VRRP on VLAN - TRUNK between two Mikrotik

RouterOS General
1

mikrotik_sw1.2.JPG
Good day!
On the scheme you can see the variant “how it should work”

  • host1 must have an oppurtunity to see host2, gateway ip, and reach the internet though its gw
  • the gateway for each host must be the ip interface of the vrrp interface (1.1.1.3 for host1 and 2.2.2.3 for host2)
  • if MASTER vrrp router fails, the outage for host1 must be minimal

but in real life the scheme doesn’t works properly

So,

  • I have two Mikrotic routers (MT), connected via trunk link (eth5)

  • vlans on both MT are attached to eth5
    /interface vlan
    add vlan-id=10 name=vlan10 interface=ether5
    add vlan-id=20 name=vlan20 interface=ether5

  • vlans and access ports are attached to bridge interfaces (one bridge for each vlan)

  • the ip addresses can be seen on the sheme

When there is no vrrp enabled, all works fine - host1 can ping host2 and each of the vlan interfaces

When I try to attach vrrp to each vlan interface, the vrrp interface goes to Inactive state.
If I delete vlan from the bridge (/int bridge port) the vrrp becomes active, but there is no more bridge and connectivity between access ports and vlan

Does anyone have thoughts, how to solve this problem?

Thank you!

2

I also tried to solve the problem with the help of “Rule Table”
here is an example from wiki
http://wiki.mikrotik.com/wiki/Switch_Chip_Features#Example_-_802.1Q_Trunking_with_Atheros_8316

Assume that there is no bridge between eth1 and vlan10.
If use the following rules, the host1 will be able to ping host2, but will not be able to see vrrp or vlan interfaces on MT1:
/interface ethernet switch rule
add ports=ether5 new-dst-ports=ether1 vlan-id=10 switch=switch1 vlan-header=present
add ports=ether2 new-dst-ports=ether5 new-vlan-id=10 switch=switch1 vlan-header=not-present

3

Hello!
Does anybody have ideas about the issue?
besided, are there any Mikrotik engineers here?

4

Nice picture. But You miss one important ting in description. How You think it must work (failure scenario)?

You describe 2 separate vlans spread over 2 routers.

routing between vlans configured? Both vlans routed (NAT) to ISPs?

5

the sheme is updated

how it should work:

  • host1 is a server with two uplinks to each mikrotik for redundancy (only one link is active)
  • the gateway for for host1 is the vrrp interface ip 1.1.1.3
  • host1 must to see host2, gateway ip, and reach the internet though its gw
  • if MASTER vrrp router (mikrotik1) fails, host1 must still have the connection with the minimal outage
6

Hi there,

I’ve encountered the same problem as you, I’ve found that I’ve had to use VRRP version 3 and v3-protocol=ipv6 to make VRRP work properly when bound to a VLAN interface.

If I use VRRP version 2 or VRRP version 3 with v3-protocol=ipv4 then my VRRP interfaces show up as state Invalid.

I don’t have a bridge interface nor additional IP assignments on the individual VLAN interfaces, otherwise my VRRP and VLAN setup is very similar to yours.

I’m uncertain whether it is still applicable, but I found RouterOS documentation references for v3.0 which mentions that VRRP on VLAN interfaces is broken: http://www.mikrotik.com/testdocs/ros/3.0/ha/vrrp.php

Hope that’s helpful..

Thanks,
Mark.

7

Hello guys,
I have some problems with VRRP. Can anyone help me!
I have two Mikrotik(MT) CCR1036 and Source internet from Cisco equipment and internet distribution to clients also through cisco. I must configure Active Standby. All information on picture. Thanks for advance.

8

I had the same problem two mikrotiks (Rb3011, for redundant links), trunk beetwen them and vlans. VRRP V3 protocol:IPv4 on VLAN interface. On ipv4 protocol vrrp is not working I installed ipv6 package and set VRRP V3 protocol to ipv6, not it works.

MikroTik Engineers can you give any info why V3 protocol: IPv4 this is not working ?