Manual:VRRP-examples: Difference between revisions

From MikroTik Wiki
Jump to navigation Jump to search
No edit summary
 
(19 intermediate revisions by 2 users not shown)
Line 1: Line 1:
<div class=manual>
{{Versions|v3, v4, v5, v6}}
</div>
 
<h2>VRRP Configuration Examples</h2>
 
<p>This section contains several useful VRRP configuration examples</p>
==VRRP Configuration Examples==
<h3>Basic Setup</h3>
 
<p>
This section contains several useful VRRP configuration examples
 
 
===Basic Setup===
 
This is the basic VRRP configuration example.
This is the basic VRRP configuration example.
</p>
 
[[Image:vrrp-basic.png|Basic VRRP example |400px|Basic VRRP example ]]
[[Image:vrrp-basic.png|Basic VRRP example |400px|Basic VRRP example ]]
<p>
 
According to this configuration, as long as the master, R1, is functional, all traffic destined to the external network gets directed to R1. But as soon as R1 fails, R2 takes over as the master and starts handling packets forwarded to the interface associated with IP(R1). In this setup Router R2 is completely idle during Backup period.
According to this configuration, as long as the master, R1, is functional, all traffic destined to the external network gets directed to R1. But as soon as R1 fails, R2 takes over as the master and starts handling packets forwarded to the interface associated with IP(R1). In this setup Router R2 is completely idle during Backup period.
</p>
 
<h4>Configuration</h4>
 
<p>
====Configuration====
 
R1 configuration:
R1 configuration:
<pre>
<pre>
/ip address add address=192.168.1.1/24 interface=ether1
/ip address add address=192.168.1.1/24 interface=ether1
/interface vrrp add interface=ether1 vrid=49 priority=255
/interface vrrp add interface=ether1 vrid=49 priority=254
/ip address add address=192.168.1.1/32 interface=vrrp1
/ip address add address=192.168.1.254/32 interface=vrrp1
</pre>
</pre>
R2 configuration:
R2 configuration:
Line 23: Line 28:
/ip address add address=192.168.1.2/24 interface=ether1
/ip address add address=192.168.1.2/24 interface=ether1
/interface vrrp add interface=ether1 vrid=49
/interface vrrp add interface=ether1 vrid=49
/ip address add address=192.168.1.1/32 interface=vrrp1
/ip address add address=192.168.1.254/32 interface=vrrp1
</pre>
 
 
====Testing====
 
First of all check if both routers have correct flags at vrrp interfaces.
On router R1 it should look like this
<pre>
/interface vrrp print detail
0  RM name="vrrp1" mtu=1500 mac-address=00:00:5E:00:01:31 arp=enabled interface=ether1 vrid=49
        priority=254 interval=1 preemption-mode=yes authentication=none password="" on-backup=""
        on-master="" version=3 v3-protocol=ipv4
</pre>
 
and on router R2:
<pre>
/interface vrrp print detail
0    B name="vrrp1" mtu=1500 mac-address=00:00:5E:00:01:31 arp=enabled interface=ether1 vrid=49
        priority=100 interval=1 preemption-mode=yes authentication=none password=""
        on-backup="" on-master=" version=3 v3-protocol=ipv4
</pre>
 
As you can see vrrp interface mac addresses are identical on both routers.
Now to check if vrrp is working correctly, try to ping virtual address from client and check arp entries:
 
<pre>
[admin@client] > /ping 192.168.1.254
192.168.1.254 64 byte ping: ttl=64 time=10 ms
192.168.1.254 64 byte ping: ttl=64 time=8 ms
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 8/9.0/10 ms
[admin@client] /ip arp> print
Flags: X - disabled, I - invalid, H - DHCP, D - dynamic
#  ADDRESS        MAC-ADDRESS      INTERFACE
...
1 D 192.168.1.254  00:00:5E:00:01:31 bridge1
 
</pre>
</pre>
</p>


<h4>Testing</h4>
Now unplug ether1 cable on router R1. R2 will become VRRP master, ARP table on client will not change but traffic will start to flow over R2 router.
<p>
 
</p>
 
{{ Note | In case VRRP is used with Reverse Path Filtering, then it is recommended that <code>rp-filter</code> is set to <code>loose</code>, otherwise the VRRP interface might not be reachable. }}
 
