basdusee / vagrant-linux-routers

Vagrant set-up for failover Linux routers using keepalived and Salt for provisioning
MIT License
2 stars 1 forks source link
failover keepalived linux router salt vagrant

Virtual DIY Linux routers!

This is a small excercise to configure Linux servers as (internet facing) routers. It's ment as a virtual solution and as a comparison to the functionality to solutions as Vyatta and NSX Edge routers. The whole thing is created in Vagrant, with SaltStack as provisioning language. It uses Virtualbox as a virtual platform. Testing is only done on a Windows machine due to lack of other equipment. YMMV on other platforms, although it shouldn't be hard to get this running under Linux or some form of BSD.

But Why?!? Because the benefits of a DIY router is flexibility in the solution and freedom to create whatever solution suits your situation. The downside is the complete lack of (commercial) support and the complete responsibility for any form of maintenance.

Installation

What do you need to go wild with this project?

Network design of the Vagrant Linux router thingy

For your amusement, a network diagram: Networkdesign Edge1 and Edge2 are two redundant Edge routers which are connected to the Internet (The "Internet" in this case is a Host-Only network connected to the Virtualbox host). The general idea is to configure these routers Active/Passive or Active/Active. They should be able to replace each other when one of them fail.

Right behind this router there's an "intern" subnet (call it some sort of DMZ, which is not the correct term) to which a single internal router is connected (the Introuter). This router discloses a much more internal subnet which should be anounced to the Edge routers via a routing protocol. There are two webservers connected to this internal subnet. That sounds like a job for a load balancer...

Virtualbox is a little weird considering networking, especially when you use Vagrant. It's very difficult to not use the "NAT" network connector on each router, because this is the interface Vagrant provisions over. So there is a funky default route problem, which points to the "NAT" interface by default. All routers have 10.0.2.15 as an IP on the "NAT" interface, and the default route allways points to 10.0.2.2. I'm still figuring out a good way to solve this.

Design of the DIY routers

The Vagrant routers are all made of "bento" boxes and I use the Debian 9 variety right now. It's really advisable to do a manual (or automated) install of Debian yourself in a real production environment. I do not really know what's in the Bento boxes exactly. The reason for choosing Bento, is the already installed guest drivers, which are needed for provisioning from Vagrant.

Configuration of the routers

Vagrant configures the machines automatically, using it's builtin SaltStack provisioner. I choose Salt because I'm familiair to it. You can use "vagrant provision" to re-provision already created machines. You can just as easily implement this using Ansible or Chef (both supported in Vagrant). There are no special tricks involved in the provisioning which is only accessible to Salt.

Choice of installed software

The routers are configured with (parts of) the following software: