VRRP bug?

RouterOS General
1

Hello,

I’m running VRRP on two CRS317 v7.15 [stable] and I’m seeing something odd:
On Sw01:

[admin@Sw01] /interface/vrrp> export
/interface vrrp
add interface=vlan199 name=vrrp priority=150 sync-connection-tracking=yes vrid=10
[admin@Sw01] /interface/vrrp> /ip/address/export
/ip address
add address=10.41.199.2/24 interface=vlan199 network=10.41.199.0
add address=10.41.199.1 interface=vrrp network=10.41.199.1
[admin@Sw01] /interface/vrrp> /ip/firewall/connection/tracking/export
/ip firewall connection tracking
set enabled=yes

On Sw02:

[admin@Sw02] /interface/vrrp> export
/interface vrrp
add interface=vlan199 name=vrrp priority=50 sync-connection-tracking=yes vrid=10
[admin@Sw02] /ip/address> export
/ip address
add address=10.41.199.3/24 interface=vlan199 network=10.41.199.0
add address=10.41.199.1 interface=vrrp network=10.41.199.1
[admin@Sw02] /interface/vrrp> /ip/firewall/connection/tracking/export
/ip firewall connection tracking
set enabled=yes

So, a VRRP instance with Sw01 priority’s set to 150, preemptive mode=yes, Sw02 priority=50. This means that once Sw01 comes online, it should take ownership of the VRRP instance, right? The thing is… it’s not happening:

And I have no clue why.
How to replicate:

  • Set everything up


  • Make sure Sw01 is the owner of the VRRP instance


  • Unplug power from Sw01


  • Sw02 becomes the VRRP owner


  • Plug back Sw01


  • Wait and see - 15 mins in the waiting, Sw02 is still the owner

I just saw that if I change the priority of either VRRP instances (Sw01 or Sw02), VRRP is getting the correct ownership.

2

Hi,

Please check the RouterOS Log and see if there are any VRRP-replated messages on both routers. When sync-connection-tracking=yes, the devices sync their connections before changing the master. Maybe there is something wrong with connection sync. Also, try disabling sync-connection-tracking to see if it fixes the preemption.

Just to be sure, there are no other VRRP routers in the 10.41.199.0/24 subnet except these two, right?

3

I don’t see anything in the logs about VRRP but:

[admin@Sw01] > /log/print
 08:10:37 system,error,critical router was rebooted without proper shutdown
 08:10:37 interface,info lo link up
 08:10:37 interface,info v199 link up
 08:10:37 vrrp,info vrrp now BACKUP
 08:10:37 vrrp,info vrrp starting CTSYNC BACKUP
 08:10:37 bridge,info "b1" mac address changed to 0C:8C:28:CA:00:00
 08:10:37 vrrp,info vrrp stop CTSYNC
 08:10:37 vrrp,info vrrp now BACKUP
 08:10:37 vrrp,info vrrp starting CTSYNC BACKUP
 08:10:39 system,info,account user admin logged in via local
 08:10:39 vrrp,info vrrp stop CTSYNC
 08:10:39 vrrp,info vrrp starting CTSYNC BACKUP

While I’ve got both firewall and vrrp logging enabled

[admin@Sw01] > /system/logging/print
Flags: * - DEFAULT
Columns: TOPICS, ACTION
#   TOPICS    ACTION
0 * info      memory
1 * error     memory
2 * warning   memory
3 * critical  echo
4   vrrp      memory
5   firewall  memory

Disable connection tracking did fix the issue, but shouldn’t this work WITH tracking on?

I have no firewall rules,

/ip/firewall/filter export

returns nothing.

Yes, there are no other routers in this subnet. The only other things connected to these devices are two PCs.

P.S. it’s the same behavior in GNS3, if it’s easier to replicate than with physical devices.

4

VRRP Preemption should work together with sync connection tracking, but it doesn’t work on your side for some reason. Please create a support ticket, and we will try to reproduce your issue.

5

Email sent. Thank you for the support!