Community discussions

MikroTik App
 
operat0r
newbie
Topic Author
Posts: 32
Joined: Mon May 29, 2017 9:18 pm

VRRP on bridge interface

Wed Apr 04, 2018 2:22 pm

Hello,

I've been testing VRRP configuration on bridge interface and it is not working as intended.
The problem is that when everything is setup, I can see that both routers become master for the specific prefix I've setup VRRP.
Is there a way to make it work ? If not, what is the next best possible implementation for this?

Thank you in advance.
Panagiotis Botos
Networking Engineer
 
User avatar
blajah
Member Candidate
Member Candidate
Posts: 224
Joined: Fri Jun 12, 2015 8:58 pm
Location: Belgrade, Serbia
Contact:

Re: VRRP on bridge interface

Fri Apr 06, 2018 10:28 pm

I can confirm it works as expected. Can you provide export of config or even diagram of what you are trying to achieve?
I have bigger routing table.
 
operat0r
newbie
Topic Author
Posts: 32
Joined: Mon May 29, 2017 9:18 pm

Re: VRRP on bridge interface

Wed Apr 11, 2018 11:04 am

Hello ,

Basically the diagram of the network in place is this (see attached).

Right now the configurations are as follows :
/interface ethernet
set [ find default-name=ether1 ] comment="Local Admin"
set [ find default-name=sfp-sfpplus1 ] comment="Everest feed A"
set [ find default-name=sfp-sfpplus2 ] comment="Link to mg03-sw03"
set [ find default-name=sfp-sfpplus3 ] disabled=yes

/interface vrrp
add authentication=ah interface=sfp-sfpplus2 name=xxx.xxx.xxx.0/28 password=XXXXXXXX priority=150 version=2
add authentication=ah interface=sfp-sfpplus2 name=xxx.xxx.xxx.128/25 password=XXXXXXXX priority=150 version=2 vrid=5
add authentication=ah interface=sfp-sfpplus2 name=xxx.xxx.xxx.16/28 password=XXXXXXXX priority=150 version=2 vrid=2
add authentication=ah interface=sfp-sfpplus2 name=xxx.xxx.xxx.32/27 password=XXXXXXXX priority=150 version=2 vrid=3
add authentication=ah interface=sfp-sfpplus2 name=xxx.xxx.xxx.64/26 password=XXXXXXXX priority=150 version=2 vrid=4
add authentication=ah interface=sfp-sfpplus2 name=xxx.xxx.xxx.0/26 password=XXXXXXXX priority=150 version=2 vrid=10
add authentication=ah interface=sfp-sfpplus2 name=xxx.xxx.xxx.128/25 password=XXXXXXXX priority=150 version=2 vrid=12
add authentication=ah interface=sfp-sfpplus2 name=xxx.xxx.xxx.64/26 password=XXXXXXXX priority=150 version=2 vrid=11
add authentication=ah interface=sfp-sfpplus2 name=VRRP-xxx.xxx.xxx.0 password=XXXXXXXX priority=150 version=2 vrid=14
add authentication=ah interface=sfp-sfpplus4 name=VRRP-xxx.xxx.xxx.0/26 password=XXXXXXXX version=2 vrid=15
add authentication=ah interface=sfp-sfpplus4 name=VRRP-xxx.xxx.xxx.128/25 password=XXXXXXXX version=2 vrid=17
add authentication=ah interface=sfp-sfpplus4 name=VRRP-xxx.xxx.xxx.64/26 password=XXXXXXXX version=2 vrid=16
add authentication=ah interface=sfp-sfpplus4 name=VRRP-xxx.xxx.xxx.0/24 password=XXXXXXXX priority=150 version=2 vrid=18
add authentication=ah interface=sfp-sfpplus2 name=VRRP-194 password=XXXXXXXX priority=150 version=2 vrid=13
add interface=sfp-sfpplus2 name=VRRP-IPv6-1 priority=200 v3-protocol=ipv6 vrid=20

/routing bgp instance
set default as=64516 disabled=yes
add as=49683 client-to-client-reflection=no name="Everest Feed A" router-id=X.X.X.X
add as=49683 client-to-client-reflection=no name=XXXXXX router-id=X.X.X.X

