I really think CARP should be added to RouterOS (even 3.x). The synchronization daemon is extremely useful. Even something LIKE CARP where I could just synchronize my filters and load balance between my gateways. Would keep me from having to duplicate everything and less prone to mistakes. What do you say guys?
Thanks!
VRRP and some scripting should do the same.
/Henrik
I like the idea of CARP as well. Hopefully the MT guys can implement it.
Primarily what interests me in this whole CARP thing is three things that could be implemented without having to implement the CARP protocol:
I realize that CARP is for BSD and RouterOS uses linux. So I’m not asking Mikrotik to change over their entire os just for carp and pf (even though I think PF is superior to iptables). How about just implementing these features in some way? Or perhaps trying to use ucarp as a base to start?
Thoughts anyone?
The FortiGate UTM appliances achieve something similar to CARP even though they run Linux and use ASIC’s for packet processing.
See: http://docs.forticare.com/fgt/techdocs/FortiGate_HA_Guide_01-30003-0112-20061020.pdf
on page 23 for an in-depth discussion of the High Availability features used.
I have about 40 or so units running HA, and it works really really well. You don’t need “vrrp” IP addresses, you just select a heatbeat interface and as long as it’s in the same broadcast domain as the other unit it sync’s the config and off it goes. Another great feature is that once it’s in HA you have a single IP address for both units, you effectively just admin one “virtual” cluster by accessing the master unit, and the HA protocol takes care of syncing the config to the secondary unit. It can detect a failed unit when either a interface goes down, or when the heartbeat fails. When the failed unit comes back up, they hold a re-election and the unit with the best priority will win (this is so you can weight it to say Unit1 being master). You can also use a “ping” monitor, which will ping out say eth1 and when it cannot ping the host you have specified it will mark it as down and fail over to the unit that can ping that IP, a great way to actual connectivity to an upstream router.