9.4. VRRP Shared Virtual IP Address¶
VRRP Shared Virtual IP Address are configured on the General → Virtual IPs page.
On the master node, add a virtual IP address on each interface you want the failover to be active.
The virtual IP addresses must fall within the same subnet of an IP address defined on a real interface (WAN, LAN, INT1, etc.). A unique router ID must be used for each shared virtual IP address on a given interface. The highest priority will be master on each VRRP.
The configuration sync will automatically add -10 to each priority when synchronizing the VIPs to the next VT AIR. The default priority value is 100 and you can keep it.
9.4.1. HA Outbound NAT¶
In order for the failover to work properly the Outbound NAT has to be changed to the VRRP Shared Virtual IP Address. On each WAN Interface that has a VRRP Shared Virtual IP Address defined, please create a SNAT rule at SNAT (Postrouting).
Configure the rule on the Interface where the VRRP Shared Virtual IP Address is defined, set the appropiate Source IPs, if any, and select the VRRP Shared Virtual IP Address as the translation IP address.
This way, all traffic leaving the interface will be changed to come from the VRRP Shared Virtual IP Address. In case of a failover the next VT AIR can continue to send from this address and there will be no lost of traffic.
9.4.2. Gateway IP Address¶
A VRRP Shared Virtual IP Address also needs to be the gateway address for the clients on the internal subnets/interfaces. Either set the gateway VRRP Shared Virtual IP Address manually or use the DHCP Server.
For the DHCP Server look at DHCP & RA
Set the default gateway to a VRRP Shared Virtual IP Address on each internal network (LAN, e.g. 192.168.1.3). Set the DNS server to the VRRP Shared Virtual IP Address on internal network (LAN, e.g. 192.168.1.3).