Hello,
In my company we utilize Palo Alto firewalls, and they have a feature called “virtual routers”. You could have two virtual routers on a physical device, and that would logically be like two physical routers. I was wondering if VyOS has a way to do this. It would involve two interfaces being on the same subnet. I don’t know if this can be accomplished with route policies and tables, or if it’s not possible at all. I’ve read that Linux based systems allow for multiple interfaces on the same subnet. I tried experimenting with route policies but didn’t have much luck. Here would be an example:
Eth0 = 1.1.1.1/30
Eth1 = 192.168.1.1/24
Eth2 = 1.1.1.2/30
Eth3 = 192.168.2.1/24
Eth0 and Eth1 would be one “separate” router instance, while Eth2 and Eth3 woudl be another. Their connection would be Eth0 and Eth2. Again, not sure if this is possible on VyOS but thought I’d ask. Thanks!
Ken
Hi Ken,
The most common way to make virtual routers is to install a hypervisor on the physical host, such as KVM, ESXi, or another, and setup multiple VMs. If you already have a hypervisor setup, just move VyOS to VMs. I’ve been doing that for a long time, in production as well as in labs. This way they can be separated at the datalink layer without any need for a special setup.
If you are limited to one physical device, that’s more complicated. This is doable in the Linux kernel indeed, through network namespaces, and we are planning to add support for it to VyOS at some point, but it’s a big and complex change, so it may take quite some time. While minimal support for assigning NICs to namespaces is relatively straightforward, making every feature namespace-aware and running multiple copies of the routing protocol stack and other services in different namespaces is not so simple.
Thank you for the reply! I will poke around documentation and see what I can come up with. Hats off to the developers! I’ve really enjoyed using VyOS!!
1 Like