Extending LAN Subnet Between Datacenters?
-
Hello Folks,
I'd like to extend our LAN subnet (192.168.1.x) between two datacenters. Both have a pfSense firewall and a public IP range on the WAN. Can someone point me to the best way to accomplish this?
We have a Hyper-V environment that replicates to another datacenter. I'd like to be able to fail over a VM and when powering on the VM in the second datacenter, have it come up and not have to change its LAN IP.
-
The options that come to mind are site to site VPN (encrypted), https://doc.pfsense.org/index.php/OpenVPN_Site_To_Site and GRE (unencrypted), https://doc.pfsense.org/index.php/GRE_Interfaces .
-
Just be careful when you "extend" your subnet. If you forward broadcasts across the, then devices from one datacenter may pick-up an IP and use the gateway from the other datacenter.
You'll probably not want to allow broadcasts, which can cause issues with some services, or limit each datacenter on which devices get an IP address from the relative local DHCP.
I do not have experience in this area, so maybe someone else could add more to this, but I know this could be a real issue.