Prática de configuração de Alta Disponibilidade (HA) com Mikrotik utilizando VRRP.
R1-MASTER
/interface ethernet
set [ find default-name=ether4 ] name=ether1-oper-1
set [ find default-name=ether1 ] name=ether2-oper-2
set [ find default-name=ether2 ] name=ether3-lan
set [ find default-name=ether3 ] name=ether4-ger
/interface vrrp
add interface=ether3-lan name=vrrp1 on-backup=\
"/ip address set [find comment=\"IP-OPERADORA\"] disable=yes" on-master=\
"/ip address set [find comment=\"IP-OPERADORA\"] disable=no" priority=254 \
vrid=10
/interface list
add name=WAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface list member
add interface=ether1-oper-1 list=WAN
add interface=ether2-oper-2 list=WAN
/ip address
add address=191.189.1.2/30 comment=IP-OPERADORA interface=ether1-oper-1 \
network=191.189.1.0
add address=186.151.10.2/30 comment=IP-OPERADORA interface=ether2-oper-2 \
network=186.151.10.0
add address=192.168.100.2/24 interface=ether3-lan network=192.168.100.0
add address=192.168.100.1 interface=vrrp1 network=192.168.100.1
/ip dhcp-client
add add-default-route=no dhcp-options=hostname,clientid disabled=no \
interface=ether4-ger use-peer-dns=no use-peer-ntp=no
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
/ip route
add check-gateway=ping comment=ROTA-DEFAULT-OPERADORA-1 distance=1 gateway=\
191.189.1.1
add check-gateway=ping comment=ROTA-DEFAULT-OPERADORA-2 distance=2 gateway=\
186.151.10.1
add distance=1 dst-address=192.168.2.0/24 gateway=192.168.1.1
add comment=HOST-MONITORADO-OPERADORA-2 distance=1 dst-address=\
208.67.220.220/32 gateway=186.151.10.1
add comment=HOST-MONITORADO-OPERADORA-1 distance=1 dst-address=\
208.67.222.222/32 gateway=191.189.1.1
/system identity
set name=R1-MASTER
/tool netwatch
add down-script=\
"/ip route set [find comment=\"ROTA-DEFAULT-OPERADORA-1\"] disable=yes" \
host=208.67.222.222 interval=15s up-script=\
"/ip route set [find comment=\"ROTA-DEFAULT-OPERADORA-1\"] disable=no"
add down-script=\
"/ip route set [find comment=\"ROTA-DEFAULT-OPERADORA-2\"] disable=yes" \
host=208.67.220.220 interval=15s up-script=\
"/ip route set [find comment=\"ROTA-DEFAULT-OPERADORA-2\"] disable=no"
R2-BACKUP
/interface ethernet
set [ find default-name=ether4 ] name=ether1-oper-2
set [ find default-name=ether1 ] name=ether2-oper-1
set [ find default-name=ether2 ] name=ether3-lan
set [ find default-name=ether3 ] name=ether4-ger
/interface vrrp
add interface=ether3-lan name=vrrp1 on-backup="/ip address set [find comment=\"IP-OPERADORA\"] disable=yes" on-master="/ip address set [find comment=\"IP-OPERADORA\"] disable=no" vrid=10
/interface list
add name=WAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface list member
add interface=ether1-oper-2 list=WAN
add interface=ether2-oper-1 list=WAN
/ip address
add address=186.151.10.2/30 comment=IP-OPERADORA interface=ether1-oper-2 network=186.151.10.0
add address=191.189.1.2/30 comment=IP-OPERADORA interface=ether2-oper-1 network=191.189.1.0
add address=192.168.100.3/24 interface=ether3-lan network=192.168.100.0
add address=192.168.100.1 interface=vrrp1 network=192.168.100.1
/ip dhcp-client
add add-default-route=no dhcp-options=hostname,clientid disabled=no interface=ether4-ger use-peer-dns=no use-peer-ntp=no
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
/ip route
add check-gateway=ping comment=ROTA-DEFAULT-OPERADORA-1 disabled=yes distance=1 gateway=191.189.1.1
add check-gateway=ping comment=ROTA-DEFAULT-OPERADORA-2 disabled=yes distance=2 gateway=186.151.10.1
add distance=1 dst-address=192.168.2.0/24 gateway=192.168.1.1
add comment=HOST-MONITORADO-OPERADORA-2 distance=1 dst-address=208.67.220.220/32 gateway=186.151.10.1
add comment=HOST-MONITORADO-OPERADORA-1 distance=1 dst-address=208.67.222.222/32 gateway=191.189.1.1
/system identity
set name=R2-BACKUP
/tool netwatch
add down-script="/ip route set [find comment=\"ROTA-DEFAULT-OPERADORA-1\"] disable=yes" host=208.67.222.222 interval=15s up-script="/ip route set [find comment=\"ROTA-DEFAULT-OPERADORA-1\"] disable=no"
add down-script="/ip route set [find comment=\"ROTA-DEFAULT-OPERADORA-2\"] disable=yes" host=208.67.220.220 interval=15s up-script="/ip route set [find comment=\"ROTA-DEFAULT-OPERADORA-2\"] disable=no"

