Community discussions

MikroTik App
 
RcRaCk2k
Member Candidate
Member Candidate
Topic Author
Posts: 115
Joined: Mon May 07, 2012 10:40 pm

rOS 7.5rc1 - VRRP Connection Tracking Syncing issue

Mon Aug 29, 2022 10:08 pm

Hi Guys,

i am using VRRP with Connection-Tracking and have discovered an issue with the NAT-Table.

I have two routers (Router A - VRRP Master) and (Router B - VRRP Slave).
Both routers are configured identical - running rsc-script on both routers, only changing fixed Interface-IP-Addresses.

There is a SRC-Nat for all Packets that have SRC (10.0.0.0/8) and outgoing interface via ether1. SRC-To-Address is fixed to the outbound ip-address.

The Connection-Tracking gets synced between both routers. So that looks okay for me.

There is Router C (Internet) connected to RouterA and RouterB with a public ip-address subnet. Router-A and Router-B both have same IP-Address configured to there ether1 Interface.

Constellation:
Router-A is Master, IP-Address 10.1.160.1 is configured to ether2 via vrrp-interface.
Traffic from the internal network to the internet is passing Router-A > Router-C -> Internet
The backward-traffic is Internet -> Router-C -> Router-A -> Client - OK

But if the backward-traffic is Internet -> Router-C -> Router-B -> Client the packet not gets forwarded bei Router-B. - Why?

You can see in the screenshots, that the ICMP-Echo is received by Router-B but will not be forwarded.

Image

Image
 
User avatar
raimondsp
MikroTik Support
MikroTik Support
Posts: 267
Joined: Mon Apr 27, 2020 10:14 am

Re: rOS 7.5rc1 - VRRP Connection Tracking Syncing issue

Tue Aug 30, 2022 8:01 am

Hi,

You need to create the second VRRP interface on ether1, then group both VRRP interfaces together (see group-master description in VRRP Documentation).

Who is online

Users browsing this forum: No registered users and 14 guests