Vyos - WAN load balancing - Vlans - ESXi

ESXi - Virtual Machines

  • Add interfaces
  set interfaces ethernet eth0 description MEXLINE
  set interfaces ethernet eth0 address dhcp
  set interfaces ethernet eth1 description TELMEX
  set interfaces ethernet eth1 address dhcp
  set interfaces bridge br1 description HOME
  set interfaces bridge br1 address 172.31.255.1/26
  set interfaces ethernet eth2 bridge-group bridge br1
  set interfaces ethernet eth3 bridge-group bridge br1 
  set interfaces ethernet eth4 description GUESTS
  set interfaces ethernet eth4 address 172.31.251.129/26
  set interfaces ethernet eth5 description MANAGEMENT
  set interfaces ethernet eth5 address 172.31.255.241/28

ESXi - Hardware configuration

  • Enable SSH
  set service ssh port 22
  • Enable DHCP
  set service dhcp-server shared-network-name HOME subnet 172.31.255.0/26 default-router 172.31.255.1
  set service dhcp-server shared-network-name HOME subnet 172.31.255.0/26 dns-server 172.31.255.1
  set service dhcp-server shared-network-name HOME subnet 172.31.255.0/26 domain-name home-network
  set service dhcp-server shared-network-name HOME subnet 172.31.255.0/26 lease 86400
  set service dhcp-server shared-network-name HOME subnet 172.31.255.0/26 range 0 start 172.31.255.2
  set service dhcp-server shared-network-name HOME subnet 172.31.255.0/26 range 0 stop 172.31.255.61

  set service dhcp-server shared-network-name GUESTS subnet 172.31.251.128/26 default-router 172.31.251.129
  set service dhcp-server shared-network-name GUESTS subnet 172.31.251.128/26 dns-server 172.31.251.129
  set service dhcp-server shared-network-name GUESTS subnet 172.31.251.128/26 domain-name guests-network
  set service dhcp-server shared-network-name GUESTS subnet 172.31.251.128/26 lease 86400
  set service dhcp-server shared-network-name GUESTS subnet 172.31.251.128/26 range 0 start 172.31.251.130
  set service dhcp-server shared-network-name GUESTS subnet 172.31.251.128/26 range 0 stop 172.31.251.190

  set service dhcp-server shared-network-name MANAGEMENT subnet 172.31.255.240/28 default-router 172.31.255.241
  set service dhcp-server shared-network-name MANAGEMENT subnet 172.31.255.240/28 dns-server 172.31.255.241
  set service dhcp-server shared-network-name MANAGEMENT subnet 172.31.255.240/28 domain-name management-network
  set service dhcp-server shared-network-name MANAGEMENT subnet 172.31.255.240/28 lease 86400
  set service dhcp-server shared-network-name MANAGEMENT subnet 172.31.255.240/28 range 0 start 172.31.255.242
  set service dhcp-server shared-network-name MANAGEMENT subnet 172.31.255.240/28 range 0 stop 172.31.255.254
  • Enable DNS forwarding service
  set service dns forwarding cache-size 0
  set service dns forwarding listen-address 172.31.255.1
  set service dns forwarding listen-address 172.31.251.129
  set service dns forwarding listen-address 172.31.255.241
  set service dns forwarding name-server 1.1.1.1
  set service dns forwarding name-server 1.0.0.1
  set service dns forwarding name-server 8.8.8.8
  set service dns forwarding name-server 8.8.4.4
  set service dns forwarding allow-from 172.31.255.0/26
  set service dns forwarding allow-from 172.31.251.128/26
  set service dns forwarding allow-from 172.31.255.240/28
  • NAT configuration
  set nat source rule 100 outbound-interface eth0
  set nat source rule 100 source address 172.31.255.0/26
  set nat source rule 100 translation address masquerade
  set nat source rule 110 outbound-interface eth1
  set nat source rule 110 source address 172.31.255.0/26
  set nat source rule 110 translation address masquerade

  set nat source rule 120 outbound-interface eth0
  set nat source rule 120 source address 172.31.251.128/26
  set nat source rule 120 translation address masquerade
  set nat source rule 130 outbound-interface eth1
  set nat source rule 130 source address 172.31.251.128/26
  set nat source rule 130 translation address masquerade

  set nat source rule 140 outbound-interface eth0
  set nat source rule 140 source address 172.31.255.240/28
  set nat source rule 140 translation address masquerade
  set nat source rule 150 outbound-interface eth1
  set nat source rule 150 source address 172.31.255.240/28
  set nat source rule 150 translation address masquerade
  • Firewall

