Features request:Config sync,HA services,Firewall state sync

2dfx · October 10, 2014, 9:46pm

Hi!

Sync sections of config between 2 or more routers.
I have 15 routers with same config in ip firewall section.
Some one like this:
/system sync add section=ip-firewall auth=Secret destination=4.4.4.4
HighAvailability services.
You have VRRP for HA. Now we need checkbox services to use it.
Now for up/down DHCP-Relay i need to use script.
foreach i in=[/ip dhcp-relay find disabled=yes] do={
ip dhcp-relay set numbers=$i disabled=no
}
You can do it for DHCP-Server/DHCP-Client/DHCP-Router/DNS/HotSpot/ and other
Firewall state sync
If you use VRRP and one router goes down - all connections will be reconnect…
VRRP Groups.
Group VRRP interfaces and if one fail - all other take state of one.
/User export with hashed password, public ssh key and other.
It’s good way to batch setup and/or simple restore.
Tool to crypt .rsc files
For i can send to user crypted .rsc file for inital config of router.
USB Drivers for Iphone.
I want to use it for WAN redundancy.

Sorry for my bad English

andreacoppini · November 17, 2014, 8:17pm

+1

HA has been a long time coming

klibby · December 22, 2014, 10:43pm

+1 for true HA with config/state sync

We’re currently moving all our venues to redundant pairs of CCRs. As part of that I have been working on a way to emulate this kind of functionality through use of scripts, but this would be great to be able to support natively.

In addition to config & firewall state sync, I would like to see DHCP binding, hotspot user state, etc. sync to create a true HA environment.

brotherdust · January 4, 2015, 5:35am

Who knows they are doing behind the curtain? I surmise that the current implementation is the limiting factor against your feature request. Assuming your requests are implemented, it would require quite a bit of re-architecting from the developer’s standpoint. Why? Because conntrackd (which, I believe is what MikroTik has based their implementation on) wasn’t designed for clustering, much less basic state-transfer.

It might be of use to note that the features you are requesting are, for the most part, already available in an open-source package. Namely, CARP. It’s got a fairly mature code-base, too. The catch? For firewall state transfer and the like, the ancillary functions of pfsync would be required, which requires PF, which is a BSD-only thing. =( It could probably be ported…

andreacoppini · January 4, 2015, 11:10am

Config sync would already be a great start. connstate sync would just be a nice to have.

randomseed · January 7, 2015, 1:00pm

+1 for progress on HA.

tweetyspn · January 11, 2015, 2:26pm

It would be really nice +

magnavox · November 20, 2015, 8:02am

brotherdust:

Who knows they are doing behind the curtain? I surmise that the current implementation is the limiting factor against your feature request. Assuming your requests are implemented, it would require quite a bit of re-architecting from the developer’s standpoint. Why? Because conntrackd (which, I believe is what MikroTik has based their implementation on) wasn’t designed for clustering, much less basic state-transfer.

It might be of use to note that the features you are requesting are, for the most part, already available in an open-source package. Namely, CARP. It’s got a fairly mature code-base, too. The catch? For firewall state transfer and the like, the ancillary functions of pfsync would be required, which requires PF, which is a BSD-only thing. =( It could probably be ported…

+1 for pfsync

Botter · October 19, 2018, 3:54pm

+1 HA Sync

mixig · January 8, 2019, 2:09pm

+1 for HA