I am going to add a second MikroTik RB1200 to my existing RB1200. Call them RB#1 (in production) and RB#2 (soon to be added).
My configuration is fairly straightforward
- an internal LAN, to which both RB1200s are connected on their respective Ether5 ports
- an Internet connection, to which both RB1200s are connected through a pair of VLAN linked switches (using port-based VLAN assignment, so the RB1200s will not be aware that a VLAN is involved; just to separate that traffic from the rest of the broadcast domain) to a router provided by an ISP
- a second Internet connection, again to which both RB1200s are connected through the same pair of switches on a different VLAN, for the same reason, to another router provided by that second ISP
VRRP will be used for failover of all three shared IP addresses - 192.168.1.1 will be shared on the internal LAN; and a couple of static IP addresses (one each from the two ISPs) will be shared on the two external VRRP port pairs.
My questions are:
1. Should I set up three different virtual routers, one for the LAN plus two more, one for each of the two ISPs? Or should I set up one VRRP which somehow causes all three virtual IP addresses to shift between the two RB1200s? My assumption is that I should have three complete VRRP setups.
2. On the internal LAN interfaces of the RB1200s, IP addresses are available. I can use the traditional 192.168.1.1 as the virtual IP, plus 192.168.1.2 and .3 as the two physical interface IP addresses. However on the ISP side I may not have more than one real IP address available. I presume that I can set up 192.168.253.2/28 and 192.168.253.3/28 as the two physical interface IP addresses for ISP #1, and 192.168.253.10/28 and 192.168.253.11/28 as the two physical interface IP addresses for ISP #2, with the real IPs being virtually shared between the two RB1200s being whatever real IP addresses the two ISPs have assigned me, right? That is, that there is no requirement for the physical interface IP addresses on which the two MikroTiks communicate VRRP broadcasts to each other, and the actual virtual router IP address which they share between them, right?