[AusNOG] Mikrotik routers in HA environments
Rob Thomas
xrobau at gmail.com
Tue Jun 26 12:19:11 EST 2018
>
>
> Can a pair of Mikrotik routers be configured for a **reliable** HA
> scenario ?
>
>
>
Yep, using VRRP, they work really well. You don't even need any 'tricky'
bits - for example, if you bind your BGP to the floating IP address, it
won't start the BGP session until the IP address is present.
One small warning: If you use VRRP (which puts the interface into
promiscuous mode), *and* you're using VMware to run them on, *AND* you're
using VDS for your switch configuration, you will get duplicate ICMP
responses when you ping the routers.
This is vaguely handwaved away by vmware in
https://kb.vmware.com/s/article/2144849 as 'expected', and it IS only ICMP,
normal TCP and UDP packets seem fine, and it's only to IP addresses that
terminate AT the router, not for traffic through it.
So, the quick runthrough is create a VRRP interface, bind it to a physical
(or vlan), assign a bogus IP address to each physical interface - I
habitually use rfc6598 address space of 100.64.0.0/10 - and then assign
(the same!) floating IP Address to the VRRP interface on both nodes.
There are VRRP triggers you can run (there's a 'scripts' value) so you can
do a webhook or something if the link changes.
I also recommend the CCR's - theyre' a great piece of hardware.
--Rob
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20180626/bff62c99/attachment.html>
More information about the AusNOG
mailing list