I am trying to implement a setup using VRRP. RouterOS is 2.9.21. First I went straight away to using VRRP with VLANs and Bridges implementation but that failed straight away. So I decided to test VRRP to its basics. When I did so, I was getting the following result:
Pinging Dynamic IP works when both Master and Backup are online. ARP shows that the host is piniging the Master.
When Master goes offline, ping works. ARP shows that host is pinging Backup (which is now Master).
When Master is back online, ping works. ARP shows that host is still pinging the Backup!
When Backup goes offline, pinging stops.
Why aren’t the 2 boxes using a commong virtual MAC as well for the dynamic address?
I have been through the forum searching on VRRP and most questions are not being answered… can Mikrotik help out please?
I’ve seen this exact thing many times with VRRP on MT, one of the reasons why I stoped using it. They should definately look at adding a virtual MAC to the VRRP Address.
If you change your ARP Cache Timeout to a extremely small amount (such as 1s) this will go away.
mmm something is wrong, i was used HSRP is the same VRRP but propietary you know Cisco, and work very great, the VRRP is the open version and the original version, i am thinking this VRRP work , but why not for you,
en HSRP, in the case 3 and 4 you describe in HSRP work fine, the master take the role the again,
i was used for two router, two switche, and two server, and in the server have two ethernet cards, full redundancy, and work very great, when have 3 hello times 10 seg no see the master, the stand-by take the principal role.
i am thinking the VRRP, work better because i think Cisco copy this
Best Regards
I have emailed Mikrotik about the problem, and the guys told me that there wil be an update dealing with these issues in release 2.9.24. I am waiting for that release to retest and post my feedback.
Hope they introduce a virtual MAC address, or have the MAC address move with the IP address. I’m tied up like mad at a new job, so PLEASE post your findings after the release. I’d love to see this fixed!!!
I am suspecting a possible issue in my setup, that if they introduce a virtual mac, the managed switch I have in between might start blocking communication to the second router when the first one goes down because it would see same MAC address on different ports… let’s see what happens
that’s why you can set up ARP cache timeout on these two ports There are several other mechanisms which could prevent “disaster” in case you described and maintain desired functionality.
And if you have a non managed 24 port switch? It’s a pain to have to manually set a lower arp-cache timeout on all the systems.
What if those 22 systems receive their IP Configuration via DHCP on MT? MT doesn’t have a option to set a arp-timeout in a DHCP Scope. Unless you have intelligent switches, it’s virtually a pain to configure VRRP to have a working configuration on MT.
Added to that, I have not seen one (other than MT) implementation of VRRP, HRSP, or any form of HA Cluster configuration where it was required that all nodes on a LAN segment accessing the dynamic address, had to have a reduced LOCAL arp-cache timeout. MT should fit in with the rest, not the rest with MT…
I had implement a cluster with isa2k & 2k4 and raptor
without any problem.
I unicast mode the vip of external interfaces i was
make a connection of all outside interfaces in a hub
first and after uplink to switch so the switch is register
only one port with mac address. there is note problem
I multicast mode i was direct connect all outside interfaces
in a switch and i have switch flooding, but again without problem
I MT v2.9.6 i was implement the first scenario (with hub)
without problem (the switch is use only one port).
but the mikrotik is not have the VMAC, only use AGRES. ARP
My problem is the vip in vpn. I saw that the connection tracking
is not monitor the ipsec (50) protocol only tcp/udp.
This my problem because after failback the secondary node
is trying to connect to remote peer.
The problem i think is layer-2 switch in 9.24
but i was overcoming with connect to MT in a hub first.
In 9.25 i saw that after failback the second MT (the stand by node)
is no register it’s mac address in switch L2 and it needs to
disable and enable the interface to register succesfully it’s mac address
There are plenty of posts about it arround the forums… Was supposed to be fixed in .24, it wasn’t. .25 has been released, nothing mentioned about it in the changelogs…
In 9.25 the problem is the second node
after failback it doesn’t register the primary mac
of ethernet and steel catch the 00:00:5e:00:01:01.
This mac address is owned by first node after failback.
So i loose the communication with secondary node
and must disable and enable vrrp in this node
.199 is the virtual IP. It should ALWAYS have the 00-00-5e-00-01-01 mac address. You will see after failover and back that the real MAC is being mixed around with the virtual MAC which definately confuses clients.
Changing MAC addresses across switch ports is not a problem, the switch just learns it on another port instantly. Clients should listen to the gratuitous arp and learn the new MAC - which i think is working except that MT is broadcasting the wrong ip/mac pairs.
First post of this thread: 20 Aug 2004
Todays Date: 15 Jun 2006
Shocking!!! And it’s still on going… Almost 2 years and still no fix to a problem? I guess purchasing a support contract from Mikrotik won’t help much either, as this is a software issue rather than a configuration issue.
Hmm, wait it out or buy a couple of Cisco 29xxs… Choices choices…
And it’s still on going… Almost 2 years and still no fix to a problem? I guess purchasing a support contract from Mikrotik won’t help much either, as this is a software issue rather than a configuration issue.