Mikrotik, servers and failover

billr · November 1, 2007, 9:21pm

Maybe a strange question, but we need to improve our Mikrotik system.

Is it possible to run MT on (say) a dual blade system with failover - so each is mirrored, and if one fails the other takes over?

Or is there another configuration option - dual servers with failover.

Our problem is the MT server takes all our in and out network traffic and if it fails our entire network fails, so we need at least single redundancy.

I hope this is not a silly question; please explain if it is …

Cheers, Bill

Letni · November 2, 2007, 12:08am

I think you are looking for VRRP (Virtual Router Redundancy Protocol)
http://www.mikrotik.com/testdocs/ros/2.9/ip/vrrp.php

billr · November 2, 2007, 8:39am

Thanks for this - but unfortunately we have a number of VLANS.

The VRRP as implimented in MT says it does not support VLANS.
Is there a work around for this?

Cheers, Bill

billr · November 2, 2007, 9:18am

I have a further question if we operate two mirrored servers, one as master and one as backup.

I would assume that as each server is running MT, we would need a licence for EACH server that we ran?
So if we had two servers, a master and a backup, this is obviously TWO licences?

Many thanks again..

Diganet · November 2, 2007, 11:11am

All it says is that you can’t run VRRP on a VLAN interface, however you could run it on normal interfaces like dedicating a NIC on each box for this

/Henrik

billr · November 2, 2007, 11:33am

I wondered if that was an answer.

Many thanks.

Cheers, Bill

uk52rob · November 2, 2007, 3:09pm

Sorry if this is a silly question, but is this as simple as copying the profile of one MT box to another and setting up ONE VRRP IP address on a single interface of each box?

Thanks

billr · November 3, 2007, 8:42am

Anyone comment please?

ALSO - can someone comment to my question, that if we are running two mirrored MT servers then we need two licences? Or not?

Cheers, Bill

GuJack20 · November 3, 2007, 10:35am

For the licenses im sure that you will need 2 licenses,cause they are 2 independent routers

galaxynet · November 3, 2007, 2:02pm

billr -
Yes - you need two licenses - the routers would be two different router boxes. You wouldn’t want them in the same box anyway - what if the nic failed…?

Yes you can use VVRP, IF your front end interface is NOT using a VLAN. Front end = ‘public interface’ which is what I have to assume is where you are getting your Internet feed from.

If your front end interface is on a VLAN then the only way to do a failover would be with some pretty creative script writing for the MT boxes…might be possible w/RIP / BGP /OFSP routing protocols…haven’t tried that myself (using RIP / BGP / OFSP for failover).

billr · November 10, 2007, 11:28am

Hmmm..

Thanks for the info..

Our ‘front end’ ie public interface is a leased line and a bonded adsl pair of lines.
Neither of these use VLANS.
However we have a number of VLANS on our network.

Am I right in assuming we can use VLANS therefore inside our network?

uk52rob who is my partner in crime may be able to clarify this.

Cheers, Bill

galaxynet · November 10, 2007, 1:02pm

billr -
Well as long as that front end is just ‘standard’ tcp / udp then VVRP should work just fine for you. Bonded dsl and a lease line - you must be using dsl for failover or ‘low’ priority traffic… I don’t see any problem with using VVRP with your setup as you have described it. VLANS on the ‘inside’ should not be a problem…

billr - you know the worst case here would be that you’d have to use 3 MT boxes… First on the inside to handle the VLANS, then point it to the 2 VVRP MT boxes which would not have VLAN on either interface… An ‘older’ cpu at say 500mhz or better, would do everthing and still handle full duplex network speeds. So your worst case is still a pretty ‘cheap’ option.

billr · November 10, 2007, 7:07pm

Well that sounds good

We are seriously considering upgrading to some professional server grade kit (not just stuff that fell of the back of a lorry ..)

The only (ha!) problem is dealing with the VLANS.

Thanks for the advice.

billr · November 11, 2007, 9:00am

Actually to clarify things we have a ‘slow’ leased line and fast bonded adsl and use the bonded adsl for the bulk of our traffic.. It may seem the wrong way round but there are reasons..

We failover to the leased line when (note I say when) the adsl falls over - which it does once in a while..

Cheers and thanks for the advice.

billr · November 11, 2007, 9:01am

But (sorry) I should add, we are considering upgrading the leased line and doing things the way you surmised )

galaxynet · November 11, 2007, 2:39pm

billr -
Ok - well then when you get some type of config thrown together give us all a gander we’ll help you get it right if necessary…

Nothing wrong with using dsl lines as the primary…I have had to do that in a few places, and I using bonding to do it as it provides ‘built-in’ failover. I use MT boxes as the bonded routers for the dsl lines on both ends. That way when one line fails, the router knows it and ‘switches’ everything over to the remaining dsl lines…

Cheers!