Using HSRP,CARP and VRRP within VMware

Hi all,

Just a quick note incase it helps anyone else out there.

I was recently in a lab moving from a vSS (Virtual Standard Switch) over to a vDS (Virtual distributed switch) when I came across and issue with a Pfsense box.

I had two VMs using CARP (which is like HSRP or VRRP) to push about a highly avalible IP address.
Now most vm admins out there will work out that for VRRP or CARP to work you need to enable "Promiscuous Mode" within the vSS or within the port group.


The issue I came across was with Promiscuous Mode and one uplink port (vDS or vSS) CARP was working perfectly however on adding the second uplink port to the vDS, pings to the CARP address were dropping.

Therefore - lesson learned was: When load balaning across multiple nics (or uplink ports in vDS terminology) you need to also be using the load balancing method of "Route Based on IP hash" (with accompanying switch config) if you plan to use CARP or VRRP else it will not work!

Setting up a Vyatta Cluster with VRRP and IPSec Site to Site VPN

Well seeing as we have done this with the closed source alternative (PIX here)
It was time to do the decent thing and do an open source version...so here we go..

Diagram of the lab:




Basic setup of the lab:

Vyatta Cluster Part 1 - Basic Setup from Richard Vimeo on Vimeo.

Part two of the setup:

Vyatta Cluster Part 2 - Basic Setup from Richard Vimeo on Vimeo.

This is the juicy bit, where we setup VRRP, then Clustering and finally, IPsec site to site VPN. (There is some NAT in there too!:)

Vyatta Cluster Part 3 - VRRP, Clustering,VPN etc from Richard Vimeo on Vimeo.

This is where I try and break it!

Vyatta Cluster Part 3 - Testing from Richard Vimeo on Vimeo.

As ever enjoy! and let me know what you think :)