Community discussions

MikroTik App
  4. RouterOS
  5. RouterOS v7 BETA

VRRP sync-connection-tracking setup

Post Reply
 
wolfsbane
just joined
Topic Author
Posts: 1
Joined: Mon Sep 14, 2020 11:55 pm

VRRP sync-connection-tracking setup

Tue Sep 15, 2020 12:00 am

Hello,

I am playing around with 7.1beta2 and noticed with VRRP there is an option to enable sync-connection-tracking.
I have not been able to find any documentation on how to configure it. I have it enabled and have the remote IP set to the other router but nothing ever seems to be synced when i look under the firewall connections.

Is there any documentation for this feature or is it still incomplete?
Top
 
User avatar
raimondsp
MikroTik Support
MikroTik Support
Posts: 39
Joined: Mon Apr 27, 2020 10:14 am

Re: VRRP sync-connection-tracking setup

Tue Sep 15, 2020 3:51 pm

If VRRP is up and running, then in most cases, simply setting
Code: Select all
sync-connection-tracking=yes
on both ends should do the trick: VRRP master syncing its connection with the backup router.

Some useful info / limitations:
  1. MikroTik uses its own proprietary protocol for connection syncing. Therefore, both routers must be MikroTik.
  2. Both routers must be running the same version of RoutersOS v7 (e.g., 7.1beta2).
  3. While VRRP allows multiple backup routers, the connection syncing protocol supports only one (i.e., there must be only two routers: one master + one backup).
  4. VRRP Preemption Mode must be disabled (preemption-mode=no).
  5. The connection syncing protocol uses IPv4 for the internal data channel. In case of IPv6 (v3-protocol=ipv6), remote-address is mandatory.
  6. In case of IPv4, remote-address is optional, however, recommended (reduces VRRP latency).
Top
 
User avatar
raimondsp
MikroTik Support
MikroTik Support
Posts: 39
Joined: Mon Apr 27, 2020 10:14 am

Re: VRRP sync-connection-tracking setup

Tue Sep 15, 2020 3:59 pm

If the above information is insufficient, please provide the output of:
Code: Select all
/interface export hide-sensitive
/interface/vrrp print detail
from both routers.

If you have a VRRP password set, please manually remove it from the output, since the print command doesn't have a hide-sensitive option.
Top
 
mculibrk
just joined
Posts: 2
Joined: Fri Mar 30, 2018 12:02 pm

Re: VRRP sync-connection-tracking setup

Mon Feb 15, 2021 9:34 pm

If VRRP is up and running, then in most cases, simply setting
Code: Select all
sync-connection-tracking=yes
on both ends should do the trick: VRRP master syncing its connection with the backup router.

Some useful info / limitations:
  1. MikroTik uses its own proprietary protocol for connection syncing. Therefore, both routers must be MikroTik.
  2. Both routers must be running the same version of RoutersOS v7 (e.g., 7.1beta2).
  3. While VRRP allows multiple backup routers, the connection syncing protocol supports only one (i.e., there must be only two routers: one master + one backup).
  4. VRRP Preemption Mode must be disabled (preemption-mode=no).
  5. The connection syncing protocol uses IPv4 for the internal data channel. In case of IPv6 (v3-protocol=ipv6), remote-address is mandatory.
  6. In case of IPv4, remote-address is optional, however, recommended (reduces VRRP latency).
This is fantastic.... but...
What is the status of "firewall rules" sync between routers?
Or even better - config sync?

Are there any "suggested/verified" methods? There are some user proposed scripts... but nothing "universally useful"...
There is the excellent https://github.com/svlsResearch/ha-mikrotik but that's an active/passive solution requiring reboots for failovers which takes time and drops *any/all* state

Any plans in that regard? What do you suggest to use to have a "proper" HA (with minimal or no loss of connectivity) solution for Mikrotik devices?

Are there any "suggested" centralized management SW where you could edit/modify config to be automatically pushed to "paired" devices? That in combination with vrrp-sync could do the trick...

(if only Mikrotik config handling would allow direct "editing" (injecting/changing a specific <b>line</b> of configuration or some sort of <i>diff</i> apply...)

Any suggestions?
Top
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 6195
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:
Contact mrz

Re: VRRP sync-connection-tracking setup

Tue Feb 16, 2021 12:20 pm

Currently there are several centralised configuration management options: TR069, API, SSH, and now even REST.
Top
 
mculibrk
just joined
Posts: 2
Joined: Fri Mar 30, 2018 12:02 pm

Re: VRRP sync-connection-tracking setup

Tue Feb 16, 2021 12:54 pm

Yeah... I know about the "possibilities" or "options" for centralized management...
but are there any "suggested"/Recommended "product/solution" for that purpose?

I know about for ex Unimus and some other similar products and the TR-69 (Genie-ACS...) options... but it seems to me that's oriented more to "collecting configurations" than "managing" especially some HA (paired) setups.
Correct me if I'm wrong... or even better, suggest some "actual" solution.

Thanks!

Regards,
Top
Post Reply

Who is online

Users browsing this forum: No registered users and 10 guests
  4. RouterOS
  5. RouterOS v7 BETA