/ip address
add address=X.X.X.X/30 comment="BGP point-to-point Everest" interface=sfp-sfpplus1 network=X.X.X.X
add address=xxx.xxx.xxx.12/28 comment=xxx.xxx.xxx.0/28 interface=sfp-sfpplus2 network=xxx.xxx.xxx.0
add address=xxx.xxx.xxx.14/28 interface=xxx.xxx.xxx.0/28 network=xxx.xxx.xxx.0
add address=xxx.xxx.xxx.28/28 comment=xxx.xxx.xxx.16.28 interface=sfp-sfpplus2 network=xxx.xxx.xxx.16
add address=xxx.xxx.xxx.30/28 interface=xxx.xxx.xxx.16/28 network=xxx.xxx.xxx.16
add address=xxx.xxx.xxx.60/27 comment=xxx.xxx.xxx.32/27 interface=sfp-sfpplus2 network=xxx.xxx.xxx.32
add address=xxx.xxx.xxx.62/27 interface=xxx.xxx.xxx.32/27 network=xxx.xxx.xxx.32
add address=xxx.xxx.xxx.124/26 comment=xxx.xxx.xxx.64/26 interface=sfp-sfpplus2 network=xxx.xxx.xxx.64
add address=xxx.xxx.xxx.126/26 interface=xxx.xxx.xxx.64/26 network=xxx.xxx.xxx.64
add address=xxx.xxx.xxx.252/25 comment=xxx.xxx.xxx.128/25 interface=sfp-sfpplus2 network=xxx.xxx.xxx.128
add address=xxx.xxx.xxx.254/25 interface=xxx.xxx.xxx.128/25 network=xxx.xxx.xxx.128
add address=xxx.xxx.xxx.252/24 comment=xxx.xxx.xxx.0 interface=sfp-sfpplus2 network=xxx.xxx.xxx.0
add address=xxx.xxx.xxx.60/26 comment=xxx.xxx.xxx.0 interface=sfp-sfpplus2 network=xxx.xxx.xxx.0
add address=xxx.xxx.xxx.124/26 comment=xxx.xxx.xxx.64/26 interface=sfp-sfpplus2 network=xxx.xxx.xxx.64
add address=xxx.xxx.xxx.252/25 comment=xxx.xxx.xxx.128/25 interface=sfp-sfpplus2 network=xxx.xxx.xxx.128
add address=xxx.xxx.xxx.62 interface=xxx.xxx.xxx.0/26 network=xxx.xxx.xxx.0
add address=xxx.xxx.xxx.126 interface=xxx.xxx.xxx.64/26 network=xxx.xxx.xxx.64
add address=xxx.xxx.xxx.254 interface=xxx.xxx.xxx.128/25 network=xxx.xxx.xxx.128
add address=xxx.xxx.xxx.254/24 interface=VRRP-194 network=xxx.xxx.xxx.0
add address=xxx.xxx.xxx.252/24 comment=xxx.xxx.xxx.0 interface=sfp-sfpplus2 network=xxx.xxx.xxx.0
add address=xxx.xxx.xxx.254/24 interface=VRRP-xxx.xxx.xxx.0 network=xxx.xxx.xxx.0
add address=xxx.xxx.xxx.60/26 comment=xxx.xxx.xxx.0/26 interface=sfp-sfpplus4 network=xxx.xxx.xxx.0
add address=xxx.xxx.xxx.124/26 comment=xxx.xxx.xxx.64/26 interface=sfp-sfpplus4 network=xxx.xxx.xxx.64
add address=xxx.xxx.xxx.252/25 comment=xxx.xxx.xxx.128/25 interface=sfp-sfpplus4 network=xxx.xxx.xxx.128
add address=xxx.xxx.xxx.62 interface=VRRP-xxx.xxx.xxx.0/26 network=xxx.xxx.xxx.62
add address=xxx.xxx.xxx.127 interface=VRRP-xxx.xxx.xxx.64/26 network=xxx.xxx.xxx.127
add address=xxx.xxx.xxx.254 interface=VRRP-xxx.xxx.xxx.128/25 network=xxx.xxx.xxx.254
add address=xxx.xxx.xxx.252/24 comment=xxx.xxx.xxx.0/24 interface=sfp-sfpplus4 network=xxx.xxx.xxx.0
add address=xxx.xxx.xxx.254 interface=VRRP-xxx.xxx.xxx.0/24 network=xxx.xxx.xxx.254

The concept is the same for router 2.
I am using public IP's for the server clusters bellow.
So basically, what I want to achieve is to bridge two interfaces (lets say sfp-plus 4 and 5), and have VRRP on this bridge.

Right now I have removed all configurations for bridge.But I follow the steps bellow:

1) Add new Bridge
2) Add ports to bridge
3) Assign VRRP interface to Bridge

Doing so results in both VRRP to become masters.
I will try to create a new configuration and upload it here with the bridge setup, when i have time.

