Hi

I'm trying to get VRRP working on two RB333 with routerOS v3.6, but both routers are "fighting" to be Master device, so every time i access to the vrrp ip is responding a different router.

Anyone knows why this is happening?

Thanks in advance

I have absolutely no problems with VRRP - just tried it.

Paste your configuration from
1) /ip address
2) /interface vrrp

This is my actual conf:

ROUTER 1

[admin@ROUTER-01] /interface vrrp> print
Flags: X - disabled, I - invalid, R - running, M - master, B - backup
0 RM ;;; VRRP Eth ADMIN
name="vrrp1" mtu=1500 mac-address=00:00:5E:00:01:01 arp=enabled
interface=ADMIN vrid=1 priority=255 interval=1 preemption-mode=yes
authentication=none password="" on-backup="" on-master=""

1 X ;;; VRRP Eth ADSL
name="vrrp2" mtu=1500 mac-address=00:00:5E:00:01:02 arp=enabled
interface=ADSL vrid=2 priority=255 interval=1 preemption-mode=yes
authentication=none password="" on-backup="" on-master=""

2 X ;;; VRRP Eth SERVICIO
name="vrrp3" mtu=1500 mac-address=00:00:5E:00:01:03 arp=enabled
interface=SERVICIO vrid=3 priority=255 interval=1 preemption-mode=yes
authentication=none password="" on-backup="" on-master=""


[admin@ROUTER-01] /ip address> print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
192.168.24.237/24 192.168.24.0 192.168.24.255 vrrp1
10.60.0.1/24 10.60.0.0 10.60.0.255 vrrp2
10.70.0.1/24 10.70.0.0 10.70.0.255 vrrp3
192.168.24.238/24 192.168.24.0 192.168.24.255 ADMIN
10.70.0.2/24 10.70.0.0 10.70.0.255 SERVICIO
10.60.0.2/24 10.60.0.0 10.60.0.255 ADSL


ROUTER 2

[admin@ROUTER-02] /interface vrrp> print
Flags: X - disabled, I - invalid, R - running, M - master, B - backup
0 RM ;;; VRRP Eth ADMIN
name="vrrp1" mtu=1500 mac-address=00:00:5E:00:01:01 arp=enabled
interface=ADMIN vrid=1 priority=100 interval=1 preemption-mode=yes
authentication=none password="" on-backup="" on-master=""

1 X ;;; VRRP Eth ADSL
name="vrrp2" mtu=1500 mac-address=00:00:5E:00:01:02 arp=enabled
interface=ADSL vrid=2 priority=100 interval=1 preemption-mode=yes
authentication=none password="" on-backup="" on-master=""

2 X ;;; VRRP Eth SERVICIO
name="vrrp3" mtu=1500 mac-address=00:00:5E:00:01:03 arp=enabled
interface=SERVICIO vrid=3 priority=100 interval=1 preemption-mode=yes
authentication=none password="" on-backup="" on-master=""


[admin@ROUTER-02] /ip address> print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
192.168.24.237/24 192.168.24.0 192.168.24.255 vrrp1
10.60.0.1/24 10.60.0.0 10.60.0.255 vrrp2
10.70.0.1/24 10.70.0.0 10.70.0.255 vrrp3
192.168.24.239/24 192.168.24.0 192.168.24.255 ADMIN
10.70.0.3/24 10.70.0.0 10.70.0.255 SERVICIO
10.60.0.3/24 10.60.0.0 10.60.0.255 ADSL

I think this is the most common way to enable HA in MT with vrrp. If you found any error, please, let me know.

Thanks a lot

I'm seeing issues on ROS v3.11 similar to those reported by dohkoo. I've read every post I could find with vrrp as a topic but have not been able to find a solution where vrrp works, so I am hoping someone has this solved and will share their configuration or further troubleshooting suggestions.

My set up is:
-RB433 as "backup" and RB450 as "master" (both routers running v3.11)
-Each router connects to different ISP on the "outside" interface which is not configured for vrrp
-Each router has a private subnet "inside" that is not configured for vrrp
-Both Routers have a common subnet "etherHA" configured for vrrp. IP address 192.168.100.0/24 I'm only doing vrrp on this interface to develop a working configuration.
-The "etherHA" interface on each router connects to a switch where client PCs are also connected.

I've tried various configurations to get the desired behavior, but none of them has been productive.

Attempt 1 resulted in both routers claiming they are masters despite the priority setting of 255 on the RB450 master. Traffic from the etherHA network is attracted to the router that last has etherHA disabled/enabled, not the router with the highest priority. In this iteration I did not use scripting to toggle the interfaces.

Sniffs show that vrrp handshakes from both routers are seen by the backup's vrrp interface and the backup's etherHA interface, and the master's etherHA interface. But the master's vrrp interface only sees handshakes from the backup router's etherHA interface.

