MikroTik

Hello,

I'm trying to understand how OSPF and VRRP can work together to build a redundant gateway network as shown:
I understand that both routers can advertise the network through OSPF and I also understand that you can use VRRP to share the gateway address, but I don't understand how to make sure that the router that has the gateway is always the lowest cost for OSPF to prevent traffic showing up on the router that isn't the gateway.

Perhaps I'm overthinking it and you simply set one router 1 to have the lowest cost OSPF, and router 2 much higher cost OSPF, then set router 1 to be the VRRP master and just know that everything will flow through router 1 until the day it fails, then both sides swing to router 2. Is that how this works?

Thanks,
Matt

It might feel a little unintuitive but in the typical case it doesn't matter. From an ethernet perspective, hosts on the LAN don't much care that they're receiving their traffic from one MAC and sending their traffic to another.

If you really want to influence it, though, there are two cases to handle: 1) VRRP changed so links should change and 2) links changed so VRRP should change.

For case #1, Mikrotik's VRRP does helpfully provide the scripts /interface vrrp set on-master= and /interface vrrp set on-backup= to be run when VRRP transitions into that state. This can be used to set a link cost higher for the backup router.

For case #2, Mikrotik's VRRP doesn't support any form of interface tracking, but you either use /tool netwatch to ping the router on the other side of the uplink or a periodic script that tries to watch the interface state.

As an aside, are Mikrotik1 and Mikrotik2 OSPF neighbors on the 172.16.0.0/24 LAN? If they are then consider that the failure of Mikrotik1's uplink while it is still VRRP master will cause a traffic trombone for outbound traffic from the LAN. Worse yet, if they aren't neighbors (passive interface) then that scenario causes a traffic blackhole. Depending on how long your chosen method takes to make the adjustments, this may or may not be acceptable. You can always sidestep these issues by having a routed link between Mikrotik1 and Mikrotik2.

This helps a lot, thanks. Yes, I added an OSPF link between the two mikrotiks so that they can get routes from each other if their uplink dies and they end up with the VRRP interface. I'll implement the idea of swapping the OSPF costs around based on VRRP, that would be pretty simple to do.