VRRP problem

jacktsai · February 9, 2007, 1:56pm

MikroTik Local Interface IP 10.23.0.254/20
Cisco 2621 Fa0/0 IP 10.23.0.1/20 VRRP timers learn
Layer 3 switch Vlan1 IP 10.23.0.3/20 default gateway 10.23.0.255
One of the static routes on MikroTik dst-address=10.0.0.0/8 gateway=10.23.0.3

MikroTik as VRRP master
(1)Both 10.23.0.255 (VRRP virtual IP) and 10.23.0.254 (real IP on the local interface) can be accessed by the main switch
(2)Static route 10.0.0.0/8 gateway 10.23.0.3 remains as an entry in the routing table, but not functional
(3)Had to manually remove the static route and add it back in order for the users to access the Internet

MikroTik as VRRP backup
(1)Cannot access 10.23.0.254 at all (10.23.0.255 is represented by 10.23.0.1, Cisco router as the master)
(2)Static route 10.0.0.0/8 gateway 10.23.0.3 remains as an entry in the routing table, but not functional
(3)Manually removing the static route and adding it back does not help – the local interface acts like disabled

No problems on the Cisco router

janisk · February 9, 2007, 4:03pm

please clarify:

MT interface address that runs VRRP on it:10.23.0.254/20
VRRP IP address:10.23.0.255/??
default GW:10.23.0.255?
other routes:???
VRRP configuration on MT:???

second VRRP router configuration:
CISCO
ip address:10.23.0.1/20

where all this goes like LAN is coming in switch and going through through one of routers. or what?

configurations when one is master and then backum (mt device)

jacktsai · February 9, 2007, 4:11pm

thanks for the reply.
I wanted to post the network diagram but did not know how, or where I can save it and post the link here.

MikroTik Router:
(0) change interface name
/interface set 0 name=local
/interface set 1 name=public

(1) set up interface IP
/ip address add address=10.23.0.254/20 interface=local
/ip address add address=192.168.10.100/24 interface=public

(2) set up NAT
/ip firewall nat add chain=srcnat action=masquerate src-address=10.23.0.0/20

(3) set up ip routes
/ip route add dst-address=63.166.22.1/32 gateway=192.168.10.1
/ip route add dst-address=0.0.0.0/0 gateway=192.168.10.1

(4) set up vrrp
/ip vrrp add name=“vr1” interface=local vrid=1 priority=254
/ip vrrp address add address=10.23.0.255/20 interface=local instance=vr1

(5) set up netwatch
/tool netwatch add host=63.166.22.1 interval=30 up-script={/ip vrrp set [/ip vrrp find vrid=1] priority=254} down-script={/ip vrrp set [/ip vrrp find vrid=1] priority=10}

Cisco router:
config t
int e0/0
ip addr 10.23.0.1 255.255.240.0
vrrp 1 ip 10.23.0.255
vrrp 1 preempt delay minumum 60
vrrp 1 priority 100
vrrp 1 timers learn

janisk · February 9, 2007, 4:24pm

they both have priority of 100 to one that you want to be master set higher priority like 255 (MT is highest value you can set as priority)

and in netwatch i would suggest you to enable disable vrrp instance as there where some interesting behavior when changing these values.

also check that you have similar update intervals for your vrrp routers.

jacktsai · February 9, 2007, 4:30pm

MT priority=254 when master, 10 when backup

janisk · February 9, 2007, 4:33pm

set it already in vrrp configuration and then just change it

EDIT:
and if you want to insert some image here, just upload it to one of those free image upload servers and link to here

jacktsai · February 9, 2007, 4:56pm

(5) in my original post automatically change the VRRP priority when I unplug the cable from the public interface.

The results are posted as in the original post – when MT local interface is in backup mode, the interface can ONLY communicate via VRRP with the Cisco router. No one, even the Cisco router, can ping it.

When the VRRP is enabled on the MT local interface or the VRRP role is changed on the MT local interface, one of the static route, 10.0.0.0/8 via 10.23.0.3, becomes invlaid even it remains in the routing table which can be seen by /ip route print

Please help.

Jack