Hello, i would like to implement a CCR router as firewall/gateway router for our internal network which is 192.168.1.0/24.
I have 2 different ISP connection with different sets of static IP address, and it’s pretty clear to me how to setup a single CCR to use them as failover or load balancing.
Considered that internal LAN gateway is 192.168.1.1 for all clients, is there any way to setup 2 CCR device to work like a cluster for redundancy failover in case one CCR fail?
I’ve read about AS100 model using BGP but that requires 4 routers if i’m not wrong…
In the example reported in the presentation, there are 2 routers connected each to a different ISP.
Do you think it would work if i connect both ISPs to every router using the same technique for VRRP on public addresses, to have both routers simultaneously connected to both ISP ?
That is certainly a possibility. You then have to decide how to deal with certain failure scenarios. e.g. If the power is pulled on R1 then obviously R2 should step up and become the primary IP on all those networks. On the other hand, do you want the possibility of a failure scenario where R2 becomes the primary on one of the ISPs but is still the secondary on the DMZ/LAN (say a sable knocked out by accident)? How you deal with this depends to a large extent on which failure scenarios you wish to protect against. RouterOS does support scripting on VRRP up/down so you can create fairly flexible solutions.
While doing this configuration via VRRP is one possibility, it will give you hardware redundancy as well.. but you can see that the complexity of setting this up to work properly is greatly increased…
Having said that, if you wanted to have a ‘simpler’ way of having your fail-over redundancy… Here is the other way of doing this… all on a single router.
You are right, i haven’t set my goals!!
What i’m trying to accomplish is router redundancy ( if main router goes down or hangs), ISP redundancy (internet navigation and server publishing).
I could publish my webservers, mail servers, FTP servers etc. with 2 different static IP addresses from 2 different ISPs in the DNS.
And of course provide internet navigation redundancy.
If i need some special feature i could use policy routing.
What do you think about this?
There are many ways to do so, but each has it’s own set of challenges…
I suggest you break them down to make things manageable…
The how to details in Tomas’s presentation are excellent since they explain what each setup does.
Depending on your level of expertise and resources, you many want to choose how you approach it, single router with two ISP connections or dual routers, dual ISP Connections with VRRP.
As for inbound redundancy, you will have to do that by using DNS records, and NAT/PAT on each connection, since you are using other ISP’s IP space with a small sub-net from each of them.
