Configure router Hot Backup Using RouterOSVRRP

Article Title: Use RouterOSVRRP to configure router hot backup. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

Sometimes, to ensure the stability and reliability of our network, we may apply for two egress links or use one egress link to connect to the firewall and then connect two RouterOS for hot backup routing. When the primary router (ros) when a function fails, VRRP (virtual router redundancy protocol, RFC2338) is taken over by another router (ros B. By setting a vro as the default router, you can continue to communicate when the router fails.

To configure a vro. In actual operation, either of the two routers is the primary router, which simulates the virtual router. The backup router monitors the status of the master router. Once the primary router fails, the backup router immediately enters the primary router status to simulate the virtual router.

The IP address is assigned to the vro. The server with the specified vro IP address as the default vro will not be aware of the master router switching and continue normal communication.

Set VRRP using RouterOS as follows:

The following example shows how to configure VRRP on the two routers. the router must have an initial configuration: the interface (LAN) configuration is valid, and the master and backup router interfaces (LAN) there is an appropriate IP address (note that either of the two router interfaces should have an IP address), and the route table is correctly set (it should have at least one default route ). SRC-NAT should also be configured correctly before.

We assume that the interface (LAN) 10.10.10.0/24 network is connected to all the VRRP primary and backup routers in the local area.

We need to set the LAN port IP address of the primary VRRP router to 10.10.10.1/24 and the LAN port IP address of the backup VRRP backup router to 10.10.10.2/24, test whether the LAN port gateway of the router with the master or backup RouterOS can access the Internet.

Next we will configure the gateway generated by the VRRP simulated virtual router to 10.10.10.3/24 to connect to the client or layer-3 Switch and access the internet.

1. Configure the Master VRRP router (Master router)

First, we should create a VRRP route on this vro. Assume that the priority of this router is 255, because it should be the preferred router. Note: Priority (INTEGER: 0 ...... 255; default: 100)-the priority of the current node (a greater value indicates a higher priority) 255-RFC requires that the priority assigned to the master router be the interval (meaning the time interval) below 255) (INTEGER: 0 ...... 255; default value: 1)-VRRP update interval per second. Defines the frequency at which the clustered Master sends VRRP ad packets. That is, when the backup router fails to receive advertisement data packets from the primary router after more than one second, the backup router will replace the primary router.

[Admin @ MikroTik] ip vrrp> add interface = LAN priority = 255 [admin @ MikroTik] ip vrrp> print Flags: X-disabled, I-invalid, M-master, b-backup 0 M name = \ "vr1 \" interface = LAN vrid = 1 priority = 255 interval = 1 preemption-mode = yes authentication = none password = \ "\" on- backup = \ "\" on-master = \"\"

[Admin @ MikroTik] ip vrrp>

Note: LAN is your LAN Card Name, that is, the local Nic

Next, the virtual ip address should be added to this VRRP route [admin @ MikroTik] ip vrrp> address add address = 10.10.10.3/24 \\\\...... Virtual-router = vr1 [admin @ MikroTik] ip vrrp> address print Flags: X-disabled, A-active # address network broadcast VIRTUAL-ROUTER 0 10.10.10.10.3/24 10.10.10.0 10.10.10.255 vr1

[Admin @ MikroTik] ip vrrp>

This address should appear in the/ip address list: [admin @ MikroTik] ip address> print Flags: X-disabled, I-invalid, d-dynamic # address network broadcast interface 0 10.0.0.1/24 10.0.0.0 10.0.0.255 WAN 1 10.10.10.1/24 10.10.10.0 10.10.10.255 LAN 2 D 10.10.10.3/24 10.10.10.10.0 10.10.10.255 LAN

[Admin @ MikroTik] ip address>

Second, configure the backup VRRP router. Now we create a VRRP route with a low priority (we can use the default value 100). This router will be used as the backup of the preferred router.

[Admin @ MikroTik] ip vrrp> add interface = LAN [admin @ MikroTik] ip vrrp> print Flags: X-disabled, I-invalid, M-master, b-backup 0 B name = \ "vr1 \" interface = local vrid = 1 priority = 100 interval = 1 preemption-mode = yes authentication = none password = \ "\" on- backup = \ "\" on-master = \"\"

[Admin @ MikroTik] ip vrrp>

Now we should add this virtual address, just like adding it to the master node: [admin @ MikroTik] ip vrrp> address add address = 10.10.10.3/24 \\\\...... Virtual-router = vr1 [admin @ MikroTik] ip vrrp> address print Flags: X-disabled, A-active # address network broadcast VIRTUAL-ROUTER 0 10.10.10.10.3/24 10.10.10.0 10.10.10.255 vr1

[Admin @ MikroTik] ip vrrp>

Note that this address will not appear in the/ip address list: [admin @ MikroTik] ip address> print Flags: X-disabled, I-invalid, d-dynamic # address network broadcast interface 0 10.0.0.100/24 10.0.0.0 10.0.0.255 WAN 1 10.10.10.2/24 10.10.10.0 10.10.10.255 LAN

[Admin @ MikroTik] ip address>

Third, test our configuration results

Now, we will disconnect the master route (we can disconnect the network cable of the LAN port during the test). At this time, one of the backup routes will be switched to the master status, that is, the Intranet will be connected through the backup router. When the primary VRRP router is restored, the backup router will be restored and the primary router will be taken over:

[Admin @ MikroTik] ip vrrp> print Flags: X-disabled, I-invalid, M-master, b-backup 0 M name = \ "vr1 \" interface = LAN vrid = 1 priority = 100 interval = 1 preemption-mode = yes authentication = none password = \ "\" on- backup = \ "\" on-master = \"\"

[Admin @ MikroTik] ip vrrp>/ip address print Flags: X-disabled, I-invalid, d-dynamic # address network broadcast interface 0 10.0.0.100/24 10.0.0.0 10.0.0.255 WAN 1 10.10.10.10.2/24 10.10.10.0 10.10.10.255 LAN 2 D 10.10.10.3/24 10.10.10.10.0 10.10.10.255 LAN

[Admin @ MikroTik] ip vrrp>