I propose to have two Mikrotik routers, one with a cable broadband connection and one with an ADSL connection.
I propose to have two LANs, one untagged and one tagged.
I want the untagged LAN routed via the cable broadband connection normally.
I want the tagged VLAN routed via the ADSL broadband connection normally.
If either internet connection goes down, I want the router carrying it to fall on its sword and hand over to the other router. Because it means a change of WAN IP, I am aware that it will mean established connections failing. So be it.
Will a pair of VRRP configurations let me do this?
(It would also be possible for me to put the broadband modems on VLANs, and allow both/either router to handle both at once, but that would result in some traffic going over the LAN infrastructure twice, and the LAN intrastructure is PowerLine ethernet of varying speeds, so I’d rather avoid that, or leave it as an exercise to undertake in addition to the two router/two WAN/two LAN setup already described.)
You may have some reason for wanting VLANs, but seems like you just need VRRP configured on the LAN side, on both routers. No VLANs wouldn’t be need if you just want LAN traffic to “fail over” to the 2nd ISP connection, each router would connect via a LAN interface. Using VRRP would get you physical redundancy on the routing hardware/config. If your buying new stuff for this, one better router, connecting to both ISPs, be easier to configure.
The basic summary to use just VRRP on your two routers, for a single LAN are:
Create a single VRRP interface on each of your routers, listening on your LAN, high priority value on the router with a better internet connection. Higher number for priority wins in /interface vrrp
Each of your two routers would use their own local WAN connection as the default route. You can then add another static route for 0.0.0.0/0 that points to the other router via the LAN interface, setting a high metric. Lower “metric” [priority] wins in /ip route. Make sure you use “check gateway” on the active default 0.0.0.0/0 route as this will cause disable the route if it goes down. Any traffic that hits the router when it’s internet connection is down, would then be send to your other router to go out to internet. VRRP is only need if want this case work if one of the router themselves is down
Assuming your routers are doing DHCP, you can configure both as DHCP servers, for same LAN network. Configure the DHCP servers to listen on the VRRP interface, so only one will be active at a time, but DHCP will always be available then if one router is powered off/offline.
If you have a need to control the routing, based on VLANs downstream of routers, you’d essentially use a different LAN IP on one of the routers, then add VLAN tags when the routers connect to other router. Totally possible, just more config. For more info, search the forum for @pcunite VLAN guide. And, search for “dual WAN” – although most example are when the ISPs are connected to same router…
Yes, you can use VRRP this way. You’ll have one VRRP interface per VLAN per router.
On the router acting as the backup one for a given VLAN, the priority of the /interface vrrp attached to that VLAN will be set to a static value, e.g. 20.
On the router which is the primary one for that VLAN, you’ll configure /tool netwatch to monitor the accessibility of the internet via its WAN connection by pinging something virtually immortal (such as 8.8.8.8) through the WAN. The up-script of the netwatch will set the priority of the /interface vrrp item associated to that VLAN to a higher value than the one statically set on the backup router, e.g. 30, the down-script will set it to a lower value, e.g. 10.
The preemption-mode on all four vrrp interfaces must be set to yes, so that the preferred router for each VLAN would take over whenever its priority is higher.