Hi
I have a question about balance HA in NAT mode, I know the requeriment for the LAN work with a VRRP and I don’t have problem with that. but my question it’s about the WAN.
For the WAN also it’s a VRRP? so I need 3 public ip address for the HA or just need one public ip address and when te slave take the control also get the master public ip address
For me I planning a topology with two ISP so it’s different asking for 6 public ip address or just two.
Hi. For starters … look here … Configuring 1+1 Backup by High Availability (HA). Pay particular attention to @Alan’s diagram’s showing of hardware configurations on the WAN sides of the routers. You must include the switches.
Short answer: If I understand your question correctly, yes. If your hardware layout is correct and your configuration is OK VRRP will “transfer” the WAN addresses from master to slave when the former fails (or, technically, the two routers fail to communicate via the LAN-side using VRRP.
Hi Rick, thanks for your answer, I read the Alan guide, and the diagram does not have any comment about the WAN in NAT mode, just “Separate Ethernet switches”
I my head I think the configuration should be like this.
For example.
LAN master 10.0.0.9/24 VIP 10.0.0.10
LAN slave 10.0.0.11/24
So, for the LAN we are ok. but for the wan I have 2 ISP
ISP 1:
network: 200.10.10.0/29
mask: 255.255.255.248
DG: 200.10.10.1
ISP 2:
network: 200.20.20.0/29
mask: 255.255.255.248
DG: 200.20.20.1
Considering I have the switch internet for L2 connection between our two Balance… I thinking the configuration for the WAN.
Option 1
WAN1 master 200.10.10.2/29 VIP 200.10.10.3
WAN1 slave 200.10.10.4/29
DG: 200.10.10.1
WAN2 master 200.20.20.2/29 VIP 200.20.20.3
WAN2 slave 200.20.20.4/29
DG: 200.20.20.1
So I need 3 vrrp group one for LAN one for ISP 1 and one for WAN2. I’m Ok?
or Option 2:
WAN 1: 200.10.10.2/29
DG: 200.10.10.1
WAN 2: 200.20.20.2/29
DG: 200.20.20.1
This configuration only in a Master Balancer and when the slave take the control also take the WAN IP address.
In option 1 I need 6 public and in the option 2 only 2, so I need to know how to the balancer handling the WAN in NAT mode.
Thanks.
I don’t think I am following you very well, unfortunately. @Alan’s diagram and description is exactly correct. You need one switch for each WAN. (We usually use something like the small, inexpensive, Netgear ProSafe switches with metal cases.)
The routers “talk” with each other via the LAN-side and if the primary router fails or is taken off-line the other will take its place – using the same WANs.
Does that help?
The switch it’s only layer 2, I need to know the layer 3 configuration for the WAN, considering two providers.
HA VRRP running on LAN interface only.
For WAN interfaces, slave device will not hold any public IP address. When HA fail-over happen, slave device will use the same IP that use by the master sharing the same virtual MAC address.
It’s like what you mentioned for Option 2:
WAN 1: 200.10.10.2/29
DG: 200.10.10.1
WAN 2: 200.20.20.2/29
DG: 200.20.20.1
This configuration only in a Master Balancer and when the slave take the control also take the WAN IP address.
Great!
Thanks for your answer!
Regards