this post was submitted on 26 Nov 2023
2 points (100.0% liked)
Homelab
380 readers
9 users here now
Rules
- Be Civil.
- Post about your homelab, discussion of your homelab, questions you may have, or general discussion about transition your skill from the homelab to the workplace.
- No memes or potato images.
- We love detailed homelab builds, especially network diagrams!
- Report any posts that you feel should be brought to our attention.
- Please no shitposting or blogspam.
- No Referral Linking.
- Keep piracy discussion off of this community
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I run pfSense on a 2 node Proxmox "cluster" (cluster in quotes because I don't have quorum for automatic failover). Each host has a dedicated NIC for the firewall's WAN port attached to my modem which is in bridge mode. When I need to do maintenance on the node hosting the FW I do a live migration to the other node. I drop one ping during the migration.
Honestly, when I was designing it I didn't think it would work......but here we are....lol.
Nice. I'll try that myself. Any tips you could share? I assume you have to use the same bridge name for the two interfaces on the two promox nodes for the seemless migration.
Yep, everything is identical across the nodes and I'm using ZFS pools for VM storage.
I also have a dedicated NIC for cluster and replication traffic. So 3 NICs per host; WAN, LAN, and Replication
I am lost. What do you use the third nic for? Do you use it to replicate pfsense or proxmox configurations? If you migrate pfsense vm when necessary, you don't need to replicate its configurations. I must be missing something.
Each of my important VMs disks replicates every 15 mins to the second host as a "warm" recovery image. Also, during migration the VM hard drive and config are sent over the replication NICs I believe.
I suppose I don't "need" the third NIC for replication, but old habits die hard.
Thanks for the tips. I just migrated the pfsense. Great idea!