Sorry for a newbie question. Want to place a mikrotik (pc) router as a border gateway for a felon network. We need to setup bgp(AS), NAT and pppoe. Can we setup 2 or 3 mikrotik routers with single connection to upstream and load balancing between all of them for redundancy? I.e. Load balance all traffic (and thus NAT and pppoe) between 3, so that if any one will fail, other two will keep the work. idea is to replace the costly Cisco 7600 with several mikrotik routers and cover the risk of failure of a cheap pc router. Hope I explained it correctly)) thank you all in advance.
How many routers are you planning to have speaking BGP with your upstream?
Depending on your network design you could “load balance” or manually distribute PPPoE sessions between multiple routers. That would at least eliminate a single point of failure on the aggregation side. Could you post a diagram of what layout you’re trying to achieve? That’d better assist people in coming up with a solution to your problem.
<img](http://habreffect.ru/124/57fd687d0/scheme.gif"><img) border=“0” src="http://habreffect.ru/files/124/57fd687d0/scheme.gif"/></a>
Which router is going to speaking BGP? Will your provider let you create BGP peering sessions from all three routers?
Refer to this thread regarding redundant PPPoE. You’ll have to route separate customer IP blocks to each PPPoE AC.
Should I have 3 different peering addresses from an upstream for 3 different bgp routers?
If I will get 3 different peering addresses for the full view bgp can I concurrently use all three routers for a single ripe assigned AS? Thank you for your response.
What you need is VRRP. You need:
- to set up vvrp on internal network for redundancy (you can use 2 masters and one slave, but i would suggest using just one master and 2 slaves with different priorities)
- to set up bgp peering sessions on same table (default) on all routers
- to set up IGP with connected, static and full bgp route redistribution (default table) between your 2 routers so that vrrp will work accordingly and you won’t get in a network loop
- if you use only one provider the setup can be done in a matter of days, if you have multiple providers the setup will prove more difficult
- you also need vlans on the upstream switch
It can be done, but if you will have multiple providers get ready for hell, as mikrotik is a lot different from cisco in what is active route and load balancing selection.
You could do something like this to handle inbound BGP redundancy.
http://www.vyatta.org/forum/viewtopic.php?p=4213&sid=0b9f48079b1388c4fb722704ac6221ae
And here’s a sample config to implement that config in MikroTik.
Router 1
/interface vrrp
add interface=ether1 name=vrrp1 vrid=1 priority=254 authentication=ah password=somepass
/ip address
add interface=ether1 address=192.168.111.2/29
add interface=vrrp1 address=192.168.111.4/29
/routing bgp instance
set default as=65001 router-id=192.168.111.2
/routing filter
add chain=set-next-hop locally-originated-bgp=yes set-out-nexthop=192.168.111.4 action=accept
add chain=set-next-hop action=reject comment="Deny any other routes"
/routing bgp peer
add instance=default name=upstream remote-address=192.168.111.1 remote-as=65000 update-source=192.168.111.2 nexthop-choice=propagate out-filter=set-next-hop
/routing bgp network
add network=192.168.110.0/24 synchronize=no
Router 2
/interface vrrp
add interface=ether1 name=vrrp1 vrid=1 priority=100 authentication=ah password=somepass
/ip address
add interface=ether1 address=192.168.111.3/29
add interface=vrrp1 address=192.168.111.4/29
/routing bgp instance
set default as=65001 router-id=192.168.111.3
/routing filter
add chain=set-next-hop locally-originated-bgp=yes set-out-nexthop=192.168.111.4 action=accept
add chain=set-next-hop action=reject comment="Deny any other routes"
/routing bgp peer
add instance=default name=upstream remote-address=192.168.111.1 remote-as=65000 update-source=192.168.111.3 nexthop-choice=propagate out-filter=set-next-hop
/routing bgp network
add network=192.168.110.0/24 synchronize=no