DEPLOY-2026-03-07 VyOS HA Migration

Executive Summary

Deployment Type: Infrastructure Migration

Problem Statement: Single pfSense firewall/router was a SPOF. Needed HA routing with VRRP for zero-downtime failover.

Solution: Deployed VyOS HA cluster (vyos-01 + vyos-02) with VRRP VIP, replaced pfSense as primary router/firewall/DHCP.

Environment

Production (Home Lab)

Runbook

VyOS Migration Master Runbook

Risk Level

Low (parallel deployment, instant rollback)

Deployment Information

Field Value

Deployment Date

2026-03-07

Previous State

pfSense 2.7.2 (single instance, SPOF)

Target State

VyOS 1.4 HA cluster with VRRP

Deployment Window

4 hours (planned), 2 hours (actual)

Rollback Plan

Switch default gateway back to pfSense (10.50.1.1)

Affected Systems

All infrastructure (routing, DHCP, firewall)

Infrastructure Deployed

Component Primary Backup

Router/Firewall

vyos-01 (10.50.1.2) on kvm-01

vyos-02 (10.50.1.3) on kvm-02

VRRP VIP

10.50.1.1 (same IP as old pfSense - transparent cutover)

DHCP

vyos-01 (master)

vyos-02 (backup via VRRP)

DNS Forwarding

Points to bind-01/bind-02

Hypervisor Distribution

kvm-01 (primary)

kvm-02 (secondary)