Config details:

"Backup" Router-vrrp configured with no scripts-------------------------

[admin@RB433-test-MT] > /interface ethernet print detail
Flags: X - disabled, R - running, S - slave
0 R name="inside" mtu=1500 mac-address=00:0C:42:28:8D:4A arp=enabled
auto-negotiation=yes full-duplex=yes speed=100Mbps
1 R name="outside" mtu=1500 mac-address=00:0C:42:28:8D:4B arp=enabled
auto-negotiation=yes full-duplex=yes speed=100Mbps master-port=none
bandwidth=unlimited/unlimited switch=0
2 R name="etherHA" mtu=1500 mac-address=00:0C:42:28:8D:4C arp=enabled
auto-negotiation=yes full-duplex=yes speed=100Mbps master-port=none
bandwidth=unlimited/unlimited switch=0

[admin@RB433-test-MT] > /interface vrrp print detail
Flags: X - disabled, I - invalid, R - running, M - master, B - backup
0 RM name="vrrp1" mtu=1500 mac-address=00:00:5E:00:01:01 arp=enabled
interface=etherHA vrid=1 priority=100 interval=1 preemption-mode=no
authentication=none password="" on-backup="" on-master=""

[admin@RB433-test-MT] > /ip address print detail
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; Inside Subnet
address=10.255.192.1/24 network=10.255.192.0 broadcast=10.255.192.255
interface=inside actual-interface=inside
1 D address=72.148.42.30/32 network=68.216.218.62 broadcast=0.0.0.0
interface=pppoe-OUT actual-interface=pppoe-OUT
2 address=192.168.100.3/24 network=192.168.100.0 broadcast=192.168.100.255
interface=etherHA actual-interface=etherHA
3 address=192.168.100.1/24 network=192.168.100.0 broadcast=192.168.100.255
interface=vrrp1 actual-interface=vrrp1

[admin@RB433-test-MT] > /ip route print detail
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
0 ADS dst-address=0.0.0.0/0 gateway=68.216.218.62 interface=pppoe-OUT
gateway-state=reachable distance=1 scope=30 target-scope=10
1 ADC dst-address=10.255.192.0/24 pref-src=10.255.192.1 interface=inside
distance=0 scope=10
2 ADC dst-address=68.216.218.16/32 pref-src=72.148.42.30
interface=pppoe-OUT distance=0 scope=10
3 ADC dst-address=192.168.100.0/24 pref-src=192.168.100.3 interface=etherHA
distance=0 scope=10
4 DC dst-address=192.168.100.0/24 pref-src=192.168.100.1 interface=vrrp1
distance=0 scope=10


"Master" Router - vrrp configured with no scripts---------------------------------

[admin@RB450-test-MT] > /interface ethernet print detail
Flags: X - disabled, R - running, S - slave
0 R name="outside" mtu=1500 mac-address=00:0C:42:2E:85:D2 arp=enabled auto-negotiation=yes full-duplex=yes speed=100Mbps
1 R name="inside" mtu=1500 mac-address=00:0C:42:2E:85:D3 arp=enabled auto-negotiation=yes full-duplex=yes speed=100Mbps master-port=none
bandwidth=unlimited/unlimited switch=0
2 R name="etherHA" mtu=1500 mac-address=00:0C:42:2E:85:D4 arp=enabled auto-negotiation=yes full-duplex=yes speed=100Mbps master-port=none
bandwidth=unlimited/unlimited switch=0
3 X name="ether4" mtu=1500 mac-address=00:0C:42:2E:85:D5 arp=enabled auto-negotiation=yes full-duplex=yes speed=100Mbps master-port=none
bandwidth=unlimited/unlimited switch=0
4 X name="ether5" mtu=1500 mac-address=00:0C:42:2E:85:D6 arp=enabled auto-negotiation=yes full-duplex=yes speed=100Mbps master-port=none
bandwidth=unlimited/unlimited switch=0

[admin@RB450-test-MT] > /interface vrrp print detail
Flags: X - disabled, I - invalid, R - running, M - master, B - backup
0 RM name="vrrp1" mtu=1500 mac-address=00:00:5E:00:01:01 arp=enabled interface=etherHA vrid=1 priority=255 interval=1 preemption-mode=no
authentication=none password="" on-backup="" on-master=""

[admin@RB450-test-MT] > /ip address print detail
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; Inside Subnet
address=10.1.1.1/24 network=10.1.1.0 broadcast=10.1.1.255 interface=inside actual-interface=inside
1 D address=24.88.250.82/23 network=24.88.250.0 broadcast=24.88.251.255 interface=outside actual-interface=outside
2 address=192.168.100.2/24 network=192.168.100.0 broadcast=192.168.100.255 interface=etherHA actual-interface=etherHA
3 address=192.168.100.1/24 network=192.168.100.0 broadcast=192.168.100.255 interface=vrrp1 actual-interface=vrrp1

[admin@RB450-test-MT] > /ip route print detail
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
0 ADS dst-address=0.0.0.0/0 gateway=24.88.250.1 interface=outside gateway-state=reachable distance=0 scope=30 target-scope=10
1 ADC dst-address=10.1.1.0/24 pref-src=10.1.1.1 interface=inside distance=0 scope=10
2 ADC dst-address=24.88.250.0/23 pref-src=24.88.250.82 interface=outside distance=0 scope=10
3 ADC dst-address=192.168.100.0/24 pref-src=192.168.100.1 interface=vrrp1 distance=0 scope=10
4 DC dst-address=192.168.100.0/24 pref-src=192.168.100.2 interface=etherHA distance=0 scope=10
-----------------------------------------


On Attempt 2, I added the interface down/up scripts suggested by several other posts on VRRP topics. The backup router changes to backup status, but traffic from the etherHA subnet fails because the ARP for 00:00:5E:00:01:01 is not advertised by either router until the master's etherHA interface is disabled/enabled. I have also observed that if the backup router's etherHA interface is bounced last, traffic is attracted to it. And, if the master is shut down, the backup never becomes master.