Thank you
You do not have the required permissions to view the files attached to this post.
Panagiotis Botos
Networking Engineer
 
User avatar
sri2007
Member Candidate
Member Candidate
Posts: 206
Joined: Wed May 20, 2015 10:14 pm
Location: Quito
Contact:

Re: VRRP on bridge interface

Tue Apr 24, 2018 4:14 pm

Hi, I'll probably double check auth password on both sides, and I could also check if I can see this remote router as a LLDP neighbor too, the only way that two VRRP neighbors won't become master/backup is that they are not able to communicate between them, there are firewall rules that can block this traffic too, the VRRP multicast address is 224.0.0.18
MikroTik Support and Consultancy - Español / English +593 93 924 1262
https://www.safenet.ec/consultoria.html/ support@safenet.ec
 
idlemind
Forum Guru
Forum Guru
Posts: 1148
Joined: Fri Mar 24, 2017 11:15 pm
Location: USA

Re: VRRP on bridge interface

Tue Apr 24, 2018 10:29 pm

Also, the VRRP addresses in IPv4 should be /32's and /128's for IPv6. If not, the router ends up with 2 interfaces that have the same network defined. The VRRP interface will get it's own link-local address automatically and will be reachable there. Additionally, you can if you want set a global unicast address to be shared like in IPv4.

/interface vrrp add interface=bridge1 version=3 name=vrrp-v4-bridge1
/ip address add interface=bridge1 address=10.99.99.254/24
/ip address add interface=vrrp-v4-bridge1 address=10.99.99.1/32

# ipv6
/interface vrrp add interface=bridge1 version=3 v3-protocol=ipv6 vrid=6 name=vrrp-v6-bridge1
/ipv6 address add interface=bridge1 address=2001:db8::254/64
/ipv6 address add interface=vrrp-v6-bridge1 address=2001:db8::1/128
 
operat0r
newbie
Topic Author
Posts: 32
Joined: Mon May 29, 2017 9:18 pm

Re: VRRP on bridge interface

Thu May 03, 2018 2:55 pm

Having tried tweaking various settings to make things work, I'm still not able to make VRRP work on bridge.
Bellow is the current configuration:
/interface bridge
add fast-forward=no name=bridge-vlan protocol-mode=none

/interface vlan
add interface=sfp-sfpplus4 name=vlan100 vlan-id=100

/interface vrrp
add authentication=ah interface=vlan100 name=VRRP-x.x.x.x/24 password=xxxxxxx priority=250 version=2 vrid=18

add address=x.x.x.x/24 comment=x.x.x.x/24 interface=vlan100 network=x.x.x.0
add address=x.x.x.254 interface=VRRP-x.x.x.0/24 network=x.x.x.254

Adding port sfpplus4 (which is the physical interface connected to a cisco switch) to the bridge results in lost of connectivity of end users.
Adding port vlan100 to the bridge results in lost of connectivity of end users.

I really don't know what I'm doing wrong here.

To fully understand my case consider the next :

1) 2 routers with several networks (all public networks).
2) Two uplinks to 2 different ISP's (full BGP routing).
3) VRRP interfaces. For the testing of vlans and bridge, I have created a test vlan 100.
VRRP for the specific network is bound to interface vlan 100 (on both routers).
4) IP addresses for networks. For aforementioned network lets say it is 111.111.111.0/24.
Add ip address 111.111.111.252/24 interface vlan 100
Add ip address 111.111.111.254/32 interface VRRPinterface.

Current configuration with vlan100 works. But I'm trying to figure out how to add multiple vlans for the same interface and also untagged traffic (native vlan).
I've read that the correct way to do this is via bridge and this is why im trying to figure out how to set it up.
Any help will be highly appreciated.

Thank you.
Panagiotis Botos
Networking Engineer
 
dario111
just joined
Posts: 4
Joined: Tue Feb 26, 2019 8:24 am

Re: VRRP on bridge interface

Wed Aug 12, 2020 1:29 am

Hi,

the topic is pretty old, but I had the same trouble this evening.

I have c3750 <=> LACP 2ports <=> Mikrotik CRS354
C3750 IOS is 12.2.58(SE2)
RouterOS is 6.47.1

VLAN1000 is trunked on both sides; on Cisco on PortChannel interface, on Mikrotik on bond interface.
On Mikrotik that vlan is bridged with 3 phy ports and VRRP interface is configured bridge. VRRP VIP is /32.

I had Master on both sides until I changed VRRP protocol from v3 to v2 on Mikrotik and kept IPv4 of course.
It instantly went to backup as it's higher prio on Cisco side set.

Who is online

Users browsing this forum: Google [Bot], hpet and 9 guests