I am trying to set up a HA-design with 2 vDoms. For load balancing reasons I want to locate the two vDom’s in different vCluster with separate active/ passive priority.
A problem occurs when the two vdom need to share some infrastructure and therefor inter-vDom-links are needed. I know vdom-link across vcluster is not supported, and physical links should be used. This give another problem, since overlapping subnets is not allowed by default. I know this can be changed by a systemsetting, but is such design supported?
As far as I understand; physical inter-vDOM-links needs 2 software switches with two physical interfaces each on both HA-member; together 4 interface on each member:
SoftSwitch1@member1 <=> SoftSwitch2@member1
SoftSwitch1@member1 <=> SoftSwitch2@member2
SoftSwitch1@member2 <=> SoftSwitch2@member1
SoftSwitch1@member2 <=> SoftSwitch2@member2
Is this correct or am I complicating the design here and will this work?
This came out way cheaper than a small ISR and you could use any opensource router ( bird, quagga/zebra,etc....) and add one hop ( vyatta )
It's probably better than crafting softswitch and wastes no additional ports. This setup works great in a stack env like cisco or juniper switches. If you had a L3 Switch, you could do the vlan 61/62 for example as a SVI and if required in a vrf-lite if the situation warrants. BTW: I think the customer in this case did actually do that, I didn't follow up on what happen.
We later started plumbing dual 1gige ports to the virtual stack so we have pretty much 100% multi-path and the vyatta instance was on a ESX server with HA for the vyatta instance.
Just food for thought.
PCNSE
NSE
StrongSwan
emnoc wrote:This came out way cheaper than a small ISR and you could use any opensource router ( bird, quagga/zebra,etc....) and add one hop ( vyatta )
Thanks,
I consider 2 different designs; and in both scenarioes the WAN-access is shared. I feel that adding a third part router linke vyatta will make the design more complicated to debug and maintain.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.