OPNsense Forum

English Forums => Tutorials and FAQs => Topic started by: trifly on August 20, 2020, 04:47:47 pm

Title: High Availability on Layer 3
Post by: trifly on August 20, 2020, 04:47:47 pm

Hello everyone,

I'm currently running an OPNSense on an vSphere server in order to make tests before use this solution in AWS Cloud.

One of my main purpose is to be able to have a cluster of OPNsense where the HA works on Layer 3.

Let me explain : Our goal is to run 2 EC2 instances of OPNsense on AWS with each one is in a different VPC.
The result of this kind of architecture is there is no possiblity to have a common L2 subnet to use for HA CARP.

I was wondering if it will be possible to use the VXLAN (or GENEVE) feature as a workaround and use this interface to achieve to an operational HA.

Some of you have experienced this kind of solution and if it's not possible, is there an alternative solution to resolve this "issue" ?

Thanks for your time,

Trifly

Title: Re: High Availability on Layer 3
Post by: vrmartins on June 30, 2021, 07:49:42 pm

Hi Trifly,

Did you manage to solve this issue?

I want to implement this same scenario in the AWS environment. If you did, how did you get the solution?

Title: Re: High Availability on Layer 3
Post by: neilh2048 on June 07, 2023, 10:05:16 pm

Hi All

Is this still an issue for people?  As i have a working OPNsense HA cluster in AWS, running on 2 EC2 instances across 2 availability Zones.

Whilst is not as streamlined as a local hardware failover, it does move the Elastic IP's over automatically, and take a few mins to complete the failover.

If people are still struggling with this, drop a response in here, as im considering writing a blog post up on how to do this.

Title: Re: High Availability on Layer 3
Post by: clopmz on June 20, 2023, 08:36:19 am

Hi neilh2048,

I am trying to accomplish the same scenario but in GCP instead of AWS ... have you used load balancers? IN GCP, load balancers fail to health-check.

It could be awesome if you write some lines regarding your configruation.

Thanks

Title: Re: High Availability on Layer 3
Post by: breavman on August 13, 2023, 11:48:05 am

Hi neilh2048,

I am just researching to achive exactly the same scenario. Opnsense server configuration for HA on 2 aws AZs. I am considering different solutions: a) DNS Active/passive  b) ALB (more costs) c) EIP reassignation (with health checks and configuration scripts). c) solution is my prefered one. Could you share some information about your solution?

Thanks in advance.