Setup: EdgeRouter 4 + co-lo + infrastructure

FATeknollogee

• Have a co-lo space.
• Have a block of 25 IP addresses.
• Have 2x ER-4's.
• Have a mix of servers (KVM, Hyper-V).
• Have some vm's (voip, meshcentral etc) that will be public facing (not sure if that's the correct term).

Questions:
Thinking of splitting this into 2, with half the gear behind one ER-4 & the other half behind the second ER-4.
Or just keep it real simple & use one ER-4.

This is just a "thinking-out-loud", "gathering-your-thoughts" therapy session.

Thoughts, feedback & critiquing are very much welcome...

1337

Can't edgerouter do
failover?

scottalanmiller

@Pete-S said in Setup: EdgeRouter 4 + co-lo + infrastructure:

Can't edgerouter do
failover?

As in a live/live cluster? That uses VRRP and yes, they can.

https://help.ubnt.com/hc/en-us/articles/204962174-EdgeMAX-Virtual-Router-Redundancy-Protocol-VRRP-

1337

@scottalanmiller said in Setup: EdgeRouter 4 + co-lo + infrastructure:

@Pete-S said in Setup: EdgeRouter 4 + co-lo + infrastructure:

Can't edgerouter do
failover?

As in a live/live cluster? That uses VRRP and yes, they can.

https://help.ubnt.com/hc/en-us/articles/204962174-EdgeMAX-Virtual-Router-Redundancy-Protocol-VRRP-

Then that is the way to go.

scottalanmiller

@Pete-S said in Setup: EdgeRouter 4 + co-lo + infrastructure:

@scottalanmiller said in Setup: EdgeRouter 4 + co-lo + infrastructure:

@Pete-S said in Setup: EdgeRouter 4 + co-lo + infrastructure:

Can't edgerouter do
failover?

As in a live/live cluster? That uses VRRP and yes, they can.

https://help.ubnt.com/hc/en-us/articles/204962174-EdgeMAX-Virtual-Router-Redundancy-Protocol-VRRP-

Then that is the way to go.

I would agree.

JaredBusch

@scottalanmiller said in Setup: EdgeRouter 4 + co-lo + infrastructure:

@Pete-S said in Setup: EdgeRouter 4 + co-lo + infrastructure:

@scottalanmiller said in Setup: EdgeRouter 4 + co-lo + infrastructure:

@Pete-S said in Setup: EdgeRouter 4 + co-lo + infrastructure:

Can't edgerouter do
failover?

As in a live/live cluster? That uses VRRP and yes, they can.

https://help.ubnt.com/hc/en-us/articles/204962174-EdgeMAX-Virtual-Router-Redundancy-Protocol-VRRP-

Then that is the way to go.

I would agree.

It is the best thing to do. Sadly I have never had the leisure to actually test it. I have a pair of ERL in colo but they were put in place long before this feature was added.

FATeknollogee

I'll add this to my list & test VRRP next week!

FATeknollogee

How about managing the IP's/port fwd etc between the router & the various vm's that are downstream?

1337

@FATeknollogee said in Setup: EdgeRouter 4 + co-lo + infrastructure:

How about managing the IP's/port fwd etc between the router & the various vm's that are downstream?

Both firewalls have the same rules. You have a virtual IP, a VIP, and it belongs to the router in charge (master). If one router goes down the other one takes over the VIP.

Ideally there should also be state table synchronization between the routers. But it will probably work fine without it, just that clients needs to reestablish the link when you have a failure and the VIP moves to the other router.

1337

Out of your 25 IPs you will need one IP for each router and the rest are VIPs.

In a load sharing config you would have say 12 VIP normally belonging to router 1 and 11 VIPs normally belong to router 2.
If one router fails the other one takes over all VIPs.

1337

On your LAN side each router would also have their own IP. And then minimum one VIP that would be the default gateway.

In load sharing config you would have two VIPs, each being the default gateway for their group of VMs.

FATeknollogee

@Pete-S I'm more talking about how to manage the Public IPs being routed to the correct vm's for services like VOIP.

