Thanks David Regards Michael Knill
From: David Kerr <da...@kerr.net> Reply to: AstLinux List <astlinux-users@lists.sourceforge.net> Date: Thursday, 3 February 2022 at 7:51 pm To: AstLinux List <astlinux-users@lists.sourceforge.net> Subject: Re: [Astlinux-users] WAN Bridge interface If you are looking for redundancy on the WAN uplink then the way to do it is with bonded interfaces not bridged interfaces, assuming the other end supports bonds (also known as Link Aggregation) then the network layer will take care of it all. Astlinux out-of-the-box does not support bonded interfaces, I have added support in my version of Astlinux (on my Github, in the develop branch). I have bonded interfaces on both my WAN and LAN. The WAN has two ethernet cables connecting to my cable modem. The LAN has two ethernet cables connected to my switch that is configured with a LAG (link aggregation group), you need a managed switch that supports LAG. I did it because my Comcast/Xfinity service will deliver 1.4Gbps download speeds, and one ethernet cable maxes out at just under 1Gbps, so to get the most out of my internet service I need to be able to pump more through the Astlinux gateway than a single cable will allow. But you also get redundancy, disconnect one of the two bonded cables and the system doesn't miss a beat (but max throughput drops to 1Gbps). David On Wed, Feb 2, 2022 at 6:28 PM Michael Knill <michael.kn...@ipcsolutions.com.au<mailto:michael.kn...@ipcsolutions.com.au>> wrote: Hi Lonnie It's the firewalls that are configured for failover using FireCluster. They use VRRP as I just found out: https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/ha/cluster_ap_cluster_id_wsm.html?Highlight=firecluster%20mac%20address Regards Michael Knill On 3/2/22, 9:23 am, "Lonnie Abelbeck" <li...@lonnie.abelbeck.com<mailto:li...@lonnie.abelbeck.com>> wrote: Interesting, but I don't quite understand how the upstream multihomed link works. If the AstLinux WAN bridge interface has a static IP and gateway, how is this a failover situation ... unless like you mentioned a VRRP (keepalived) setup. Is the AstLinux static gateway IP ARP'ing to different MACs depending on some magic upstream? All in the same subnet? If "yes" above, then this would indeed be a special case where you would want the WAN to be a bridge interface. Lonnie > On Feb 2, 2022, at 4:04 PM, Michael Knill <michael.kn...@ipcsolutions.com.au<mailto:michael.kn...@ipcsolutions.com.au>> wrote: > > It's a static address with the gateway address shared on the firewalls as active and standby. Not sure if they have a virtual address like VRRP but doesn't make any difference from Astlinux's perspective. > I did some testing and all seemed to work. Its on a Qotom box so I assume performance should not be an issue. > > Regards > Michael Knill > > On 3/2/22, 9:00 am, "Lonnie Abelbeck" <li...@lonnie.abelbeck.com<mailto:li...@lonnie.abelbeck.com>> wrote: > > Hi Michael, > > It would be a special case where you would want the WAN to be a bridge interface. > > How is the WAN interface's IP address defined? > > I'm not sure how your two WAN trunks are routed to your bridge interface. > > But, if a 2-port ethernet switch would work, so should a 2-interface linux bridge. > > Lonnie > > > > >> On Feb 2, 2022, at 3:33 PM, Michael Knill <michael.kn...@ipcsolutions.com.au<mailto:michael.kn...@ipcsolutions.com.au>> wrote: >> >> Hi Group >> >> I have set up two ports on my Astlinux box into a bridge and allocated to the WAN interface. These ports are connected behind a primary and failover Watchguard firewall as a DMZ interface. The LAN interface connects to the Voice VLAN making this system a VPN router only for about 70 phones. >> >> Just wanting to know if anyone can see any issues with this architecture as I haven’t used bridge interfaces before. >> It just seems better than sticking a switch in between creating another single point of failure. >> >> Regards >> >> Michael Knill >> Managing Director >> >> D: +61 2 6189 1360 >> P: +61 2 6140 4656 >> E: michael.kn...@ipcsolutions.com.au<mailto:michael.kn...@ipcsolutions.com.au> >> W: ipcsolutions.com.au<http://ipcsolutions.com.au> >> >> <image001.png> >> Smarter Business Communications >> >> _______________________________________________ >> Astlinux-users mailing list >> Astlinux-users@lists.sourceforge.net<mailto:Astlinux-users@lists.sourceforge.net> >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org<mailto:pay...@krisk.org>. > > > > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net<mailto:Astlinux-users@lists.sourceforge.net> > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org<mailto:pay...@krisk.org>. > > > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net<mailto:Astlinux-users@lists.sourceforge.net> > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org<mailto:pay...@krisk.org>. _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net<mailto:Astlinux-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org<mailto:pay...@krisk.org>. _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net<mailto:Astlinux-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org<mailto:pay...@krisk.org>.
_______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
