I am looking to find out how anyone is using pair of devices (probably CCR) setup to provide a single hotspot. How do you sync the user info and session state between them so that there is a near seamless experience for users should a failover occur? And do you have any nice ways of creating users and printing vouchers on-the-fly (push a button and a new ticket comes out of a small printer)?
Many thanks.
That’s a tough topic.
You cannot VRRP the gateway because it will not work nicely with the hotspot daemon, You can’t run them in parallel with two different IPs otherwise the customers need to reconnect in case of failure.
My solution was:
Active/Passive design, Netwatch on the slave to bring up/down the hotspot interface (with same MAC address to avoid ARP re-resolution), User database in an external radius server, MAC authentication.
The migration is quite seamless (few packet drops) but ofc the MAC authentication is not the strongest auth method out there.
Another solution could be using API, but the amount of coding work wasn’t worth the improvement I would get against the solution I adopted.
Sounds pretty good, thanks. Could you post the script you use, please? Also, which RADIUS server are you using?
Thanks.
Actually, instead of netwatch, I used the VRRP functionality to have an “heartbeat” like functionality. Basically the VRRP interface checks the status of the other side and triggers a script to enable disable the hotspot interface (in my case they are in a bridge interface)
/interface bridge
add name=br-guests-505 protocol-mode=none
add name=br-gateway-551 protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] name=eth1-traffic
/interface vlan
add interface=eth1-traffic name=vlan-guests-505 vlan-id=505
add interface=eth1-traffic name=vlan-gateway-551 vlan-id=551
add interface=eth1-traffic name=vlan-hb-550 vlan-id=550
/interface vrrp
add interface=vlan-hb-550 name=vrrp-hb on-backup="{/interface bridge disable [find];}" on-master="{/interface bridge enable [find];}" priority=200 vrid=11
/ip address
add address=10.18.29.1/29 interface=br-gateway-551
add address=10.18.60.1/19 interface=br-guests-505
add address=10.18.28.154/29 interface=vlan-hb-550
add address=10.18.28.153 interface=vrrp-hb
On the slave device i duplicate the same config, change the vlan-hb-550 IP and put a lower priority on VRRP.
As Radius, I use freeradius, but Mikrotik Usermanager can do the trick perfectly.
Very nice. Thanks for the help there!