VyOS HA Migration - Issues

Lessons Learned

Category	Lesson
Planning	Parallel deployment allowed testing without disruption. Kept pfSense running until VyOS validated.
VRRP	Use different VRID per interface. Same VRID on multiple interfaces caused conflicts.
DHCP	VyOS DHCP uses ISC dhcpd config syntax. Migrated pfSense DHCP reservations manually.
Documentation	Master runbook pattern (orchestrator + sub-runbooks) worked well for complex migration.

Category

Lesson

Planning

Parallel deployment allowed testing without disruption. Kept pfSense running until VyOS validated.

VRRP

Use different VRID per interface. Same VRID on multiple interfaces caused conflicts.

DHCP

VyOS DHCP uses ISC dhcpd config syntax. Migrated pfSense DHCP reservations manually.

Documentation

Master runbook pattern (orchestrator + sub-runbooks) worked well for complex migration.

Item	Status
pfSense	Decommissioned 2026-03-07, VM deleted
VyOS HA	Operational, monitored via Wazuh
BIND DNS	Updated A/PTR records for vyos-01, vyos-02, vyos-vip
Documentation	17-phase runbook in domus-infra-ops

Item

Status

pfSense

Decommissioned 2026-03-07, VM deleted

VyOS HA

Operational, monitored via Wazuh

BIND DNS

Updated A/PTR records for vyos-01, vyos-02, vyos-vip

Documentation

17-phase runbook in domus-infra-ops