1
High availability / Seeking guidance on moving WAN phy on a live ha firewall pair
« on: May 01, 2024, 08:47:32 pm »
Hai all!
SO!
snazzy new internet upgrade happens... woohoo....
however now my firewall pair's wan interface is no longer fast enough to consume the additional bandwidth.
Fortunately, my firewall pair **DOES** have available and unutilized interfaces which ARE capable (copper 10G)
(I'm using the 10G SFP interfaces on it currently)
so in specific:
so both firewalls have the above rough topology.
essentially I want to identify the least problematic way to accomplish the goal of
move everything interacting with the physical connection 'igb1' to the physical connection 'ixl0'
on the firewall pair.
I can certainly cease using the standby for a bit
(ie power it off to prevent wobbly bits from making things harder than they need to be while reconfiguring)
but I'm not sure what the best way forward is...
I have a couple ideas, but before grabbing the scissors, blindfold, and running shoes, It felt prudent to reach out here and ask what others' experience has been.
anyone have any guidance or experience they care to share?
SO!
snazzy new internet upgrade happens... woohoo....
however now my firewall pair's wan interface is no longer fast enough to consume the additional bandwidth.
Fortunately, my firewall pair **DOES** have available and unutilized interfaces which ARE capable (copper 10G)
(I'm using the 10G SFP interfaces on it currently)
so in specific:
- igb0 **Heartbeat**
- igb1 **current WAN**
- igb2 **secondary unconfigured wan ((project for tomorrowland/not in scope here))**
- igb3 **virtual endpoint vlan**
- ixl0 *currently unused*
- ixl1 *currently unused*
- ixl2 **LAGG0.0**
- ixl3 **LAGG0.1**
- lagg0 (many vlan interfaces for internal traffic)
so both firewalls have the above rough topology.
essentially I want to identify the least problematic way to accomplish the goal of
move everything interacting with the physical connection 'igb1' to the physical connection 'ixl0'
on the firewall pair.
I can certainly cease using the standby for a bit
(ie power it off to prevent wobbly bits from making things harder than they need to be while reconfiguring)
but I'm not sure what the best way forward is...
I have a couple ideas, but before grabbing the scissors, blindfold, and running shoes, It felt prudent to reach out here and ask what others' experience has been.
anyone have any guidance or experience they care to share?