Proxmox Setup with FaultTolerance for Zero Downtime

[spuschmann]

Hi Guys,

i'm planning to setup an Proxmox VE Cluster with 2 Nodes. These two Nodes need to run in a Fault-Tolerant Cluster - meaning that there will be no Downtime when one Node is Broken (Hard or Software).

On this Cluster will run an Loadbalancer and at the beginning 4 StrongSwan IPSec VPN Servers. All the Data will take place on an external HA-Storage.

Is this Setup possible with Proxmox? Or do you have any other Recommendation? The Point is that Re-Negotiating the IPSec Connection on a Server-Fault is no option because it takes too much Time.

Thank you for your Answers.

Sven

 

[ghusson]

search other threads : 2 nodes PVE 4 HA cluster is not supported
min 3 nodes

 

[spuschmann]

I've searched the whole Board ... if you have found a thread for this pleas link to it.

And: Is an 3-Node Cluster possible with Zero-Downtime in Fault-Case?

 

[ghusson]

https://pve.proxmox.com/wiki/Two-Node_High_Availability_Cluster
https://forum.proxmox.com/threads/b...de-proxmox-storage-cluster.26370/#post-132488
3 nodes is OK. But when you lost one node, you are in the hurry

 

[spuschmann]

Thats what i've found too, but my minor Problem is "Zero Downtime" ... we will run IPSec Servers on this Cluster and the takeover have to be done without reconnecting.

In one Sentence: Establishing a new SA or IPSec Connection is not a way to go for us.

And i could not find an Answer for this Question.

 

[ghusson]

PVE does not provides 0 downtime.
When High Availability occurs, the VMS are restarted on an other node.
If you want IPSEC High Availability, look otherwhere (ex : double IPSEC link + BGP ?).

 

[wolfgang]

Hi,

Proxmox VE does not support Fault-Tolerant.

 

[spirit]

qemu devs are currently working to implement it
http://wiki.qemu.org/Features/COLO

But it's not yet ready

 

[jinjer]

your best bet would be to implement it yourself, using two or more KVM virtual machines and threating them as physicals. Then use proxmox to migrate those KVM on physical nodes and abstract yourself from the underlying hardware.

This is how I'm doing it and works treats.

 

[MikeP]

Thats what i've found too, but my minor Problem is "Zero Downtime" ... we will run IPSec Servers on this Cluster and the takeover have to be done without reconnecting.

In one Sentence: Establishing a new SA or IPSec Connection is not a way to go for us.
/QUOTE]

Zero Downtime and takeover without reconnecting is often expensive. Are you talking like an IPSec VPN, like the Cisco VPN (or openconnect, openVPN, etc?)

 

[tschanness]

Hi,
FYI: QEMU 2.8 has COLO built-in. Hope it will come over to proxmox soon

sC

 

[raihan]

your best bet would be to implement it yourself, using two or more KVM virtual machines and threating them as physicals. Then use proxmox to migrate those KVM on physical nodes and abstract yourself from the underlying hardware.

This is how I'm doing it and works treats.

can explain on this workaround

 

[SeyedGH]

Any info about this because we are at 2.12 qemu right now.

 

[wolfgang]

This feature will not come soon.
And it is already not totally stable.

 

[AngryAdm]

How about miaw? Been almost two more years

 

[Harryo]

This feature would be great to have on the virtualization layer. Please xD