I'm struggling with the physical cabling of adding a warm spare. We currently have a single ISP with /29 address. Single MX to stacked switches. (ip is just an example)
If I were to add a warm spare would it look like this?
I would also use the Virtual IP method so the .54 still remains the main public ip.
How would using VIP change the configuration of the MX's?
WAN Virtual IPs
VIP addresses are shared by both the primary and warm spare appliance. Inbound and outbound traffic use this address to maintain the same IP address during a failover and reduce disruption. The virtual IPs are configured on the Security & SD-WAN > Monitor > Appliance status page, under the Spare section in the upper-left corner of the page. If two uplinks are configured, a VIP can be configured for each uplink. Each VIP must be in the same subnet as the IP addresses of both appliances for the uplink it is configured for, and it must be unique. In particular, it cannot be the same as either the primary or the warm spare's IP address.
Warm spare configuration window with "Uplink IPs" dropdown set to "Use virtual uplink IPs".
LAN IP addresses are configured based on the appliance IPs in any configured VLANs. No virtual IPs are required on the LAN.
Note: Modifying the IP address of a WAN connection to use a virtual IP address will result in a loss of connectivity on both Internet uplinks for up to 2 minutes. Therefore, it is recommended to make changes during a planned maintenance window to minimize disruption.
Additionally, when using features such as port forwarding and NAT rules, services that direct traffic to the HA pair should be configured with the virtual IP address of the HA pair, not the individual WAN IP addresses of the primary and spare MXs.
This topology should work, but take a look at the recommended topologies.
Are you saying each mx will have a WAN address and a VIP address?
mx 1 wan: x.x.x.54/29, vip: x.x.x.55/29
mx 2(spare) wan x.x.x.57/29, vip: x.x.x.58/29
That diagram looks accurate to me.
Note that I only use a VIP configuration in maybe 10% of my configurations. Most use cases don't require it (the use case being you need the outside world to see a single IP address for outbound traffic no matter what, without VIP they see the IP configured on the MX itself).
Make the first MXs WAN IP .56 and then set the vIP to .54, that's it 🙂