Is it possible to create a new role in Windows Failover Cluster in another network, than the cluster itself?

Question

Hi there everyone, in our organization we have a limited amount of public IPs and I want to create a Failover Cluster for High Availability. The Cluster itself is working, but I have problems to asign IP-addresses the way I want. I want to use local IP-Address for the nodes and the Cluster-IP and only the role(Listener) should have one of the puplic IPs. But I can only asign a IP-Address to the role, that are in the same Network as the Nodes themself. Example: Node1 - IP :10.0.0.1 SubnetMask: 255.255.255.0 Node2 - IP :10.0.0.2 SubnetMask: 255.255.255.0 Cluster - IP :10.0.0.3 SubnetMask: 255.255.255.0 What I want is to assign an public IP to a new role Role(Listener) - IP: 123.123.123.123 SubnetMask: 255.255.255.224 The Failover Cluster Manager only allows to assign IPs in the same Network 10.0.0.0 Is there a way to assign a public IP to the role without adding Node1 and Node2 public IPs in the same Subnet? We can't asign Node1 and Node2 public IPs like 123.123.123.126 cause of the lack of free public IPs. Greetings!

Answer 1

Hi CaptainPirate, Hope you're doing well. In a Failover Cluster environment, you typically encounter the limitation you described because the Cluster IP and the role IP (Listener) must be on the same subnet for proper network communication. However, there are alternative solutions and best practices to achieve your goal of using a public IP for the role without assigning public IPs to the nodes directly: Option 1: Use a NAT (Network Address Translation) Gateway

1. Set Up a NAT Gateway: (1) Implement a NAT gateway or firewall that has both a private IP address on the cluster network and a public IP address. (2) The NAT device can translate the private IP of the role (Listener) to the public IP when communicating with external clients.
2. Assign Private IP to the Role: In Failover Cluster Manager, assign a private IP address to the role (Listener) that is in the same subnet as the nodes.
3. Configure NAT Rules: Configure NAT rules on the gateway/firewall to translate the private IP of the role to the public IP when traffic is directed to the public IP. Option 2: Use a Load Balancer
4. Deploy a Load Balancer: (1) Introduce a load balancer that has a public IP address. (2) The load balancer can distribute incoming traffic across the nodes in the cluster.
5. Assign Private IP to the Role: In Failover Cluster Manager, assign a private IP address to the role (Listener) that is in the same subnet as the nodes. Option 3: Use VLANs (Virtual Local Area Networks)
6. Implement VLANs: If your networking infrastructure supports VLANs, you can segment the network and create a VLAN for the public IP subnet.
7. Assign VLAN Tagged IP: Assign a VLAN-tagged IP to the role (Listener) within the VLAN that corresponds to the public IP subnet.
8. Configure Switches and Routers: Ensure that network switches and routers are configured to handle VLAN traffic appropriately. For better experience, we suggest you to go to the Microsoft Customer Service Center to open a Premier-level case so that with their permission level and resource, Microsoft could provide you with better help on your request. Best Regards, Ian Xue

---

If the Answer is helpful, please click "Accept Answer" and upvote it. Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.