cluster with 3 subnets?


#1

Good afternoon

I just wonder if cluster works for 3 subnets, too…

Actually, I have the usual setting:

www -- VyOS -- LAN
        |
       DMZ

In case VyOS goes offline, I’d like to have a failover, so we get:

       +--- VyOS Router 1 ---+
       |         |           |
www ---+        DMZ          +--- LAN
             |           |
       +--- VyOS Router 2 ---+

The DMZ should communicate over the active VyOS Router…

Is this possible?

Or do I need to create this schema:?

VyOS R1
VyOS R3
www --- Cluster --- VyOS Router --- Cluster --- LAN
        VyOS R2          |          VyOS R4
                         |
                      VyOS R5
                      Cluster
                      VyOS R6
                         |
                         |
                        DMZ

Thanks for any hint!,
Kind regards,
Thomas


#2

I highly prefer VRRP/ keepalived. You can use it for multiple subnets/interfaces/IPs. Just 2 VyOS routers in a active/backup pair can service all 3 VLANs/subnets


#3

Hi :slight_smile:

Just out of curiosity, why VRRP instead of cluster? I haven’t tested VRRP, as my cluster (with many VLANs) has been working without issues so far.


#4

Hi jl3128, thank you very much for your answer!
I started testing VRRP and it looks very promising because of the sync-group feature.
Kind regards,
Tom


Hi vindenesen,
I assume because VyOS is not able to create multiple cluster groups.
And in my example, if the LAN or WWW interface fails, then the DMZ-Interface must be switched to the other VyOS Router, too.
I’m pretty sure this can not handled with a cluster with only one group.
And because of the VRRP sync-group this situation han be handled.

Kind regards, Tom


#5

Good point. This isn’t an issue with my setup since I run VyOS in ESXi and only use one virtual interface with several VLANs. If the physical server has issues with it’s interfaces, then the active node will not reach the specified monitor addresses, and it will perform a failover.