Reply
New Member
davepage
Posts: 8
Registered: ‎03-04-2016
Kudos: 2
Solutions: 1

EdgeRouter VRRP Failover and NAT Tables

‎04-17-2018 04:11 AM

Hi there,

 

I'm looking at putting a pair of EdgeRouter 8s in my office as Internet-facing firewalls, and using VRRP for failover / redundancy. I have a couple of questions:

 

  • How quickly can I expect failover to occur if one device unexpectedly dies?
  • These routers will also be doing IPv4 NAT for the local network to the Internet; do they share NAT tables or will TCP connections fail when the routers fail over?

My other option is to go for a full pacemaker / conntrackd stack on Linux boxes, but if I can save myself the hassle I will!

 

Cheers,

Dave

1 of 3
Reply
0 Kudos
Veteran Member
smyers119
Posts: 5,718
Registered: ‎01-04-2017
Kudos: 810
Solutions: 290

Re: EdgeRouter VRRP Failover and NAT Tables

‎04-17-2018 04:42 AM

1. Depends how fat a part the hello timer is set.
2. TCP connections will fail, conntrack is not sync'd.
"What we've got here is failure to communicate"
Feature Request: RFC 6296 (IPv6 to IPv6 Npt)
Unbound for DNS
DUID-EN Support
2 of 3
Reply
0 Kudos
Veteran Member
smyers119
Posts: 5,718
Registered: ‎01-04-2017
Kudos: 810
Solutions: 290

Re: EdgeRouter VRRP Failover and NAT Tables

[ Edited ]

‎04-17-2018 04:43 AM - edited ‎04-17-2018 04:44 AM

If you search the forums you may find a third party package to sync conntrack.

 

https://community.ubnt.com/t5/EdgeRouter/VRRP-statefull-failover/m-p/485849#M9948

"What we've got here is failure to communicate"
Feature Request: RFC 6296 (IPv6 to IPv6 Npt)
Unbound for DNS
DUID-EN Support
3 of 3
Reply
0 Kudos
Reply

Company

In the News

Training

Buy Now

Social

© 2018 Ubiquiti Networks, Inc. All rights reserved