I have a VyOS remote gateway that has two public IP[v4] addresses and connects to the local network using a tunnel for each. OSPF is used to make routing possible without double NAT.
Because of the use of dynamic routing, and this notice (on this page)…
WAN Load Balacing should not be used when dynamic routing protocol is used/needed. This feature creates customized routing tables and firewall rules, that makes it incompatible to use with routing protocols.
…I have not configured source routing properly, resulting in only one of the public addresses responding when the system boots up, and it won’t respond at all until it’s “nudged” into place by some manual intervention.
My options are (1.) either returning to pfSense which doesn’t need any special config but has a performance penalty that’s hard to ignored in comparison to VyOS, or (2.) try to work around it, I just need to do a little research, I think.
I’m not very familiar with VRF [lite] other than theory, and by theory I mean branded implementations of it, but I thought I could maybe use it to partition the router in two virtualrouters/sides, each would then have a single WAN with a single intranet-facing tunnel and even it’s own OSPF domain(?), I believe.
The dual tunnels are not so much a fail over construct but more a load-balancing one, therefore that — the load balancing — can be performed further inside the network as long as there’s 1-to-1 mapping of endpoints along the way. On pfSense this was (inbound failover, outbound load balancing) done on completely different devices and it worked. For inbound connectivity, DNS already provides some rudimentary fail over, although the single point of failure on the local side kinda makes it a moot point. It’s more likely for both tunnels to be down if that were the case.
Is this feasible though? Is this a something VRF can be used for? Or alternatively, could I just do the source routing rules described here without any other attempt for balancing or whatever and keep OSPF?
Thanks!