Firewall

  set firewall name MEXLINE-IN default-action drop
  set firewall name MEXLINE-IN rule 10 action accept
  set firewall name MEXLINE-IN rule 10 state established enable
  set firewall name MEXLINE-IN rule 10 state related enable
  set firewall name MEXLINE-LOCAL default-action drop
  set firewall name MEXLINE-LOCAL rule 10 action accept
  set firewall name MEXLINE-LOCAL rule 10 state established enable
  set firewall name MEXLINE-LOCAL rule 10 state related enable
  set firewall name MEXLINE-LOCAL rule 20 action accept
  set firewall name MEXLINE-LOCAL rule 20 icmp type-name echo-request
  set firewall name MEXLINE-LOCAL rule 20 protocol icmp
  set firewall name MEXLINE-LOCAL rule 20 state new enable

  set firewall name TELMEX-IN default-action drop
  set firewall name TELMEX-IN rule 10 action accept
  set firewall name TELMEX-IN rule 10 state established enable
  set firewall name TELMEX-IN rule 10 state related enable
  set firewall name TELMEX-LOCAL default-action drop
  set firewall name TELMEX-LOCAL rule 10 action accept
  set firewall name TELMEX-LOCAL rule 10 state established enable
  set firewall name TELMEX-LOCAL rule 10 state related enable
  set firewall name TELMEX-LOCAL rule 20 action accept
  set firewall name TELMEX-LOCAL rule 20 icmp type-name echo-request
  set firewall name TELMEX-LOCAL rule 20 protocol icmp
  set firewall name TELMEX-LOCAL rule 20 state new enable

  set interfaces ethernet eth0 firewall in name MEXLINE-IN
  set interfaces ethernet eth0 firewall local name MEXLINE-LOCAL
  set interfaces ethernet eth1 firewall in name TELMEX-IN
  set interfaces ethernet eth1 firewall local name TELMEX-LOCAL
  • WAN load balancing

Wan load balance

  set protocols static route 1.1.1.1/32 next-hop 192.168.1.1
  set protocols static route 8.8.8.8/32 next-hop 192.168.1.1
  set protocols static route 1.0.0.1/32 next-hop 192.168.4.1
  set protocols static route 8.8.4.4/32 next-hop 192.168.4.1

  set load-balancing wan interface-health eth0 failure-count 4
  set load-balancing wan interface-health eth0 nexthop 192.168.1.1
  set load-balancing wan interface-health eth0 test 10 type ping
  set load-balancing wan interface-health eth0 test 10 target 1.1.1.1
  set load-balancing wan interface-health eth0 test 20 type ping
  set load-balancing wan interface-health eth0 test 20 target 8.8.8.8

  set load-balancing wan interface-health eth1 failure-count 3
  set load-balancing wan interface-health eth1 nexthop 192.168.4.1
  set load-balancing wan interface-health eth1 test 10 type ping
  set load-balancing wan interface-health eth1 test 10 target 1.0.0.1
  set load-balancing wan interface-health eth1 test 20 type ping
  set load-balancing wan interface-health eth1 test 20 target 8.8.4.4

  set load-balancing wan rule 10 description HOME-BALANCING
  set load-balancing wan rule 10 inbound-interface br1
  set load-balancing wan rule 10 interface eth0 weight 6
  set load-balancing wan rule 10 interface eth1 weight 1

  set load-balancing wan rule 30 description GUESTS-BALANCING
  set load-balancing wan rule 30 inbound-interface eth4
  set load-balancing wan rule 30 interface eth0 weight 1
  set load-balancing wan rule 30 interface eth1 weight 9

  set load-balancing wan rule 40 description MGMNT-BALANCING
  set load-balancing wan rule 40 inbound-interface eth5
  set load-balancing wan rule 40 interface eth0 weight 1
  set load-balancing wan rule 40 interface eth1 weight 1