If VRRP is up and running, then in most cases, simply setting
on both ends should do the trick: VRRP master syncing its connection with the backup router.
Some useful info / limitations:
- MikroTik uses its own proprietary protocol for connection syncing. Therefore, both routers must be MikroTik.
- Both routers must be running the same version of RoutersOS v7 (e.g., 7.1beta2).
- While VRRP allows multiple backup routers, the connection syncing protocol supports only one (i.e., there must be only two routers: one master + one backup).
- VRRP Preemption Mode must be disabled (preemption-mode=no).
- The connection syncing protocol uses IPv4 for the internal data channel. In case of IPv6 (v3-protocol=ipv6), remote-address is mandatory.
- In case of IPv4, remote-address is optional, however, recommended (reduces VRRP latency).
This is fantastic.... but...
What is the status of "firewall rules" sync between routers?
Or even better - config sync?
Are there any "suggested/verified" methods? There are some user proposed scripts... but nothing "universally useful"...
There is the excellent https://github.com/svlsResearch/ha-mikrotik
but that's an active/passive solution requiring reboots for failovers which takes time and drops *any/all* state
Any plans in that regard? What do you suggest to use to have a "proper" HA (with minimal or no loss of connectivity) solution for Mikrotik devices?
Are there any "suggested" centralized management SW where you could edit/modify config to be automatically pushed to "paired" devices? That in combination with vrrp-sync could do the trick...
(if only Mikrotik config handling would allow direct "editing" (injecting/changing a specific <b>line</b> of configuration or some sort of <i>diff</i> apply...)