Network redundancy for small and medium businesses

Availability of internet nowadays dictates every enterprises capability to provide their products and services without an interruption. Sudden lack of internet may paralyse company’s ability to operate properly. Let’s discuss how to increase network durability, ensuring high availability for core level routers as well as functionality which therefore will ensure ISP reserve connection which will be activated in a case if main connection is not capable of granting internet for end user anymore. For test purposes we shall use two Mikrotik routers, two independent provider connections as well as VRRP (Virtual Router Redundancy Protocol) and Netwatch tool. End solution can be used not only with Mikrotik hardware but with routers of other manufacturer’s as well, of course, instead of Netwatch and VRRP other tools should be used respectively.

High Availability – its main purpose is to combine multiple physical devices into one virtual device. This device’s goal is to ensure non-interrupted network even if one of the physical devices or connections becomes unavailable.

VRRP is necessary for ensuring high availability on a physical device level to a router which, by default, is executing the role of gateway granting access to internet to other equipment connected to network. To create a cluster, we require several devices, each of them will have their own physical LAN IP address which shall be bound to certain network interface. When creating a cluster, we need to indicate virtual IP address, exactly this address will be bound to an active device and all traffic will be routed through it. In cases when the main device stops functioning, virtual IP address is transferred to the second device, every other function of traffic routing is transferred as well. For the equipment in the subnet, virtual gateway will be default but all traffic will pass through physical gateway.

Every VRRP device has to be in the same local network, also they have to be located in one VRID, which indicates that all devices are located in one group.

Only one device at a time is executing routing of the traffic, this device is considered to be Master, all other devices are assigned a Backup status, if VRRP Master suddenly becomes unavailable then all its functions are overtaken by VRRP Backup device, which is indicated as highest priority device.

All VRRP backup devices are constantly checking availability of Master device, as soon as the Master device isn’t responding, Backup makes a decision to take over the Master role. Although there appears to be a problem in this kind of scenario, if internet connection which is connected to a Master device suddenly becomes unavailable then VRRP is unable to understand it as it is only capable to check if Master device is answering to Backup devices. Master keeps sending a response, which proves that it is “alive” meanwhile Backup accepts that everything is alright and there is no need to switch routing of the traffic to itself.

In these cases, (if there is no connection to the internet) we can use a simple IF function, which under certain circumstances switches on or off VRRP on the Master router, this way all traffic routing is executed using Backup router. To describe how it works, in a test environment we used Netwatch tool which fulfils certain internet resource pinging (for example, almost always available Google DNS server 8.8.8.8) which therefore executes certain action in case of loss of internet or its interrupted functionality, if those circumstances are met.

Netwatch can automatically shut down VRRP network interface on Master router if, for example, 8.8.8.8 is not available anymore and, therefore, all the traffic is automatically transferred through Backup router. In this scenario Netwatch configuration is only necessary on the Master router.

Netwatch Up

Netwatch Down

VRRP is a virtual router, or a main gateway, through which the traffic is routed, which then is passed to Master router (physical device). Netwatch is a tool, which executes certain internet resource check and with the aid of IF function shuts down VRRP on Master devices, if resource is no more available. This way we can secure ourselves from the failure of the Master router, cable failure or ISP inability to provide the internet.

This solution can be carried out on devices of other manufacturer’s as well, they don’t have to necessarily be Mikrotik, as Cisco provides VRRP functions as well. There are also protocols of other manufacturers such as: HSRP, GLBP, CARP, which execute the same function, scripts are available on devices of other manufacturers as well, which allow to carry out the same scenario for wide range of network devices. Although Mikrotik, in comparison, to Cisco or other manufacturer routers in terms of price are one of the most available business class routers, which can be configured and used in small and medium company environment.