===Load sharing===


<h3>Load sharing</h3>
In the basic configuration example, R2 is completely idle during Backup state. This behaviour may be considered as a waste of valuable resources. In such circumstances R2 router can be set as the gateway for some clients. <br/>
<p>
In basic configuration example R2 is completely idle during Backup state. This behavior may be considered as waste of valuable resources. In such circumstances R2 router can be set as gateway for some clients. <br/>
The obvious advantage of this configuration is the establishment of a load-sharing scheme. But by doing so R2 router is not protected by current VRRP setup.<br/>
The obvious advantage of this configuration is the establishment of a load-sharing scheme. But by doing so R2 router is not protected by current VRRP setup.<br/>
To make this setup work we need two virtual routers.  
To make this setup work we need two virtual routers.  


</p>
[[Image:vrrp-load-sharing.png|VRRP load sharing example |400px|VRRP load sharing example ]]
[[Image:vrrp-load-sharing.png|VRRP load sharing example |400px|VRRP load sharing example ]]
<p>
Configuration for V1 virtual router will be identical to configuration in basic example, but V2 Owner router will be R2.
</p>


<h4>Configuration</h4>
Configuration for V1 virtual router will be identical to configuration in basic example - R1 is the Master and R2 is Backup router. In V2 Master is R2 and Backup is R1.<br/>
<p>
With this configuration, we establish load-sharing between R1 and R2; moreover, we create a protection setup by having two routers acting as backups for each other.
 
 
====Configuration====
 
R1 configuration:
R1 configuration:
<pre>
<pre>
/ip address add address=192.168.1.1/24 interface=ether1
/ip address add address=192.168.1.1/24 interface=ether1
/interface vrrp add interface=ether1 vrid=49 priority=255
/interface vrrp add interface=ether1 vrid=49 priority=254
/interface vrrp add interface=ether1 vrid=77  
/interface vrrp add interface=ether1 vrid=77  
/ip address add address=192.168.1.1/32 interface=vrrp1
/ip address add address=192.168.1.253/32 interface=vrrp1
/ip address add address=192.168.1.2/32 interface=vrrp2
/ip address add address=192.168.1.254/32 interface=vrrp2
</pre>
</pre>
R2 configuration:
R2 configuration:
Line 57: Line 99:
/ip address add address=192.168.1.2/24 interface=ether1
/ip address add address=192.168.1.2/24 interface=ether1
/interface vrrp add interface=ether1 vrid=49
/interface vrrp add interface=ether1 vrid=49
/interface vrrp add interface=ether1 vrid=77 priority=77
/interface vrrp add interface=ether1 vrid=77 priority=254
/ip address add address=192.168.1.1/32 interface=vrrp1
/ip address add address=192.168.1.253/32 interface=vrrp1
/ip address add address=192.168.1.2/32 interface=vrrp2
/ip address add address=192.168.1.254/32 interface=vrrp2
</pre>
 
 
 
===VRRP without Preemption===
 
Each time when the router with a higher priority becomes available it becomes the Master router. Sometimes this is not the desired behaviour and can be turned off by setting <code>preemption-mode=no</code> in vrrp configuration.
 
 
====Configuration====
 
We will be using the same setup as in [[#Basic_Setup|basic example]]. Only difference is during configuration set preemption-mode=no.
It can be done easily by modifying the existing configuration:
<pre>
/interface vrrp set [find] preemption-mode=no
</pre>
</pre>
</p>




[[Category:Manual]]
====Testing====
[[Category:Unfinished]]
 
Try turning off R1 router, R2 will become Master router because it has the highest priority among available routers.
 
Now turn R1 router on and you will see that R2 router continues to be the Master even if R1 has the higher priority.
 
 
===VRRP and scripts===
 
 
====Configuration====
 
 
==See Also==
<ul class="bullets">
<li>[[VRRP]]
<li>[[Scripting]]
</ul>
 
 
{{cont}}
 
[[Category:Manual|V]]
[[Category:Interface|V]]
[[Category:Examples|V]]

Latest revision as of 11:39, 22 May 2018

Version.png

Applies to RouterOS: v3, v4, v5, v6


VRRP Configuration Examples

This section contains several useful VRRP configuration examples


Basic Setup

This is the basic VRRP configuration example.

