Alta Disponibilidade Utilizando VRRP no Mikrotik

Prática de configuração de Alta Disponibilidade (HA) com Mikrotik utilizando VRRP.

R1-MASTER

/interface ethernet
set [ find default-name=ether4 ] name=ether1-oper-1
set [ find default-name=ether1 ] name=ether2-oper-2
set [ find default-name=ether2 ] name=ether3-lan
set [ find default-name=ether3 ] name=ether4-ger

/interface vrrp
add interface=ether3-lan name=vrrp1 on-backup=\
    "/ip address set [find comment=\"IP-OPERADORA\"] disable=yes" on-master=\
    "/ip address set [find comment=\"IP-OPERADORA\"] disable=no" priority=254 \
    vrid=10

/interface list
add name=WAN

/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik

/interface list member
add interface=ether1-oper-1 list=WAN
add interface=ether2-oper-2 list=WAN

/ip address
add address=191.189.1.2/30 comment=IP-OPERADORA interface=ether1-oper-1 \
    network=191.189.1.0
add address=186.151.10.2/30 comment=IP-OPERADORA interface=ether2-oper-2 \
    network=186.151.10.0
add address=192.168.100.2/24 interface=ether3-lan network=192.168.100.0
add address=192.168.100.1 interface=vrrp1 network=192.168.100.1

/ip dhcp-client
add add-default-route=no dhcp-options=hostname,clientid disabled=no \
    interface=ether4-ger use-peer-dns=no use-peer-ntp=no

/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN

/ip route
add check-gateway=ping comment=ROTA-DEFAULT-OPERADORA-1 distance=1 gateway=\
    191.189.1.1
add check-gateway=ping comment=ROTA-DEFAULT-OPERADORA-2 distance=2 gateway=\
    186.151.10.1
add distance=1 dst-address=192.168.2.0/24 gateway=192.168.1.1
add comment=HOST-MONITORADO-OPERADORA-2 distance=1 dst-address=\
    208.67.220.220/32 gateway=186.151.10.1
add comment=HOST-MONITORADO-OPERADORA-1 distance=1 dst-address=\
    208.67.222.222/32 gateway=191.189.1.1

/system identity
set name=R1-MASTER

/tool netwatch
add down-script=\
    "/ip route set [find comment=\"ROTA-DEFAULT-OPERADORA-1\"] disable=yes" \
    host=208.67.222.222 interval=15s up-script=\
    "/ip route set [find comment=\"ROTA-DEFAULT-OPERADORA-1\"] disable=no"
add down-script=\
    "/ip route set [find comment=\"ROTA-DEFAULT-OPERADORA-2\"] disable=yes" \
    host=208.67.220.220 interval=15s up-script=\
    "/ip route set [find comment=\"ROTA-DEFAULT-OPERADORA-2\"] disable=no"
R2-BACKUP

/interface ethernet
set [ find default-name=ether4 ] name=ether1-oper-2
set [ find default-name=ether1 ] name=ether2-oper-1
set [ find default-name=ether2 ] name=ether3-lan
set [ find default-name=ether3 ] name=ether4-ger

/interface vrrp
add interface=ether3-lan name=vrrp1 on-backup="/ip address set [find comment=\"IP-OPERADORA\"] disable=yes" on-master="/ip address set [find comment=\"IP-OPERADORA\"] disable=no" vrid=10

/interface list
add name=WAN

/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik

/interface list member
add interface=ether1-oper-2 list=WAN
add interface=ether2-oper-1 list=WAN

/ip address
add address=186.151.10.2/30 comment=IP-OPERADORA interface=ether1-oper-2 network=186.151.10.0
add address=191.189.1.2/30 comment=IP-OPERADORA interface=ether2-oper-1 network=191.189.1.0
add address=192.168.100.3/24 interface=ether3-lan network=192.168.100.0
add address=192.168.100.1 interface=vrrp1 network=192.168.100.1

/ip dhcp-client
add add-default-route=no dhcp-options=hostname,clientid disabled=no interface=ether4-ger use-peer-dns=no use-peer-ntp=no

/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN

/ip route
add check-gateway=ping comment=ROTA-DEFAULT-OPERADORA-1 disabled=yes distance=1 gateway=191.189.1.1
add check-gateway=ping comment=ROTA-DEFAULT-OPERADORA-2 disabled=yes distance=2 gateway=186.151.10.1
add distance=1 dst-address=192.168.2.0/24 gateway=192.168.1.1
add comment=HOST-MONITORADO-OPERADORA-2 distance=1 dst-address=208.67.220.220/32 gateway=186.151.10.1
add comment=HOST-MONITORADO-OPERADORA-1 distance=1 dst-address=208.67.222.222/32 gateway=191.189.1.1

/system identity
set name=R2-BACKUP

/tool netwatch
add down-script="/ip route set [find comment=\"ROTA-DEFAULT-OPERADORA-1\"] disable=yes" host=208.67.222.222 interval=15s up-script="/ip route set [find comment=\"ROTA-DEFAULT-OPERADORA-1\"] disable=no"
add down-script="/ip route set [find comment=\"ROTA-DEFAULT-OPERADORA-2\"] disable=yes" host=208.67.220.220 interval=15s up-script="/ip route set [find comment=\"ROTA-DEFAULT-OPERADORA-2\"] disable=no"
twitterlinkedin

Deixe um comentário