- Joined
- May 21, 2019
Load balancing across two routers is a lot harder than most people think it is. Bear in mind that he’s in colo, paying per rack unit, and only has 1 upstream carrier, 1 advertisable /24, and most likely 1 physical uplinkI am also a big fan of Mikrotik RouterOS systems, they are very simple to setup, manage, and apply firewall/access rules to. I've run multiple ones for SMB's and they are rock solid.
The CRS326-24S+2Q+RM is overkill as he will never get a QSFP+ line run from the Colo to his rack unless it's sub 10M. The cable cost alone will be fucking insane. A 10gbps native RouterOS built device CCR1036-8G-2S+ will give Dual 10gbps connetions to the colocation for redundancy, redundant power, and an m.2 slot for a quick network cache. Downside is only 8 network ports @ 1gpbs. I'd have to look to see if you can bond multiple lines together via the device.
I'll assume @Null that your server(s) have 1gb network cards in them? Would you be willing to upgrade them, or can you upgrade them, to 10gbps cards?
I personally would stay away from Fiber at all costs unless you want to go full on fiber for everything at which there are other models of Routers to recommend. Fiber is expensive and there is little to gain from using fiber sub 10gbps speed.
At some point you will reach the tipping point of separating your Router from your Switch for 2 devices. In fact that might be a better idea to have TWO routers in a Round Robin mode to alleviate some of the stress on your router. This will require some networking guru work and some special software but you alleviate the bottleneck and make it difficult (not impossible) to take your network down.
PFSense is a fantastic piece of software and very customizable, buy the hardware which comes with a support contract and you'll get some Sales Engineer support as well to advise you on Best practices:
Netgate 1541 BASE pfSense+ Security Gateway
The Netgate 1541 1U 19" rack mount system is a state of the art Security Gateway appliance with pfSense® Plus software featuring the 8 Core Intel® Xeon® D-1541 processor with AES-NI to support a high level of I/O throughput and optimal performance per watt. This appliance with pfSense Plus...shop.netgate.com
Whatever you do, at this rate, DO NOT ROLL YOUR OWN ROUTER SOFTWARE AND INSTALL IT ON A SERVER! DO NOT! NO NO NO NO NO. Your life is fucking hell as it is, and to troubleshoot HARDWARE as well as SOFTWARE is a pain in the proverbial dick. If you want to enjoy your time in Estoniastan spend the money get a refurb ENTERPRISE grade equipment and call it a day. It's cute for the house but not for high traffic sites like this. If you like sleep you won't do this.
P.S. Don't hate me for tagging you.
On the ‘round robin’ front, the biggest problem by far is that you only get 1 uplink from your carrier, even if you’re in a DC and they’ve given you a cross connect to the carrier. You can only plug this into 1 device. Sure, you can put a switch in front of it and plug 2 routers into it, but this doesn’t load balance your traffic across both.
HSRP (Cisco) or VRRP work by floating 1 IP address across multiple devices; there is always a master, and the traffic always goes to the master. All the switch in front will see is a MAC address sitting on one port, and that is where it will forward traffic
if you want to load balance across two routers, you need a switch operating at layer 3, with ECMP set up on the switch pointing to both of the routers. If Josh did this, the switch would have to advertise his prefix to his upstream peer which just means his switch would just end up becoming a router anyway. At this point, just go and buy a router and forget the switch, or buy a mellanox SN2700
Also, I’d like to address the whole ‘everything SFP is expensive’ I’ve seen on here from a few people:
Cisco SFP-H10GB-CU1M Compatible 10GBASE-CU SFP+ DAC Twinax Cable - FS Australia
FS for Cisco compatible SFP-H10GB-CU1M 10G SFP+ to SFP+ direct attach cable operates over passive copper with a maximum reach of 1m, which is a cost-effective solution for high bandwidth and high-speed interconnection.
My advice:
Easy mode: buy a thicc ass box in a 1RU form factor with a dedicated NPU/ASIC that can handle DoS protection, firewall, and routing all in 1 box. Cisco, Palo, Juniper or Fortinet all have boxes for this, my personal recommendation is Fortinet (see my post above) just because of personal experience. Not gonna hate on the cheaper vendors like Mikrotik, just haven’t used them that much.
Hard mode: buy a 1RU server with a good cpu and at least 16GB memory, buy some 10GbE SFP+ NICs off ebay (mellanox pls), install RHEL and run FRR.
