You are correct in your analysis. I have testing with a single
interface using /tool netwatch to disable/enable the vrrp interfaces.
I'm still thinking through the implications. In my scenario I have a
single provider so it makes sense to tie netwatch the upstream IP. If
it goes away on the primary router I'll shut down all of the vrrp
interfaces in hopes that the secondary can still see it. I'm still
trying to figure out if there are any gotchas on doing the same thing
for the non-upstream interfaces. For instance if I lose a switch port
or network card on the MT.
Sam Tetherow
Sandhills Wireless
Henry F. Camacho Jr. wrote:
> Sam
>
> I believe the problem you are having here related to the fact that the
> VRRP aren't synchronized on both sides of your routers.
>
> For example:
>
> MT1 world fails to MT2, however MT1 still has a valid VRRP for the AP side.
>
> Down stream traffic from world actually now is hitting MT2 and proceeds
> to AP, however the upstream path for AP to the world actually passes
> through MT1 which has the failed link.
> Unless there is a process to synchronize the VRRPs you will not be able
> to get the desired effect.
>
> Ideally when MT1 fails, MT2 must become master for all VRRPs.
>
> HFC
>
> Sam Tetherow wrote:
>
>> I've been testing out VRRP and it seems to work pretty well if you want
>> to fail over from one machine to another on a single interface. But
>> what I would really like to be able to do is duplicate my MT routers
>> against equipment failure rather than network failure.
>>
>> Example:
>>
>> CPE ---- AP ---+------MT1----- + ----- WORLD
>> | |
>> +------MT2 ----- +
>>
>> MT1 and MT2 are both routing between AP and the world.
>> AP is 172.16.2.0/24
>> WORLD is 10.0.0.0/24
>> MT1 has
>> Internal (AP) address of 172.16.2.1
>> External (WORLD) address of 10.0.0.1
>> vrrp1 (AP) address of 172.16.2.254
>> vrrp2 (WORLD) address of 10.0.0.254
>>
>> MT2 has:
>> Internal (AP) address of 172.16.2.2
>> External (WORLD) address of 10.0.0.2
>> vrrp1 (AP) address of 172.16.2.254
>> vrrp2 (WORLD) address of 10.0.0.254
>>
>> 172.16.2.0/24 is routed to 10.0.0.254
>> 172.16.2.0 side has a default gateway of 172.16.2.254
>>
>> When the AP side of MT1 is unplugged MT2 takes over and only a couple
>> of pings are dropped. However if the WORLD side of MT1 is unplugged
>> about 4 pings time out and then I start getting destination unreachable.
>>
>> The VRRP failover works on both sides. If the WORLD side of MT1 is
>> unplugged I can ping 10.0.0.254 and get a response from MT2. But on the
>> internal end of things MT1 is still 172.16.2.254 so I get the host
>> unreachable message.
>>
>> So what I'm really looking for is high availability for the router and I
>> was hoping that VRRP would do the trick. I thought about bridging but
>> at NOC I have several networks that all connect to my main MT router and
>> I really don't want to bridge the traffic.
>>
>> If anyone has a clue, or can definitively say it can't be done with VRRP
>> I would greatly appreciate the help.
>>
>>
>>
>
>
--------------------------------------------------------------------------------
WISPA Wants You! Join today!
http://signup.wispa.org/
--------------------------------------------------------------------------------
WISPA Wireless List: [email protected]
Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless
Archives: http://lists.wispa.org/pipermail/wireless/
