Hi all!

I've been assigned a task to find out a way, how to make a multihoming setup, where the customer has the same IP address, no matter if he's running on the primary connection or on the backup. Ideally the connection has to be redundant up to our main uplink to the IXP, however even better would be, if the redundancy would be up to the IXP. The second option would be possible, as we do have an unsed router at the IXP.

My idea was the following: the primary connection (through the ISP I'm working for) would consist of a direct VLAN or a VPN to the router at the IXP (or in our offices, if we'd go for the version which is redundant only to our uplink), and there would be one more VPN created over the secondary connection (ADSL or LTE - not maintained by us). These interfaces (VPN+VLAN or VPN+VPN) would be bonded together with the active backup setting on both ends.

My boss said, that this is a great idea, but there is no check for the integrity of the links, and it's done on layer 2. He would like to see a layer 3 option, involving routing protocols, BGP or OSPF ideally. However I don't have much experience with them, and I'm not sure which protocol to use, and how to use it.

I tried searching the web (and this forum as well), but I wasn't able to come up with a result, that would be usable.

Can you give me some advice?

Thanks in advance!

Hi Atilla,

This is a fantastic idea in principle but quite involved to implement in practice. There are various vendors that sell a "broadband bonding/aggregating" device, but I'd love to see a solution for this using Mikrotik only! Mikrotik is preferable to pricing constraints and just generally being able to support / understand it yourself.

Let simplify your solution a little bit to get to the meat of it.

You want your customer to have a single Public IP, that is effectively reachable by multiple (read redundant) paths. Mushroom Networks for instance describes this as a elastic IP.

Every ISP maintains their own IP address ranges so each connection should have the source IP address set to that connection's public IP otherwise your return traffic will never return. Using Mangle rules to mark connections and packets should provide your equal cost multi path type requirement, along with Masquerade out on each connection. Not sure about the DNS implications...

To deliver the single public IP, you will require a (someone please help me here ) ?BGP? router at a meetme room/datacentre that has its public IPs delivered to it independanty of the ISP. That then maintains multiple VPNS to the client's CPE over their various connections. The scale of the redundancy depends on the main router.

Hi, and thanks for your reply.

Meanwhile I thought the entire thing over. The goal is redundancy up to the internet exchange point (IXP, in our case SIX - Slovak Internet Exchange - in Bratislava, to which we do have a direct connection). In the case of using routing protocols (BGP or OSPF preferably) we can have the client's public IP address on our MikroTik device at the client's site.

From there it looks simple:
The primary route would be from the client to our datacenter, and from there to the uplink to SIX
The secondary route would be from the client to our failover router located physically in SIX via VPN over some other ISP's network

So whenever the primary route would fail or become unreliable, the secondary one would get used. At least now this is clear for me, but having no experience in routing protocols, it will be quite a bit of a learning curve to get it up and running. Fortunately I have two hAP ac lites at home, and tomorrow an RB1200 is arriving as well, so I will build up a real-world playground to test this. I mean I could use a bunch of VMs running CHR, but then there's no fun in playing with the hardware itself

Interesting, i would subscribe to this thread to see your progress and how you implement everything.

MTCRE certification. This can be done with ospf and looback interfaces.