One other gotcha is to make sure your hypervisor and motherboard KVM aren't getting anything from DHCP. If your hypervisor fails to start and you can't see why because your remote management doesn't have an IP...you're gonna have a bad time. Ask me how I know this.One compelling argument against virtualizing a router (of any type) is that bringing down the hypervisor for updates/fixes often requires internet access. If the activity goes bad (you need additional packages, look up a config setting etc) you're SOL because your network connection is down. With the proliferation of tethering smart phones it's not as much of an issue but something to keep in mind, especially if the equipment is remote/lights-out. Unless you're really short on funds/space it's probably better to keep your router as bullet proof as possible (no extraneous dependencies, no moving parts, etc).
With that said, I have run pfSense virtualized on ProxMox and Vmware and haven't had any issues.
Put a Static IP on IPMI, the hypervisor, and one management PC around the house (a NUC, in my case). Ask me how I know this ...One other gotcha is to make sure your hypervisor and motherboard KVM aren't getting anything from DHCP. If your hypervisor fails to start and you can't see why because your remote management doesn't have an IP...you're gonna have a bad time. Ask me how I know this.
All good points. If you run a 2-node cluster like I do, this should not be a concern, though...One compelling argument against virtualizing a router (of any type) is that bringing down the hypervisor for updates/fixes often requires internet access. If the activity goes bad (you need additional packages, look up a config setting etc) you're SOL because your network connection is down. With the proliferation of tethering smart phones it's not as much of an issue but something to keep in mind, especially if the equipment is remote/lights-out. Unless you're really short on funds/space it's probably better to keep your router as bullet proof as possible (no extraneous dependencies, no moving parts, etc).
With that said, I have run pfSense virtualized on ProxMox and Vmware and haven't had any issues.
Its probably a bigger set than this. Consider which parts of your deployment form the "undercloud" - those elements required to launch "the cloud". Make sure they don't have any upstream dependencies on the cloud itself or any applications/services running in the cloud.Put a Static IP on IPMI, the hypervisor, and one management PC around the house (a NUC, in my case). Ask me how I know this ...
I'd love to give an answer that sounds "cool" like via Foreman or Ansible or some tool that sounds like I know what I'm doing.how do you distribute the hosts file, i'm curious.
Being that you have a VM to play with, why don't you try a few different configurations of the VM to see what works best?Is there a guide to setting up Pfsense as VM that you guys suggest? Using esxi 6 for an AIO
Also the specs needed to use it for 10G capable network on a fiber 1G link? Just running 1 VPN from time to time from home to office.
I also have an unused edgerouter er8. Would this be easier to configure? but I was told it won't be 10G capable
Ha try and do dynamic routing without gre ( beter known as interface routing) over ipsec tunnels with itI'm very biased towards pfsense, nothing else I have used touches it
Add a separate dual port+ nic for PFSENSE. Pass it through or just create virtual switches with only the PFsense VM assigned. Then you just run two cables (one from the cable modem, one to the switch) and that's it. Your existing VM host LAN connection will remain plugged into the switch as it is now.I am actually more comfortable with hardware at the front end of the network connection, which is why I am considering the edgerouter. How challenging is it to use a VM(Sophos or Pfsense) instead? Is the network cabling going to be complicated?