[AusNOG] Mikrotik routers in HA environments

David Walsh davow at onthenet.com.au
Fri Jun 29 12:13:35 EST 2018



> On 26 Jun 2018, at 12:19 pm, Rob Thomas <xrobau at gmail.com> wrote:
> 
> 
> Can a pair of Mikrotik routers be configured for a *reliable* HA scenario ?
> 
>  
> 
> 
> Yep, using VRRP, they work really well. You don't even need any 'tricky' bits - for example, if you bind your BGP to the floating IP address, it won't start the BGP session until the IP address is present.
> 
> One small warning: If you use VRRP (which puts the interface into promiscuous mode), *and* you're using VMware to run them on, *AND* you're using VDS for your switch configuration, you will get duplicate ICMP responses when you ping the routers.
> 
> This is vaguely handwaved away by vmware in https://kb.vmware.com/s/article/2144849 <https://kb.vmware.com/s/article/2144849> as 'expected', and it IS only ICMP, normal TCP and UDP packets seem fine, and it's only to IP addresses that terminate AT the router, not for traffic through it.


Hi Rob,
           I had/have this issue with a virtual PfSense firewall and CARP.   (I am on cisco UCS with 10 Gig connectivity.) 
I had both nics in my VDS as primary. What I did was move one nic to be Standby for the Vds portgroup and that fixed the DUP issue. The redundancy is still there…..you just don’t get to load balance across both nics but with 10 Gig and up, that is not really an issue like it was with 1 Gbps connections.

Cheers,
           David



> 
> So, the quick runthrough is create a VRRP interface, bind it to a physical (or vlan), assign a bogus IP address to each physical interface - I habitually use rfc6598 address space of 100.64.0.0/10 <http://100.64.0.0/10> - and then assign (the same!) floating IP Address to the VRRP interface on both nodes.
> 
> There are VRRP triggers you can run (there's a 'scripts' value) so you can do a webhook or something if the link changes.
> 
> I also recommend the CCR's - theyre' a great piece of hardware.
> 
> --Rob
> 
> 
> 
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20180629/51fdd7c1/attachment.html>


More information about the AusNOG mailing list