VRRP router on ubuntu 14.04 for redundancy with wan interface tracking

Enable packet forwarding on both device

sudo echo 1 > /proc/sys/net/ipv4/ip_forward
sudo nano /etc/sysctl.conf

Uncomment net.ipv4.ip_forward

net.ipv4.ip_forward=1
sudo sysctl -p

Masquerade traffic

sudo iptables -t nat -I POSTROUTING -o wan -j MASQUERADE

More secure way to Masquerade traffic

sudo iptables -t nat -I POSTROUTING -o wan -s 192.168.1.0/24 -j MASQUERADE

 

VRRP 2 ISP
Install keepalived

sudo apt-get install keepalived

Make conf as follows

sudo nano /etc/keepalived/keepalived.conf

On MASTER router

vrrp_script chk_Kim_script {
script "/etc/keepalived/testping.sh"
# return 0 = OK
# return 1 = fail
interval 4 # check every 5 seconds
fall 2 # require 2 failures for KO
rise 10 # require 10 success for OK
}
vrrp_instance Router245 {
interface eth0
state MASTER # Put both BACKUP to prevent kicking, flapping
virtual_router_id 245
priority 100

authentication {
auth_type PASS
auth_pass monkey
}

virtual_ipaddress {
192.168.1.251
}

track_script {
chk_Kim_script
}
}

On BACKUP router

vrrp_script chk_Kim_script {
script "/etc/keepalived/testping.sh"
# return 0 = OK
# return 1 = fail
interval 4 # check every 5 seconds
fall 2 # require 2 failures for KO
rise 10 # require 10 success for OK
}
vrrp_instance Router245 {
interface eth0
state BACKUP
virtual_router_id 245
priority 100

authentication {
auth_type PASS
auth_pass monkey
}

virtual_ipaddress {
192.168.1.251
}

track_script {
chk_Kim_script
}
}

VRRP_script for ping test 8.8.8.8 on both routers

sudo nano /etc/keepalived/testping.sh
#!/bin/sh
testping() {
ping -c2 8.8.8.8 > /dev/null
if [ $? -eq 0 ]
then
return 0
else
return 1
fi
}
testping

Finally make it executable

sudo chmod 777 /etc/keepalived/testping.sh

Start keepalived service

sudo service keepalived start

Test your MASTER & BACKUP router

tail -f /var/log/syslog

Leave a Comment

Your email address will not be published. Required fields are marked *