VRRP Setup Help

tazdevil · April 13, 2015, 4:05am

Hi, I need some help getting my VRRP setup working.

When both are powered up and initialized, both Interfaces in Winbox show "RM" (Running Master). Shouldn't it be one Master only?
Clients might connect through vrrp-backup unit instead of vrrp-master. Shouldn't it be always Master first?
When power down one of the VRRP units, the other picks it up which is good.
When VRRP-Master unit comes back up from "failure", the network doesn't switch it back from VRRP-Backup to VRRP-Master.

Here's my setup. Have I missed any settings?

VRRP Master:

name = vrrp-master
mac-address = 00:00:5E:00:01:31
arp = enabled
interface = wlan-gateway (IP : 192.168.0.22/24)
vrid = 49
priority = 255
interval = 1s
preemption-mode = yes
vrrp-master IP = 5.0.0.1/32
bridge-local IP = 192.168.88.1/24

VRRP Backup:

name = vrrp-backup
mac-address = 00:00:5E:00:01:31
arp = enabled
interface = wlan-gateway (IP : 192.168.0.23/24)
vrid = 49
priority = 100
interval = 1s
preemption-mode = yes
vrrp-master IP = 5.0.0.1/32
bridge-local IP = 192.168.88.1/24

Thanks.
Vincent

barkas · April 13, 2015, 6:09am

On a working vrrp setup, the primary router would have the .2, the backup would have the .3 and the vrrp ip would have the .1, all in the same subnet. Your Ips look strange to me.

tazdevil · April 13, 2015, 7:06am

Hi barkas,

What do you mean by the primary router would have the .2, backup .3, and vrrp ip would have the .1? Shouldn’t the Primary and Backup be in a /32 subnet?

Thanks.

emils · April 13, 2015, 7:59am

VRRP virtual address must be in the same network as real address. So instead of 5.0.0.1/32 should be something like 192.168.0.24/32 (same on both nodes).

barkas · April 13, 2015, 9:13am

All addresses in a VRRP need to be in the same network. So for example the virtual address would be 192.168.0.1/24, while the router addresses would be 192.168.0.2/24 and 192.168.0.3/24.

tazdevil · April 13, 2015, 9:47am

So the Virtual IP (Vrrp Ip) is the same as the Gateway IP. But what about if I have two leased lines or two static public IPs, for example, 195.199.x.x and 87.159.x.x, how would I go about setting up the VRRP?

ZeroByte · April 13, 2015, 3:30pm

The answer is simple: You don’t.

That’s not how VRRP is set up to work.

You could use one public IP / one leased line per router. If you want to do load balancing, etc with that, you could do some crazy routing between them using a dedicated router-to-router link cable, but the complexity of such a thing is certainly going to be more trouble than it’s worth.

tazdevil · April 14, 2015, 2:51am

It is not for load balancing. I am trying to set up a hardware failover with VRRP. I have two leased lines with fixed IPs in /29 subnet. Is it possible to have two different fixed WAN IPs in two different subnets?

This basic example doesn’t work. Mikrotik doesn’t allow me to create two 192.168.1.1/24 and 192.168.1.254/32 network.
http://wiki.mikrotik.com/wiki/Manual:VRRP-examples

troffasky · April 14, 2015, 8:38pm

To be clear, are you saying that you can’t add 192.168.1.254/32 because 192.168.1.1/24 already exists? Or are you trying to create each address twice on the same router?

In any case, posting the actual error message will avoid some of the guesswork.

barkas · April 14, 2015, 11:39pm

Yes, I see, this example is wrong and all netmasks in it should be /24.