CLI command.
For more information about installing IB-FLEX in the VMware environment, see Deploying vNIOS Appliances on VMware.
For information about installing IB-FLEX in the OpenStack environment, see Deploying vNIOS for KVM in OpenStack Using Elastic Scaling.
About IB-FLEX Instances and Platform Settings
An IB-FLEX instance supports capacity-based licensing only, but it is compatible with NIOS Grid Master that uses node-based licensing. You can upgrade an IB-FLEX instance from a low-end platform to a high-end platform by increasing the resource allocation of the virtual machine. An IB-FLEX instance selects the default internal settings for a respective instance platform based on the resource settings detected during the startup.
An IB-FLEX instance supports VMware ESXi with or without SR-IOV enabled and OpenStack with KVM both with or without SR-IOV. The table below provides information about the IB-FLEX platform resource specification:
Table 8.7 IB-FLEX Platform Resource Specification
Allowed Range of Values
Virtual NUMA Nodes
Single virtual CPU socket
Fixed size virtual disk
The table below provides information about the IB-FLEX platform and various platform settings:
Table 8.8 Total Resource Usage for Different Use Cases
|Total CPU||Total Virtual Memory GB (Without Software ADP)||Total Virtual Memory GB (With Software ADP)||Database Object Count||Grid Master Capable|
Small Authoritative DNS
Medium Authoritative DNS
Large Authoritative DNS
Recursive DNS (without acceleration)
Large Recursive DNS (without acceleration)
Small Grid Master
Medium Grid Master
Large Grid Master
Small Recursive DNS (with acceleration)
Medium Recursive DNS (with acceleration)
Large Recursive DNS (with acceleration)
Note the following about IB-FLEX:
You cannot mark an IB-FLEX appliance as a Grid Master or Grid Master Candidate with resources that are intended for small authoritative DNS, small recursive DNS (with acceleration), medium recursive DNS (with acceleration), and large recursive DNS (with acceleration). For more information, see Table 8.8.
Infoblox recommends that you increase the memory to the following for IB-FLEX members to use certain features:
- 16 GB, instead of the standard 14 GB, to use DNS analytics.
20 GB, instead of the standard 18 GB, to use Threat analytics when RPZ is assigned to the IB-FLEX member.
Configuring DNS Cache Acceleration on IB-FLEX
When you enable the virtual DNS cache acceleration feature on the IB-FLEX, the appliance acts as a high-speed DNS caching-only name server. This feature provides DNS cache acceleration support for recursive UDP DNS queries on the IB-FLEX. The DNS cache acceleration feature is bundled with the Flex Grid Activation license. When you install this license, you are entitled to use the DNS cache acceleration feature on IB-FLEX.
IB-FLEX supports RPZ, but the response for RPZ queries are not cached by the DNS cache accelerator. Instead, these queries are bypassed to the host and you can configure cache expiry period for RPZ queries. Note that the maximum cache lifetime for DNS cache acceleration on IB-FLEX is set to 300 seconds when you configure RPZ zones for a member.
You can also use Elastic Scaling to pre-provision DNS cache acceleration on IB-FLEX. IB-FLEX supports Intel x86_64 systems with IOMMU, Hugepages processors, virtio-net, and Intel 82599 10 G NIC and SRIOV with Intel 82599 ethernet controllers for DNS cache acceleration.
You can configure DNS cache acceleration on IB-FLEX using the Grid Manager or API. To view accelerated cache details, you can either log in to Grid Manager, or use CLI commands, or Infoblox API.
Infoblox supports Auto Scaling that contains OpenStack packages to automatically scale the required number of resources based on your application. For more information, refer to Auto Scaling for Virtual DNS Cache Acceleration.
Associated characteristics of the IB-FLEX appliance include the following:
- Cache delete through the Grid Manager, CLI or Infoblox API. For more information about cache delete, see Clearing DNS Cache.
- ACL for IPv4 and IPv6.
- Sending SNMP traps for DNS cache acceleration service on IB-FLEX.
- SNMP queries for IB-FLEX.
- Fixed RRSET order for accelerated responses, for A and AAAA record types, for IPv4 and IPv6.
- Both non-accelerated recursive and authoritative DNS with Software ADP.
The table below lists the features that are either supported or not supported on the Software DNS cache acceleration platforms:
Table 8.9 Features on the Software DNS cache acceleration platforms
Supported / Not Supported
Licensing is based on the Flex Grid Activation license on the Grid. Note that the queries per second are limited by the number of CPUs for IB-FLEX.
Yes, the maximum cache lifetime for DNS cache acceleration is set to 300 seconds if RPZ zones are configured for the member.
