Hey Everyone,
Quick question about the proper way to setup a fault tolerant router. Basically suppose I have an internet connection that comes in via Ether1. I have a single public IP assigned via DHCP to that interface. I would like to have a set of two MikroTiks running such that if one fails the second will take over the lease and then start to work. What would be the proper way to set this up?
I suppose I’m asking if there is a way to use VRRP to do this with a single public IP?
-Eric
VRRP won’t do this on it’s own. You’d probably have to script the DHCP lease renewal, and use VRRP internally.
I don’t see any good and universally usable way how to do this.
Plain VRRP fails miserably. RouterOS will happily allow DHCP client to use VRRP interface, that’s not a problem. But when it actually acquires the address and adds it to VRRP interface, it confuses the other router, because suddenly addresses don’t match. So the backup drops out, promotes itself to master, acquires the same address, realizes that it should not be a master, becomes backup, loses the address and all over again.
Using VRRP just to elect master router and script DHCP client enable/disable on physical interface works, but there’s a problem with MAC addresses. Each router uses different one and so regular DHCP server doesn’t see them as one and gives them different addresses. And you can’t set the same MAC address for interfaces on both routers. It’s possible to use client id instead of MAC and it works, but it needs DHCP server specifically configured for that.
If it can’t be done, then the solution could be virtual ethernet interfaces attached to physical interfaces of both routers. DHCP client would use those, and both would (and could) have the same MAC, because only one of them would be active at a time. Unfortunately, RouterOS does not have such virtual interfaces. You can however misuse VRRP as virtual interface. So each router would have two, one always enabled for electing master and second as virtual interface, which would be active only on one router at a time. I tested it, it actually works, but it’s a really ugly hack.
I’m interested if there are some better ideas. 
Why couldn’t I set the Mac address on the ether1 of the second router to the same as the ether1 on the first router… use the scripts to allow only one to be active at a time and run VRRP on the internal interfaces?
Well, you can do that. Maybe I was overthinking it, but in my defense, it was an interesting thing to play with. This way with VRRP on LAN, it won’t detect a problem on WAN (disconnected or broken cable, burned out interface, …), but you can add gateway IP to Netwatch and lower VRRP priority when not available and it will take care of it too.
One other note, I’m unsure why the MAC would need to be the same on both WAN interfaces. I used to have a Virgin Media (UK) DOCSIS modem, and it would assign an IP to any MAC requesting it (Limited to one IP). The IP would change however.
The mac would need to be the same because of FIOS. When you get an IP from a specific mac your connection is “locked” to that IP until you either release it OR about 12 hours… so if the router A “dies” it obviously wouldn’t release the IP… thus the only functional fix is to have the same mac on the second router.
I think I may need to set this up virtually to test it… Thanks all.
-Eric
Hello,
Just wondering if you were able to get this working, and if so, could you provide some details about how it was done please?
thank you
Joe