Send same income packets to different servers

Hello. We have three separate virtual servers with their respective fixed IP.

Two of them are windows server, and the last one is a virtualized MikroTik router.

The idea is simple, but we don’t know if it’s possible.

We want both windows servers to receive the same packets. That is, that the information reaches the MikroTik IP and is redirected to more than one IP. On the other hand the information can arrive from different ports, and should point to those same ports on the servers.

Currently only one of the servers receives the information, and we did this by creating a rule in Firewall → NAT. We still couldn’t duplicate the delivery to the other server.

And you could ask ¿why would you need this? The idea of ​​this is to be able to do “hot” tests and modifications on one of the servers, without compromising the use of the other server. And also as a kind of RAID 1 style backup of the incoming data.

What can we do?

Simply duplicating ingress packets and delivering them to both servers is not a valid way of creating High Availability cluster. For one, both servers are likely not in sync so they will both try to reply … and client will receive two (slightly) different replies to every packet sent, with difference large enough to trip connection reset at some point. There are a few ways of doing it properly, one of them is using some sort of reverse proxy (e.g. HAproxy) which then ballances connections between available backend servers.

Please explain what service is behind the Windows machines ? What are you trying to accomplish ?
Perhaps NLB between the 2 Windows servers might be a good approach.
The MikroTik then can have a DNAT pointing to the NLB-VIP and NLB will sort it out.

https://learn.microsoft.com/en-us/windows-server/networking/technologies/network-load-balancing