I would like to failover my home internet connection in the event my primary vyos system has a hardware failure.
Current network is connected like this:
ISP → Cable Modem - > fw-01/eth0
Changing to:
ISP → Cable Modem → switch(vlan500)
fw-01/eth0 → switch(vlan500)
fw-02/eth0 → switch(vlan500)
Under normal operation fw-02/eth0 must be in the down state as the ISP expects to see a single device. Additionally, the provider expects that device to have a specific mac. Therefore fw-02 will be configured to clone the mac of fw-01.
Here is my thoughts, any input appreciated. if there is a better way to accomplish this, i would not be opposed to it.
- Because the isp expects a single device (+ both device now having the same mac), only one device can have there eth0 up.
- configure vrrp for a local net, say vlan 1. the local net can function normally and maintain a vip for my 172.20.10.0/24 subnet.
- enable/disable of the eth0 interface will be triggered by vrrp failover for vlan 1.
psuedo code, just to get the logic across
if this IS the master for vrrp vlan1:
if eth0 is not enabled:
sleep 5
delete interfaces ethernet eth0 disable
else:
if eth0 is enabled:
set interfaces ethernet eth0 disable
The other issue i can think of is due to not having an active eth0 on fw-02, it essentially would not have internet access until failover. I’m thinking maybe to add a static 0.0.0.0/0 to 172.20.10.1 with high distance.