1337

@FATeknollogee said in Setup: EdgeRouter 4 + co-lo + infrastructure:

@Pete-S I'm more talking about how to manage the Public IPs being routed to the correct vm's for services like VOIP.

As I said the firewalls have the same rules. The rules uses the VIPs. So you manage it the same as always.

PS. Read up a little on how VRRP works. Then it will be clearer. You will have lots of problems with configuring it all otherwise.

scottalanmiller

@JaredBusch said in Setup: EdgeRouter 4 + co-lo + infrastructure:

@scottalanmiller said in Setup: EdgeRouter 4 + co-lo + infrastructure:

@Pete-S said in Setup: EdgeRouter 4 + co-lo + infrastructure:

@scottalanmiller said in Setup: EdgeRouter 4 + co-lo + infrastructure:

@Pete-S said in Setup: EdgeRouter 4 + co-lo + infrastructure:

Can't edgerouter do
failover?

As in a live/live cluster? That uses VRRP and yes, they can.

https://help.ubnt.com/hc/en-us/articles/204962174-EdgeMAX-Virtual-Router-Redundancy-Protocol-VRRP-

Then that is the way to go.

I would agree.

It is the best thing to do. Sadly I have never had the leisure to actually test it. I have a pair of ERL in colo but they were put in place long before this feature was added.

Yeah, but I have been authorized to make some upgrades that will free up an ERL for us, and we have an ERL in our colo. So maybe I'll ship one out there to do this soon. That would be an awesome project.

JaredBusch

@scottalanmiller said in Setup: EdgeRouter 4 + co-lo + infrastructure:

@JaredBusch said in Setup: EdgeRouter 4 + co-lo + infrastructure:

@scottalanmiller said in Setup: EdgeRouter 4 + co-lo + infrastructure:

@Pete-S said in Setup: EdgeRouter 4 + co-lo + infrastructure:

@scottalanmiller said in Setup: EdgeRouter 4 + co-lo + infrastructure:

@Pete-S said in Setup: EdgeRouter 4 + co-lo + infrastructure:

Can't edgerouter do
failover?

As in a live/live cluster? That uses VRRP and yes, they can.

https://help.ubnt.com/hc/en-us/articles/204962174-EdgeMAX-Virtual-Router-Redundancy-Protocol-VRRP-

Then that is the way to go.

I would agree.

It is the best thing to do. Sadly I have never had the leisure to actually test it. I have a pair of ERL in colo but they were put in place long before this feature was added.

Yeah, but I have been authorized to make some upgrades that will free up an ERL for us, and we have an ERL in our colo. So maybe I'll ship one out there to do this soon. That would be an awesome project.

Don't think I would try and live test in colo.

scottalanmiller

@JaredBusch said in Setup: EdgeRouter 4 + co-lo + infrastructure:

@scottalanmiller said in Setup: EdgeRouter 4 + co-lo + infrastructure:

@JaredBusch said in Setup: EdgeRouter 4 + co-lo + infrastructure:

@scottalanmiller said in Setup: EdgeRouter 4 + co-lo + infrastructure:

@Pete-S said in Setup: EdgeRouter 4 + co-lo + infrastructure:

@scottalanmiller said in Setup: EdgeRouter 4 + co-lo + infrastructure:

@Pete-S said in Setup: EdgeRouter 4 + co-lo + infrastructure:

Can't edgerouter do
failover?

As in a live/live cluster? That uses VRRP and yes, they can.

https://help.ubnt.com/hc/en-us/articles/204962174-EdgeMAX-Virtual-Router-Redundancy-Protocol-VRRP-

Then that is the way to go.

I would agree.

It is the best thing to do. Sadly I have never had the leisure to actually test it. I have a pair of ERL in colo but they were put in place long before this feature was added.

Yeah, but I have been authorized to make some upgrades that will free up an ERL for us, and we have an ERL in our colo. So maybe I'll ship one out there to do this soon. That would be an awesome project.

Don't think I would try and live test in colo.

http://www.quickmeme.com/img/08/085260da739d5f8723a626ab23a0da4623be9458998bfc91b38c57cdffec16d4.jpg