Virtualizing my router - any experience to share? Pos/cons?
-
Even if the virtualized router is down, I'll still have access to the physical server over the network until the DHCP lease expires. The switch does the work of delivering my packets on the LAN, not the router.
Yes, of course it depends on your network topology. If you have a link in the same subnet you're good (and can configure a static IP if need be). But if you're using vlans you can get in a pickle if the router is down. In my setup everything on the user side is segregated so if the router goes down I have to take a dedicated management laptop and plug into the host management network directly on the management switch where i keep a port empty. This maintains segregation and in practices means I take my ancient Acer Aspire One used for nothing else into the server room that looks strangely like a laundry room and plug it in.
-
-
Without a 3rd they can get confused if they loose contact but both nodes are up. Like both are in charge as one vote is enough
-
my isp also does pppoe, i have a virtual pfsense, 1gbps up/down, it's never been an issue for me. ive had this setup for maybe three years.
-
Do a speed test and run htop... you'll see CPU usage only on one core spiking. Not a big deal if your CPU can handle it, but the AMD GX-412TC in the APU2 I was using is too slow.
-
Yeah, it's /etc/pve/corosync.conf you can set quorum votes to 2 for a device. But it's easy to get the file overwritten. Link
Or you can use pvecm expected 1 on both hosts or pvecm --votes 2 on one device.
-
That's it. Been a long time since I had to use that and I found it had it's issues so I moved to the qdevice without a third node.
-
I have 2 vcpu (host) for the pfsense vm, xeon e5-2667 3.2ghz, i see both cpu hit about 80% max during speed tests.
-
How fast is your internet?
-
1gbps symmetrical
-
Thanks, this is good data!
-
I considered something like this at one point, but I ended up installing OpenWRT on my existing router instead because what I ultimately wanted was more flexibility, and was concerned about a single point of failure. Now, I have the ability to do things like always run certain devices through a VPN, block specific devices from the internet with a firewall, as well as DNS for self-hosted stuff.
-
Yeah, this might be the way to go. OpenWRT supports hardware NAT with many of these ARM-based routers like many of the MediaTek-based ones, which gives them super high throughput at very low CPU usage. The efficiency blows x86 out of the water. The ability to migrate your OpenWRT config to new hardware (real or virtual) in the future means you kinda get the best of both worlds....
-
Wrapping up this thread, I really appreciate all the opinions and experiences everyone shared! Gave me lots of new perspectives to think about.
