MikroTik VRRP (Virtual Router Redundancy Protocol) ensures high availability internet network. If any organization requires uninterrupted internet connection, MikroTik VRRP implementation will be a vital solution for them. MikroTik VRRP creates a virtual router accumulating two or more physical routers and ensures uninterrupted internet connection keeping activate one physical router always. That means, if any physical router fails to operate due to any hardware failure, MikroTik VRRP uses another backup router for internet gateway until the running router comes back again. In the previous article, I discussed the basic MikroTik VRRP configuration to establish a high available internet network. But in basic configuration, the backup router keeps completely idle during Backup state and this behavior may be considered as waste of valuable resources. In MikroTik VRRP, it is possible to set backup router as a gateway for some clients and this method is known as load-sharing scheme. In this article, I will discuss how to configure MikroTik VRRP with Load Sharing scheme.
Network Diagram
To configure MikroTik VRRP with Load Sharing scheme, I am following a network diagram like the below image.
In this network, two MikroTik RouterOS (R1_RouterOS and R2_RouterOS) are member of a MikroTik VRRP with load sharing scheme. So, when both routers are up and running, network traffic will pass through both RouterOS according to the client’s gateway configuration. If R1_RouterOS fails to operate due to hardware failure or any cause, R2_RouterOS will pass all the network traffics until the R1_RouterOS comes back again. When R2_RouterOS recovers, network traffics pass maintaining load sharing scheme. So, a hardware redundancy network with load sharing is ensured using MikroTik VRRP.
In the network diagram, R1_RouterOS is connected to ISP1 through ether1 interface having IP address 192.168.40.2/25 and ether2 port is connected to LAN network having IP address 10.10.200.1/24. VRRP will be configured on ether2 interface and two virtual interfaces will be created whose IP address will be 10.10.200.253 and 10.10.200.254. Similarly, R2_RouterOS is connected to ISP2 through ether1 interface having IP address 172.30.30.2/25 and ether2 port is connected to LAN network having IP address 10.10.200.2/24. MikroTik VRRP will also be configured on ether2 interface and two virtual interfaces will be created whose IP address will be 10.10.200.253 and 10.10.200.254. Note that, both routers should have the same type configuration always.
We have also two workstations (PC-1 and PC-2) that are connected to our virtual routers (that will be created by MikroTik VRRP) through LAN_Switch.
VRRP Configuration in MikroTik Router with Load Sharing
MikroTik VRRP creates virtual routers accumulating two or more physical routers where one physical router works as a Master Router and others are Backup Router. If Master Router fails to operate due to hardware failure, one of the Backup Routers becomes Master Router based on priority setting. So, we have to configure both Master Router and Backup Routers and all routers should have the same type of configuration. For load sharing VRRP configuration between two RouterOS, two virtual routers are required and both router works as Master Router and Backup Router. Complete MikroTik VRRP configuration with load sharing scheme can be divided into two parts according to the above network diagram.
- MikroTik VRRP configuration in R1_RouterOS and
- MikroTik VRRP configuration in R2_RouterOS.
MikroTik VRRP Configuration in R1_RouterOS
We will now configure MikroTik VRRP in R1_RouterOS. In MikroTik VRRP, Master Router is identified by priority setting. The router whose priority is higher is identified as Master Router. For load sharing scheme, we will create two VRRP interfaces in R1_ RouterOS where one will be used for Master router and another will be used for Backup router. The following steps will show how to configure R1_RouterOS so that it will act as a network gateway for VRRP Master and Backup Router.
- Login to Master_RouterOS using Winbox with full permission user credential.
- Click on Interfaces menu item. Interface List window will appear.
- Click on VRRP tab and then click on PLUS SIGN (+). New Interface window will appear.
- Put VRRP interface name in Name input field or you can keep as default name (vrrp1).
- Now click on VRRP tab and choose physical interface (ether2 for this article) on which you want to create VRRP.
- Put Virtual Router ID (10 for this article) in VRID input filed. This VRID must be same in Master Router as well as all Backup Routers.
- Put Master Router priority (100 for this article) in Priority input field. As this is a Master Router, its priority will be higher than any other Backup Router.
- Make sure that Preemption Mode is enabled otherwise Master Router cannot be selected as master automatically if Master Router recovers due to any technical failure.
- Click on Apply and OK button. You will find a new VRRP interface has been created in VRRP interface list.
- Similarly, create another VRRP interface (vrrp2) on ether2 interface where put different Virtual Router ID (20 for this article) and different priority (140 for this article). This will be used as backup virtual router.
- Go to IP > Addresses menu item. Address List window will appear. Click on PLUS SIGN (+). New Address window will appear.
- Put Master_RouterOS WAN IP (192.168.40.2/25) in Address input field and choose WAN interface (ether1) from Interface dropdown menu and then click on Apply and OK button. Click on PLUS SIGN (+) again and Put a LAN IP (10.10.200.1/24) in Address input field and choose LAN interface (ether2) from Interface dropdown menu and then click on Apply and OK button. Click on PLUS SIGN (+) again and put VRRP gateway IP (10.10.200.253/24) in Address input field and choose first VRRP interface (vrrp1 for this article) from Interface dropdown menu and then click on Apply and OK button. Click on PLUS SIGN (+) again and put VRRP gateway IP (10.10.200.254/24) in Address input field and choose second VRRP interface (vrrp2 for this article) from Interface dropdown menu and then click on Apply and OK button.
- Now go to IP > DNS. DNS Settings window will appear. Put your DNS server IP (Public DNS IP: 8.8.8.8 or 8.8.4.4) in Servers input field and then click on Apply and OK button.
- Go to IP > Routes. Route List window will appear. Click on PLUS SIGN (+). New Route window will appear. Click on Gateway input box and put your internet gateway IP (192.168.40.1) in this Gateway input field and then click on Apply and OK button.
- Go to IP > Firewall menu and click on NAT tab. Now click on PLUS SIGN (+). New NAT Rule window will appear. Choose srcnat from Chain dropdown menu. Click on Action tab and choose masquerade from Action dropdown menu and then click on Apply and OK button.
R1_RouterOS configuration with load sharing VRRP has been completed. We will now perform similar configuration in R2_RouterOS so that it can handle network traffic if R1 Router goes down due to any unwanted cause.
MikroTik VRRP Configuration in R2_RouterOS
For load sharing VRRP, R2_RouterOS must have both master and backup virtual router like R1_RouterOS. If R1_RouterOS goes down, R2_RouterOS will pass all network traffics. So, R2_RouterOS will have similar configuration like R1_RouterOS but only priority will be different in master and backup virtual router configuration. The following steps will show how to configure master and backup virtual router in R2_RouterOS so that it can handle its own traffics as well as R1_RouterOS traffics if R1_RouterOS fails to operate due to any unwanted cause.
- Login to R2_RouterOS using Winbox with full permission user credential.
- Click on Interfaces menu item. Interface List window will appear.
- Click on VRRP tab and then click on PLUS SIGN (+). New Interface window will appear.
- Put VRRP interface name in Name input field or you can keep as default name (vrrp1).
- Now click on VRRP tab and choose physical interface (ether2 for this article) on which you want to create VRRP.
- Put first Virtual Router ID (10 for this article) in VRID input filed. This VRID must be same in R1_RouterOS master virtual router.
- Put Backup Virtual Router priority (90 for this article) in Priority input field.
- Make sure that Preemption Mode is enabled otherwise Master Router cannot be selected as master automatically if Master Router recovers due to any technical failure.
- Click on Apply and OK button. You will find a new VRRP interface has been created in VRRP interface list.
- Similarly, create another VRRP interface (vrrp2) on ether2 interface where put different Virtual Router ID (20 for this article) and different priority (150 for this article). This will be used as master virtual router in R2_RouterOS.
- Go to IP > Addresses menu item. Address List window will appear. Click on PLUS SIGN (+). New Address window will appear.
- Put Backup_RouterOS WAN IP (172.30.30.2/25) in Address input field and choose WAN interface (ether1) from Interface dropdown menu and then click Apply and OK button. Click on PLUS SIGN (+) again and Put a LAN IP (10.10.200.2/24) in Address input field and choose LAN interface (ether2) from Interface dropdown menu and then click on Apply and OK button. Click on PLUS SIGN (+) again and put VRRP gateway IP (10.10.200.253/24) in Address input field and choose first VRRP interface (default interface name is vrrp1) from Interface dropdown menu and then click on Apply and OK button. Click on PLUS SIGN (+) again and put VRRP gateway IP (10.10.200.254/24) in Address input field and choose second VRRP interface (vrrp2 for this article) from Interface dropdown menu and then click on Apply and OK button.
- Now go to IP > DNS. DNS Settings window will appear. Put your DNS server IP (Public DNS IP: 8.8.8.8 or 8.8.4.4) in Servers input field and then click Apply and OK button.
- Go to IP > Routes. Route List window will appear. Click on PLUS SIGN (+). New Route window will appear. Click on Gateway input box and put your internet gateway IP (172.30.30.1) in this Gateway input field and then click on Apply and OK button.
- Go to IP > Firewall menu and click on NAT tab. Now click on PLUS SIGN (+). New NAT Rule window will appear. Choose srcnat from Chain dropdown menu. Click on Action tab and choose masquerade from Action dropdown menu and then click Apply and OK button.
R2_RouterOS configuration with VRRP has been completed. As a VRRP network administrator, it is your responsibility to update R1_RouterOS configuration whenever R1_RouterOS changes.
Now you can test your VRRP configuration assigning your LAN IP in any Desktop or Laptop. Remember that your LAN gateway address will be the VRRP interface IP (10.10.200.253 or 10.10.200.254). If everything is OK, your LAN PC will be able to get uninterrupted internet although any RouterOS goes down.
If you face any confusion to follow above steps properly, watch the below video about MikroTik VRRP Configuration with Load Sharing scheme. I hope, it will reduce your any confusion.
MikroTik VRRP configuration with load sharing has been discussed in this article. I hope, you will able to configure a load sharing VRRP network in MikroTik following the above steps. However, if you face any confusion to configure MikroTik VRRP network, feel free to discuss in comment or contact with me from Contact page. I will try my best to stay with you.