Re: [WISPA] Mikrotik VRRP
Sam I believe the problem you are having here related to the fact that the VRRP aren't synchronized on both sides of your routers. For example: MT1 world fails to MT2, however MT1 still has a valid VRRP for the AP side. Down stream traffic from world actually now is hitting MT2 and proceeds to AP, however the upstream path for AP to the world actually passes through MT1 which has the failed link. Unless there is a process to synchronize the VRRPs you will not be able to get the desired effect. Ideally when MT1 fails, MT2 must become master for all VRRPs. HFC Sam Tetherow wrote: I've been testing out VRRP and it seems to work pretty well if you want to fail over from one machine to another on a single interface. But what I would really like to be able to do is duplicate my MT routers against equipment failure rather than network failure. Example: CPE AP ---+--MT1- + - WORLD | | +--MT2 - + MT1 and MT2 are both routing between AP and the world. AP is 172.16.2.0/24 WORLD is 10.0.0.0/24 MT1 has Internal (AP) address of 172.16.2.1 External (WORLD) address of 10.0.0.1 vrrp1 (AP) address of 172.16.2.254 vrrp2 (WORLD) address of 10.0.0.254 MT2 has: Internal (AP) address of 172.16.2.2 External (WORLD) address of 10.0.0.2 vrrp1 (AP) address of 172.16.2.254 vrrp2 (WORLD) address of 10.0.0.254 172.16.2.0/24 is routed to 10.0.0.254 172.16.2.0 side has a default gateway of 172.16.2.254 When the AP side of MT1 is unplugged MT2 takes over and only a couple of pings are dropped. However if the WORLD side of MT1 is unplugged about 4 pings time out and then I start getting destination unreachable. The VRRP failover works on both sides. If the WORLD side of MT1 is unplugged I can ping 10.0.0.254 and get a response from MT2. But on the internal end of things MT1 is still 172.16.2.254 so I get the host unreachable message. So what I'm really looking for is high availability for the router and I was hoping that VRRP would do the trick. I thought about bridging but at NOC I have several networks that all connect to my main MT router and I really don't want to bridge the traffic. If anyone has a clue, or can definitively say it can't be done with VRRP I would greatly appreciate the help. -- Henry F. Camacho Jr. Unplugged Cities, LLC 800 Washington Ave No Suite 501 Minneapolis, MN 55401 763-235-3005 (Office) 763-257-6898 (Cell) tknightowl (Skype) [EMAIL PROTECTED] (email) www.unpluggedcities.com (www) KC0KUS (Amateur Radio) WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Mikrotik VRRP
You are correct in your analysis. I have testing with a single interface using /tool netwatch to disable/enable the vrrp interfaces. I'm still thinking through the implications. In my scenario I have a single provider so it makes sense to tie netwatch the upstream IP. If it goes away on the primary router I'll shut down all of the vrrp interfaces in hopes that the secondary can still see it. I'm still trying to figure out if there are any gotchas on doing the same thing for the non-upstream interfaces. For instance if I lose a switch port or network card on the MT. Sam Tetherow Sandhills Wireless Henry F. Camacho Jr. wrote: Sam I believe the problem you are having here related to the fact that the VRRP aren't synchronized on both sides of your routers. For example: MT1 world fails to MT2, however MT1 still has a valid VRRP for the AP side. Down stream traffic from world actually now is hitting MT2 and proceeds to AP, however the upstream path for AP to the world actually passes through MT1 which has the failed link. Unless there is a process to synchronize the VRRPs you will not be able to get the desired effect. Ideally when MT1 fails, MT2 must become master for all VRRPs. HFC Sam Tetherow wrote: I've been testing out VRRP and it seems to work pretty well if you want to fail over from one machine to another on a single interface. But what I would really like to be able to do is duplicate my MT routers against equipment failure rather than network failure. Example: CPE AP ---+--MT1- + - WORLD | | +--MT2 - + MT1 and MT2 are both routing between AP and the world. AP is 172.16.2.0/24 WORLD is 10.0.0.0/24 MT1 has Internal (AP) address of 172.16.2.1 External (WORLD) address of 10.0.0.1 vrrp1 (AP) address of 172.16.2.254 vrrp2 (WORLD) address of 10.0.0.254 MT2 has: Internal (AP) address of 172.16.2.2 External (WORLD) address of 10.0.0.2 vrrp1 (AP) address of 172.16.2.254 vrrp2 (WORLD) address of 10.0.0.254 172.16.2.0/24 is routed to 10.0.0.254 172.16.2.0 side has a default gateway of 172.16.2.254 When the AP side of MT1 is unplugged MT2 takes over and only a couple of pings are dropped. However if the WORLD side of MT1 is unplugged about 4 pings time out and then I start getting destination unreachable. The VRRP failover works on both sides. If the WORLD side of MT1 is unplugged I can ping 10.0.0.254 and get a response from MT2. But on the internal end of things MT1 is still 172.16.2.254 so I get the host unreachable message. So what I'm really looking for is high availability for the router and I was hoping that VRRP would do the trick. I thought about bridging but at NOC I have several networks that all connect to my main MT router and I really don't want to bridge the traffic. If anyone has a clue, or can definitively say it can't be done with VRRP I would greatly appreciate the help. WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
