Router failure prompts review of setup

HA/CARP/VIPs
Log in to reply
  • S

    I had a catastrophic router failure yesterday that has me questioning my setup and looking for some thoughts as to changing my config.

    Current setup

    4 GS724TS Netgear Switches (HDMI Ring 10G Backbone) These stack and become 1 switch from a management perspective.
    I have two on my network rack and 2 on my server rack, the two on the network rack are configured so port 21 and 22 are LACP for the LAGG.

    I have 1 APU as the primary router and my old primary router running full install as my secondary (have second APU sitting on my desk to replace router).

    On both routers I have all my networking configured in a LAGG with vlans on top.  Router 1 is plugged into port 21 on both switches and Router two is plugged into port 22 on both switches.

    I better add a picture.

    Wow I should charge people for diagrams!

    one issue I have seen with this config, reboot router and it never becomes master because its seeing its own CARP advertisments. ( I have to pull one of the network cables from the switch)
    another issue is layer 2 QOS tagging with the APU. https://forum.pfsense.org/index.php?topic=80408.0
    I have been trying to tag VOIP traffic with 802.1p tag of IC but I don't see that tag in packet captures on the router or the wireless bridge that I expect to see the tag at.

    I have 3 WAN connections & 7 networks behind my PFSense all configured via VLANs on the LAGG between two interfaces.

    Should I ditch the LAGG?

    APU Interface 0 VLAN 3 WAN Connections
    APU Interface 1 VLAN LAN + several other low usage vlans
    APU Interface 2 VLAN Wireless (WISP Traffic using Captive Portal) + several other low usage vlans

    The most traffic would ever pass thru the router from the LAN to Wireless, so I should run those on separate interfaces?

    I hope to redeploy 2 freshly, properly configured APU's by Monday :) All thoughts appreciated

    0
  • M

    @salmonbaytech:

    On both routers I have all my networking configured in a LAGG with vlans on top.  Router 1 is plugged into port 21 on both switches and Router two is plugged into port 22 on both switches.

    Are you sure the Netgear switches do LACP across the two switches (As in you can plug a cable into each switch and correctly bring up the trunk to PFSense)? Generally when you are doing LACP, it needs to be the same layer devices on the ends. HP has a few switches that will do it –- I believe they call it distributive trunking.

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy