1100's bypass or VRRP?

Tue Mar 26, 2019 11:20 am

I git two brand new 1100AHx4 devices, and two inbound WANs (from two different ISPs). I planned to connect each router on one WAN, and use hardware bypass feature (which is pretty nice) to pass this link to another router "just in case". So, Router1 (R1) will work with ISP1, and will be connected to ISP2 as well if Router2 (2) be down, and vise versa.

The problem is this: ISP1 will supply IP1, and ISP2 supply IP2. I assign IP1 to R1, and assign IP2 to R2 on its backup WAN port, set up bypass, and everything looks fine, but... But on R2 I can see IP2 alive even when bypass won't work, so in fact R1 and R2 thinks they responsible for both IPs each, so in fact I have no HA.

The problem is that when I assign static IP to the router port, this IP is alive (pingable, routable) even when the port is down. Looks like Mikrotik binds this IP on his CPU, not to port itself so logical state of IP and physical state of the port are unrelated.

I don't know how can I overcome this. The only thing I can think of (and this is ugly approach) is to use script to monitor physical port state and up or down IP on the port.

Another approach is to play with VRRP. This way, I can archive HA, but then I can't use bypass which is (as I've told above) really nice feature.

Please advice, may I miss something? I'd prefer to learn how can I bind port and IP on the port state, this would be elegant solution.

