This example shows, how to configure devices ADSL router and 3G, LTE router to be either back-up or main uplink connection. This example applies to a scenarios, where there are two uplink options for the network and we want to have high availability of the specific network. I am interested in industrial networks, where this belongs into essential category. Providing back-up, redundant connection to the devices (PLC, sensors, meters, machinery, etc.) is essential for process network to operate as desired without unnecessary outages.
My example is for LAN with IP address scheme 192.168.2.0/24 (IP:192.168.2.1-254, Netmask: 255.255.255.0). Please see Sample Device IP setting in a drawing. One thing to notice is IP address of the Default Gateway, which is in an effect Virtual Router Redundancy Protocol (VRRP) IP address.
VRRP help us to create one IP address, which I can use as a Default Gateway IP address for all my LAN devices. What this means is, when my main connection, in this case ADSL is down (service is unavailable, device failure, power failure, etc.) my back-up path in this case 3G/LTE router will be used as the Default Gateway. Effect on LAN devices, could be slower speed and if any connection sessions been established, they will break and will need to re-establish again (VPN, serial/ETH, etc.). This is not usually a problem as we are expecting change over time in seconds.
Note: this can be applied to any two routers, which support VRRP. My example uses ADSL and cellular, but two LAN routers or LAN and Cellular/SHDSL (twisted pair) router would be configured very similarly.
I use Westermo Falcon ADSL router as a one router on one side and cellular router. I have two on hand (Conel, Cybertec), so will show sample configuration for both.
Let's start with ADSL router. I do have Westermo FDV-206-1D-1S with FW: 4.15.0
VRRP configuration in Westermo Falcon
vrrp 0
iface vlan1
vrid 1
address 192.168.2.254
priority 110
end
As you can see, configuration is pretty easy. We created VRRP instance 0, which has VRRP ID of 1, VRRP IP address of 192.168.2.254 and priority 110 (higher priority router becomes Master = active path). You can copy/paste into CLI or use web interface
Time for our back-up router
Conel
I start with Conel UR5i v2F ETH (unit with two routable interfaces = each ETH port can have different IP address and you can route between them or have it as a switch)
Conel VRRP configuration
VRRP_ENABLED=1
VRRP_SERVER_IPADDR=192.168.2.254
VRRP_SERVER_ID=1
VRRP_HOST_PRIO=100
Very simple again. You can upload this configuration snippet to the router as a text file or use web interface. I enabled VRRP, set VRRP IP address to 192.168.2.254 - this is same as in Westermo Falcon unit, because this is our virtual IP address, which serves as a Default Gateway for LAN devices (yes, I said that before :) ). VRRP ID of 1, this ID serves for a protocol to identify same configurations, as you can have several VRRP instances running for different IP subnets. Priority is 100, which is lower than the ADSL part = router becomes a Back-up path.
Cybertec
I have Cybertec 2150 as well and here is the configuration:
Again, very simple :). You guessed now, that VRRP configuration can be very simple. Yes it can be, but there is much more to the VRRP (load balancing, grouping, etc.) I am lucky. For application, I do not need those features. Setting up VRRP ID of 1 same as Westermo Falcon, VRRP IP address of 192.168.2.254 and priority of 100 = back-up router, I configured Falcon with priority of 110.
Note: Routers with same priority -> protocol selects master router based on value of primary MAC address (higher == Master)
And we are done, almost :)
At this moment, we should have working VRRP (check the status pages). This configuration is great in super ideal scenario. The issue with this configuration is, that it only monitors status of the interface. What that means, it does not know, if actually we are able to pass the data through that interface (something like, is the cable plugged in or unplugged). That is not ideal situation for our application, what if, for example the router is still connected to the 3G network, but cannot send any data?
Each unit solves this problem in very similar fashion. You can configure watchdog (pinging remote server), which monitors connectivity to on the interface and if it fails VRRP would advertise failure and switch to back-up path. This is same for announcing that interface, connectivity is available again.
I will continue in part 2, where I will show some configuration examples as well.