The scripts for on-backup and on-master cause the vrrp1 interface's ARP to bounce back and forth between routers (because the interface is flapping) and to also disappear so traffic flow is constantly interrupted and eventually fails altogether. This occurs with clients and MikroTik routers connected to a managed switch as well as a workgroup switch. I have also tried both scenarios with a vlan as the parent interface for the vrrp interface, but I get the same behavior.

Sniffs show that The backup's etherHA interface is receiving vrrp handshakes from the master's etherHA and the master's vrrp1 interface is receiving vrrp handshakes from the backup router's etherHA interface. But vrrp handshakes from both routers are seen by the the master's etherHA interface.


Config details:

"master" router-------------

[admin@RB450-test-MT] > /interface vrrp print detail
Flags: X - disabled, I - invalid, R - running, M - master, B - backup
0 RM name="vrrp1" mtu=1500 mac-address=00:00:5E:00:01:01 arp=enabled interface=etherHA vrid=1 priority=255 interval=1 preemption-mode=no
authentication=none password="" on-backup=/interface ethernet set etherHA disabled=yes\r\n/interface ethernet set etherHA disabled=no
on-master=/interface ethernet set etherHA disabled=yes\r\n/interface ethernet set etherHA disabled=no

"backup" router---------------

[admin@RB433-test-MT] /interface vrrp> print detail
Flags: X - disabled, I - invalid, R - running, M - master, B - backup
0 B name="vrrp1" mtu=1500 mac-address=00:00:5E:00:01:01 arp=enabled interface=etherHA vrid=1 priority=100 interval=1 preemption-mode=no
authentication=none password="" on-backup=/interface ethernet set etherHA disabled=yes\r\n/interface ethernet set etherHA disabled=no
on-master=/interface ethernet set etherHA disabled=yes\r\n/interface ethernet set etherHA disabled=no


Routes and IP addresses are identical to Attempt 1 except they toggle from up to down and back with the script on the backup router.

Any suggestions or ideas would be much appreciated. I don't want to use Cisco routers/HSRP to provide a Highly Available default gateway for the hosts on this subnet.

Regards,
lamorrell

Hi guys,

I see your issues being explained, but no real solutions published.
Do you guys have the vrrp working fine now? Please give me some details. I am struggling with sort a same vrrp setup and like said, info on both this forum or the manual is not explanatory enough for out of the ordinary situations.

See my new tread on my problem: http://forum.mikrotik.com/viewtopic.php?f=2&t=28752

rgds.

Rudy

Rudy,

I never got VRRP working. I experienced the same behavior you report in the thread you started. The only additional testing I've done since my post in this thread is an upgrade to 3.13, and the behavior I reported did not change. I'd love to see a config for a working VRRP setup. Let us know if you get it working.

Regards,
lamorrell

Hi Lamorell,

I am playing with it most part of the weekend now. I started to copy the example of the manual into two rb150 units.
With exactly the same settings as given in this example I am left with the master not performing the scripts and the "A" flag on the master stays on the 1.2 IP (=the ´real´ interface).

I can make the flag "A" appaer on the vrrp interface by giving its IP a /32, or by giving the IP of the ´real´ interface a /32 but the script issue persists.

I hope to get this problem sorted somewhere this week. So keep track on my new tread.

Rudy

Hi I have Configured VRRP...Its Working but OnLy one Issue..

When I shutdown the Master Router...the backup router will be in a Master mode..Only one PING break (RTO)
But When I switch on Master..It will become master with in a second..but i am NOT getting the PING reply for while..I mean i am getting around 20-50 Request Time Out..Then It starts

What is Wrong....

ashish,

Can you drop your setup here? So I or anybody else can see how you manage to get it work and maybe find an answer to your issue.

Rudy

Examples provided in wiki works without mentioned issues:
http://wiki.mikrotik.com/wiki/VRRP

mrz

The Wiki example you refer to contradicts with the MT-manual as far as the VRRP's and ´mother´ interface's IP settings concerns (/24 + /32 versus /24 + /24 setting) but I agree with you the Wiki works where the manual example doesn't.

But my problem now is more the failure of the master initiating the scripts to disable or enable some other interfaces not part of the VRRP. This is not covered in this Wiki so the problem is still there to be solved.
Also see my tread; http://forum.mikrotik.com/viewtopic.php ... 01#p139401

rgds.

Rudy