Basic VRRP example

According to this configuration, as long as the master, R1, is functional, all traffic destined to the external network gets directed to R1. But as soon as R1 fails, R2 takes over as the master and starts handling packets forwarded to the interface associated with IP(R1). In this setup Router R2 is completely idle during Backup period.


Configuration

R1 configuration:

/ip address add address=192.168.1.1/24 interface=ether1
/interface vrrp add interface=ether1 vrid=49 priority=254
/ip address add address=192.168.1.254/32 interface=vrrp1

R2 configuration:

/ip address add address=192.168.1.2/24 interface=ether1
/interface vrrp add interface=ether1 vrid=49
/ip address add address=192.168.1.254/32 interface=vrrp1


Testing

First of all check if both routers have correct flags at vrrp interfaces. On router R1 it should look like this

/interface vrrp print detail
 0   RM name="vrrp1" mtu=1500 mac-address=00:00:5E:00:01:31 arp=enabled interface=ether1 vrid=49 
        priority=254 interval=1 preemption-mode=yes authentication=none password="" on-backup="" 
        on-master="" version=3 v3-protocol=ipv4

and on router R2:

/interface vrrp print detail
 0    B name="vrrp1" mtu=1500 mac-address=00:00:5E:00:01:31 arp=enabled interface=ether1 vrid=49 
        priority=100 interval=1 preemption-mode=yes authentication=none password=""
        on-backup="" on-master=" version=3 v3-protocol=ipv4

As you can see vrrp interface mac addresses are identical on both routers. Now to check if vrrp is working correctly, try to ping virtual address from client and check arp entries:

[admin@client] > /ping 192.168.1.254
192.168.1.254 64 byte ping: ttl=64 time=10 ms
192.168.1.254 64 byte ping: ttl=64 time=8 ms
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 8/9.0/10 ms
[admin@client] /ip arp> print
Flags: X - disabled, I - invalid, H - DHCP, D - dynamic
 #   ADDRESS         MAC-ADDRESS       INTERFACE
 ...
 1 D 192.168.1.254   00:00:5E:00:01:31 bridge1

Now unplug ether1 cable on router R1. R2 will become VRRP master, ARP table on client will not change but traffic will start to flow over R2 router.


Icon-note.png

Note: In case VRRP is used with Reverse Path Filtering, then it is recommended that rp-filter is set to loose, otherwise the VRRP interface might not be reachable.


Load sharing

In the basic configuration example, R2 is completely idle during Backup state. This behaviour may be considered as a waste of valuable resources. In such circumstances R2 router can be set as the gateway for some clients.
The obvious advantage of this configuration is the establishment of a load-sharing scheme. But by doing so R2 router is not protected by current VRRP setup.
To make this setup work we need two virtual routers.

VRRP load sharing example

Configuration for V1 virtual router will be identical to configuration in basic example - R1 is the Master and R2 is Backup router. In V2 Master is R2 and Backup is R1.
With this configuration, we establish load-sharing between R1 and R2; moreover, we create a protection setup by having two routers acting as backups for each other.


Configuration

R1 configuration:

/ip address add address=192.168.1.1/24 interface=ether1
/interface vrrp add interface=ether1 vrid=49 priority=254
/interface vrrp add interface=ether1 vrid=77 
/ip address add address=192.168.1.253/32 interface=vrrp1
/ip address add address=192.168.1.254/32 interface=vrrp2

R2 configuration:

/ip address add address=192.168.1.2/24 interface=ether1
/interface vrrp add interface=ether1 vrid=49
/interface vrrp add interface=ether1 vrid=77 priority=254
/ip address add address=192.168.1.253/32 interface=vrrp1
/ip address add address=192.168.1.254/32 interface=vrrp2


VRRP without Preemption

Each time when the router with a higher priority becomes available it becomes the Master router. Sometimes this is not the desired behaviour and can be turned off by setting preemption-mode=no in vrrp configuration.


Configuration

We will be using the same setup as in basic example. Only difference is during configuration set preemption-mode=no. It can be done easily by modifying the existing configuration:

/interface vrrp set [find] preemption-mode=no


Testing

Try turning off R1 router, R2 will become Master router because it has the highest priority among available routers.

Now turn R1 router on and you will see that R2 router continues to be the Master even if R1 has the higher priority.


VRRP and scripts

Configuration

See Also


[ Top | Back to Content ]