For 2 CCR's as edge routers, running BGP on the Internet side, and VRRP on the inside, what would be the best way to set this up for redundancy, anyone know of any examples?

Is each ccr connected to a different upstream? One way to do this is to establish dual sessions to your upstreams, as in:

CCR A peers with ISP 1 and 2
CCR B peers with ISP 1 and 2 as well.

This would avoid prefixes being withdraw from an upstream in case of failures from one of the routers. You could use MED attribute to influence you upstreams so they always know which router is preferred.

You'll need to connect your CCR to each other, this would also ensure you always have a path towards the Internet. This is one way of doing so, I believe there's a presentation in one MUM talking about such configurations.



Enviado desde mi MotoE2(4G-LTE) mediante Tapatalk

shaoranrch has summarized it pretty well. This is exactly the type of connectivity I would use. It's pity RouterOS does not support inter chassis redundancy mechanism though. For such High Availability scenario it's handy to be able to synchronize the NAT sessions for example.


Boyan

You could check this presentation: http://mum.mikrotik.com/presentations/G ... _Nikos.pdf

It describes in more depth what shaoranrch suggested.

I've implemented this setup and it works flawlessly for about a year now.

It just so happens that 10 days ago one of the CCRs threw a kernel panic and I didn't even notice the failover until I got some alerts because the BGP peers were reset after it got back online!

That's a nice presentation put up very well.
But still the connection tracking is missing as a feature in RouterOS, which means that if you do NAT, you're not able to synchronize the active sessions and in case of fail over to continue without a disruption.


Regards,
Boyan

I have the same situation with two edge routers, both running BGP, each with one provider, getting only default routes from each ISP.

Would it make sense to use VRRP instead of OSPF (and another gateway that connects to both edge routers and to our access switch with public IP addresses) in such a case as well? What of those two options is the best?

Thanks!

In your situation, I'd stick with OSPF since you have a dynamic-routing-capable device sitting behind the two edge routers.

VRRP is a "first hop redundancy" protocol, and does not address whether the active router is actually capable of forwarding packets further.

Suppose router1 is the active router, but that router1's internet connection is down. VRRP will still advertise itself as the active router.
OSPF, if it originates default GW information "if-installed" is much more effective since you're using BGP.
If the Internet goes down on router 1, then router 1 will stop saying "I'm the default GW" in OSPF, and the other devices in the OSPF cloud will learn this, and route to some other gateway.
If the ISP has correctly configured their BGP, then suppose the link to ISP1 is up, but the ISP1 router is isolated from the Internet - it should withdraw its default GW from you, causing your OSPF to stop announcing R1 as the default GW.

VRRP just says "I'm alive"