I’m searching for the optimal approach.
I have two ISPs with /31 (yeap single IPv4!) but - they give me - 16 routed (public) ipv4, so i need a:
the /31:
set interfaces ethernet eth0 address ‘1.111.65.41/31’
and
set interfaces dummy dum0 address ‘1.111.3.192/28’ - does not work (!) .192 is on network boundary, but i whoule like to be able to use it (!)
set interfaces dummy dum0 address ‘1.111.3.193/28’
but, having 14 from 16 IP’s is somewhat ok
from ISPTWO i’ve got:
set interfaces ethernet eth2 address ‘1.222.65.41/31’
set interfaces dummy dum2 address ‘1.222.3.193/28’
need to use VRF’s - that is fine.
What i try to accomplish - use both networks at the same time, but in case of fail - use only one.
Also - to be able to live when router fails - so have two VM’s - so basically i search for the best approach and architecture to have - HA and LB at the same time, any hints?
The best way to do this would be two /31’s with BGP advertising you the /28
Having two seperate /28’s, how do you plan that to work? If you have a server, what public IP are you going to give it? If the DNS points to 1.111.3.194 then when that ISP fails you can’t “fail over” to the second one without having to update your DNS. You could round-robin the DNS replies, but during an outage half your incoming connections would fail…
It would be easier to just ignore the /28’s and have a RFC1918 address on your LAN, have two NAT rules, one for traffic going out ISP1 and one for traffic going out ISP2. You just just make ISP1 be more preferred than ISP2. If ISP1 fails, traffic starts going out ISP2 - this of course breaks all sessions etc because suddenly there’s a new public IP involved.
Neither of these solutions work if you want to host service(s) behind your router though - for that you need BGP or VRRP or similar and your ISP needs to be involved.
You don’t mention what you plan to do with these two public networks, if you’re just going to make external connections, or want to run public service(s) on them. But yea, as above, I can’t think of a way to do what you want with what you’ve been given.
Maybe you could write a hacky DNS script that pushes new public IPs to the DNS when things fail over, but then how are you going to renumber your hosts?
Can’t do a dual BGP with one /28 network (this is no-go).
As for outgoing - well idea is pretty straight forward, but maybe someone has load balancing on two ISP?
As for serving requests - well - DNS is good, and it’s not a 24/7 with 99,999 SLA, as for some services i simply say - we make two endpoints or two sip trunks and it works well (two on my side, two on partner side and 2x2)
simply VRF in one Vyos or two VM with separte vyoses ? shared VRRP in LAN?