Caching (A, AAAA, MX, CNAME, PTR)
Do not cache: EDNS, TCP, Any, TSIG
Caching over additional interfaces (v4, v6)
Dump Acceleration Cache (CLI, GUI, PAPI)
Clear Acceleration Cache (CLI, GUI, PAPI)
Cache pre-fetch and cache refresh
ACLs (Allow-queries/Responses, Match-Clients/Destination, Blackhole)
AAAA Filtering (Bypassed but support configuring)
Fixed RRSET ordering
DNS monitoring feature (netmon)
Yes, but unlike IB-4030 this feature captures DNS cached queries on the virtual DNS cache acceleration platform.
DNS Query logging (BIND only)
Yes, supports up to six DNS views.
Unbound as DNS resolver
Yes, unbound is supported through the Flex Grid Activation license.
DNS cache acceleration related restrictions for configuration.
Yes, for NIOS version 8.2.0 restrictions are enforced based on whether the DNS cache acceleration feature is enabled or disabled.
Yes, please see Reports for IB-FLEX.
No, Infoblox does not support DSCP for virtual appliances.
Anycast (OSPF and BGP)
BFD (Bidirectional Forwarding Detection)
Valid only for non-SRIOV.
Multiple-Interfaces on same subnet
IP Rate-limit and Response logging
EDNS Client Subnet support
DNSSEC (Bypassed but support configuring)
SNMP Support for DCA service related traps
SNMP stats support for DNS QPS and CHR
NetFilter (Tracking tables)
Traffic-capture (All modes)
Yes, partial support. Note that tcpdump captures both queries and responses.
No flush-mode support for DNS cache acceleration cache
Per-interface UDP DNS cache acceleration response counters
You can use the commands
DNS Query rewrite (Bypassed but supports configuring)
Supported on IB-FLEX platforms. Allows enabling Software ADP and DNS Cache Acceleration simultaneously on IB-FLEX platforms.
Note: By default, all malformed packets are dropped early when accelerated threat protection service is enabled.
Viewing Accelerated Cache Details
When you view cached contents of the DNS accelerator through the Grid Manager, there might be a slight impact on the DNS query performance of the selected member.
To view accelerated cache from the Grid Manager:
- From the Data Management tab, select the DNS tab and click the Members tab -> member check box. Choose View from the Toolbar, and click View Cache.
- Click Yes in the View Acceleration Cache dialog box.
- The system displays a File Download was Successful message and the cache data is displayed in table format in a new browser tab or browser window.
Limitations for Virtual DNS Cache Acceleration
- You cannot enable the DNS cache acceleration feature during a scheduled NIOS upgrade, but if you have already enabled this feature, then it will function normally during the upgrade process.
- The appliance prompts for a reboot when you enable the DNS cache acceleration feature for the first time. You must accept it to start the service.
- You must disable the DNS cache acceleration feature and reboot the appliance manually to switch from virtual DNS cache acceleration to authoritative servers.
- The appliance prompts for a reboot when you enable virtual DNS cache acceleration and Software ADP on IB-FLEX.
IB-FLEX Platform Settings for DNS Cache Acceleration
When you enable the DNS cache acceleration feature on IB-FLEX, ensure that it has enough CPU and memory to start the service, and it does not contain any authoritative zones. Note that you cannot start the service, if the total CPU is less than 8 cores or memory is less than 12G. To start the service, the number of resources mentioned in Table 8.8 are mandatory.
If the DNS cache acceleration feature is enabled on a preprovisioned member and fails to start due to insufficient resources on the member, the DCA status is displayed as failed. If you disable DCA on a member with insufficient resources, the member is not displayed in the DCA -> Members tab.
Note: Under certain circumstances, the DNS cache acceleration feature may not function normally when you perform a product restart. This happens due to increased resource allocation on the virtual machine and the appliance does not log any entries in the syslog. Infoblox recommends that you restart or reboot the system and free up server resources if you encounter this issue.
Reports for IB-FLEX
Infoblox supports a selected set of reports on IB-FLEX. To view all available reports, from the Reporting tab, select the Dashboards tab. The table below lists all the supported reports for IB-FLEX. For information about how to create and manage user-defined reports, see Infoblox Reporting and Analytics.
Table 9 Supported Reports for IB-FLEX
|Security (DNS) Reports|
DNS Query Rate by Query Type
|DNS Top RPZ Hits|
Flex Grid Licensing Features Enabled
DNS Query Rate by Member
|DNS Top RPZ Hits by Client|
CPU Utilization Trend
DNS Daily Query Rate by Member
DNS RPZ Hits Trend By Mitigation Action
Memory Utilization Trend
DNS Daily Peak Hour Query Rate by Member
DNS Replies Trend
DNS Cache Hit Rate Trend
DNS Top Requested Domain Names
DNS Top NXDOMAIN / NOERROR (no data)
DNS Top Clients
DNS Top Timed-Out Recursive Queries
DNS Response Latency Trend
DNS Top SERVFAIL Errors Sent
DNS Top SERVFAIL Errors Received
DNS Object Count Trend for Flex Grid License
DNS Effective Peak Usage Trend for Flex Grid License
This page has no comments.