Redundancy implementation

legba · April 24, 2011, 3:46pm

Hi,
i am trying to implement some redundancy:)
Please correct what you think is wrong. Thanks for any suggestion.

All below is in testing lab. There will be different IP addresses in production .

As You can see on the diagram…
We have 2 PPPoE servers connected to a switch serving clients PPPoE simultaneously.
If one fails - second one takes all work.
Public ip addres distribution is done via OSPF.

We have also 2 main routers OSPF R0 and R1.
Preferred is R0.

These 2 routers - have VRRP set up 192.168.69.250 - as the MAIN ROUTER can do static routing to public ip addresses that have clients connected via PPPoE.
VRRP Master prefered R0.

R0 and R1 have default route pointing to MAIN ROUTER 192.168.69.1

MAIN ROUTER have static routing 10.0.4.0/24 via 192.168.69.250.

Is OSPF config good enough ? What can be done better ?
Thanks for any suggestions.

Config of OFPS from BRAS-0 below

/routing ospf instance
set ospf10 comment="" disabled=no distribute-default=never in-filter=ospf-in metric-bgp=auto metric-connected=20 metric-default=1 metric-other-ospf=auto \
    metric-rip=20 metric-static=20 name=ospf10 out-filter=ospf-out redistribute-bgp=no redistribute-connected=as-type-1 redistribute-other-ospf=no \
    redistribute-rip=no redistribute-static=no router-id=0.0.0.0
add comment="" disabled=no distribute-default=never in-filter=ospf-in metric-bgp=auto metric-connected=20 metric-default=1 metric-other-ospf=auto metric-rip=\
    20 metric-static=20 name=ospf100 out-filter=ospf-out redistribute-bgp=no redistribute-connected=as-type-1 redistribute-other-ospf=no redistribute-rip=no \
    redistribute-static=no router-id=0.0.0.0
/routing ospf area
set backbone area-id=0.0.0.0 comment="" disabled=yes instance=ospf10 name=backbone type=default
add area-id=0.0.0.1 comment="" disabled=no instance=ospf10 name=local_10 type=default
add area-id=0.0.2.0 comment="" disabled=no instance=ospf100 name=local_100 type=default
/routing ospf interface
add authentication=none authentication-key="" authentication-key-id=1 comment="" cost=100 dead-interval=5s disabled=no hello-interval=1s instance-id=0 \
    interface=WAN network-type=point-to-point passive=no priority=1 retransmit-interval=5s transmit-delay=1s use-bfd=no
add authentication=none authentication-key="" authentication-key-id=1 comment="" cost=10 dead-interval=5s disabled=no hello-interval=1s instance-id=0 \
    interface=ether2 network-type=point-to-point passive=no priority=1 retransmit-interval=5s transmit-delay=1s use-bfd=no
/routing ospf network
add area=local_10 comment="" disabled=no network=10.20.20.0/24
add area=local_100 comment="" disabled=no network=10.100.100.0/24

Config of OFPS from R1 below

/routing ospf instance
set 10.10 comment="" disabled=no distribute-default=always-as-type-1 in-filter=ospf-in metric-bgp=auto metric-connected=0 metric-default=1 metric-other-ospf=\
    auto metric-rip=0 metric-static=0 name=10.10 out-filter=ospf-out redistribute-bgp=no redistribute-connected=as-type-2 redistribute-other-ospf=no \
    redistribute-rip=no redistribute-static=no router-id=0.0.0.0
/routing ospf area
set backbone area-id=0.0.0.0 comment="" disabled=yes instance=10.10 name=backbone type=default
add area-id=0.0.0.1 comment="" disabled=no instance=10.10 name=local_10 type=default
/routing ospf interface
add authentication=none authentication-key="" authentication-key-id=1 comment="" cost=100 dead-interval=5s disabled=no hello-interval=1s instance-id=0 \
    interface=ether5 network-type=point-to-point passive=no priority=1 retransmit-interval=5s transmit-delay=1s use-bfd=no
/routing ospf network
add area=local_10 comment="" disabled=no network=10.20.20.0/24

VRRP and ip config from R0

/interface vrrp
add arp=enabled authentication=simple comment="" disabled=no interface=WAN \
    interval=1 mtu=1500 name=vrrp1 on-backup="" on-master="" password=1234 \
    preemption-mode=yes priority=100 vrid=1

[admin@MikroTik] /interface vrrp> /ip address print 
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         BROADCAST       INTERFACE                                                                                              
 0   10.100.100.1/24    10.100.100.0    10.100.100.255  ether1                                                                                                 
 1   192.168.69.223/24  192.168.69.0    192.168.69.255  WAN                                                                                                    
 2   192.168.69.250/32  192.168.69.250  192.168.69.250  vrrp1

VRRP config from R1

/interface vrrp
add arp=enabled authentication=simple comment="" disabled=no interface=ether1 interval=1 mtu=1500 name=vrrp1 on-backup="" on-master="" password=1234 \
    preemption-mode=yes priority=1 vrid=1

fewi · April 24, 2011, 5:17pm

I don’t understand why you need VRRP. It’s a first hop redundancy protocol for hosts that can’t use a routing protocol for link failover and redundancy. OSPF should work fine int that segment and keep things easier. You have a routing protocol, so don’t route statically.

Otherwise I guess the obvious improvement would be to add another Internet feed, and another Internet router.

wpeople · April 24, 2011, 6:01pm

if RB1100(AH) can do the job, why not daisy-chan a pair of them?

Like: switch-RB1100(primary)-RB1100(secondary)

Primary is connecting to switch with E11 and Secondary is connected to E12

if Primary is (physically) fails, E11 and E12 got cross-connected, so switch think Secondary is connected directly.

or, it’s also possible to both routerboards connects to same LAN(s) - the second would watch the first, and pick up services in case of failure (with netwatch or other scripts)

legba · April 25, 2011, 9:15am

@fewi : MAIN Router is Vyatta runing bgp on 3 peers - and i could make ospf instead of using vrrp. I would say that i even should:).
But vrrp is much easier / faster.
I set up on main router ie. → ip r a 178.200.216.0/22 via IP_ADDRES_OF_VRRP
and it is done .
If R0 goes down - R1 takes its job.

When we will be implementing redundancy of or main router it will require ospf and iBGP.

@wpeople: i am sorry but i do not understand your idea

wpeople · April 25, 2011, 9:38am

legba:

i recommend to solutions:

rb1100 have physical failover ports - in case of hardware failover (powerdown) - eth11 and eth12 working as a simple cable if needed.
so, if R0 is working, it’s eth12 is disabled (therefore R1 is not receiving data) - if not working, R1 is going to be connect to switch
both routerboard is connected to the switch.
R0 is running on 172.16.0.1 ip (and other IPs as well) - and running the PPPoE server, R1 is running with 172.16.0.2 ip, and PPPoE server is disabled. If R1 cannot ping R0 (for example with netwatch) it would pick up R0’s external and internal IPs, and start PPPoE server too.