cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Dynatrace managed multiple network interfaces

henk_stobbe
DynaMight Champion
DynaMight Champion

Hello,

 

We have multiple interfaces on our nodes hosting the Dynatrace managed cluster. Only one interface per host can be used by agents and activeGates to connect to the cluster..

So all agents and activeGates use a list of addresses that can not be used, ever!

 

This situation exist for a long time, does anybody have a suggestion how to remove those unused interface from Dynatrace config?

 

KR Henk 

8 REPLIES 8

techean
Dynatrace Pro
Dynatrace Pro

Kindly raise a support ticket if its for any organization.

KG

henk_stobbe
DynaMight Champion
DynaMight Champion

Ticket raised for the cluster issue, thx!

AntonioSousa
DynaMight Guru
DynaMight Guru

@henk_stobbe,

You can define what gets announced in CMC. For each node check out "Deployment status", then "Configure" on each node. At the bottom, check:

AntonioSousa_0-1653553717636.png

 

Antonio Sousa

Hi Antonio,

 

Thx for your response, this takes care of 50% of the answer the Agent search path. Looking back on the original "security complaint" I notice it is about the activeGates. They are trying to connect the "unreachable" interfaces on the cluster.

For this I need to go for option 1, the ticket (-;

 

KR Henik 

 

 

 

 

@henk_stobbe,

The AGs will follow that CMC configuration too, so it should resolve for both OneAgents and ActiveGates.

Antonio Sousa

Hi Antonio,

 

Just had to check (-; installed a oneAgent and found the error in the list the oneAgent gets from the cluster:

 

ClusterAG ip:9999

                  ip:443

 

ClusterNode1 ip:8443

ClusterNode2 ip:8443

ClusterNode3 ip:8443

ClusterNode4 ip:8443

ClusterNode5 ip:8443

ClusterNode5 ip2:8443

ClusterNode5 ip3:8443

 

ClusterNode5 hostname:8443

ClusterNode5 hostname_backup_interface:8443

 

So there is a error on the cluster I assume Node5 -> I will create a ticket for this

 

General (I do not think this this is available) for security reasons e.g. preventing calls to unavailable destinations, it would be nice to have an option to turn off traffic to cluster-nodes or to the cluster activeGate completely.

 

Normal behavior for an activeGate is to connect to :

 

  • Index 1—Embedded ActiveGates
  • Index 2—Cluster ActiveGates

In this use case, the AG can only connect to the Cluster ActiveGate )-;

 

KR Henk

 

 

@henk_stobbe,

Looks like there are some dependencies that I was not aware of. Have you tried Network Zones to segment traffic?

Antonio Sousa

No not yet, I will propose it. (-; Just figured out that agents that are technically limited to connect to one Environment ActiveGate, still get the long node list, and will thy them all! So implementing network zones looks to me as a great idea!

 

KR Henk