Friday, January 2, 2015

NTP solution with vrrp to secure time sync for 800 vm

How to get 800 vm and infrastructure to sync the time in a safe manner. When you see the customer only has one poor NTP server that can not meet all of the time sync requests. And for sure if this one fails every thing will fails. No problem you thingking we just get one more NTP server,
then you begin to realize what a job this would be to config 800 vm and infrastructure to sync on
secondary NTP server. No problem you solve this with two routers, two NTP servers and a vrrp.



Now you have a failover and don't need to reconfigure 800 vm and infrastructure for NTP sync.
You need to use routers that can be NTP servers. Now you sync your servers and infrastructure against one of the active Routers in the VRRP.

Thursday, January 1, 2015

EoIP or Ether over IP

EoIP or Ether over IP tunnel is a tunnel protocol designed by Mikrotik which allows network administrators to easily connect private LANs located in different geographic location. As long as the Mikrotik routers can ping each other, we can create the EoIP tunnel among them. EoIP can be used with VPN but I will show a very simpel EoIP tunnel setup in this exampel.


R1:

Public IP: 50.60.50.58/29 (assigned to ether1)
Default Gateway: 50.60.50.57
LAN IP: 192.168.100.0/24
EoIP tunnel IP: 10.10.10.1/30 (assigned to EoIP_R1)

R2:

Public IP: 60.50.60.50/29 (assigned to ether1)
Default Gateway: 60.50.60.49
LAN IP: 192.168.101.0/24
EoIP tunnel IP: 10.10.10.2/30 (assigned to EoIP R2)

I assume that you have configured the internal LAN so it can connect to internet (masquerade the private IPs to the public interface).

 Configuration on for R1 and R2:

R1:

/ip address add address=50.60.50.58/29 interface=ether1

/ip route add dst-address=0.0.0.0/0 gateway=50.60.50.57

/ip firewall nat add action=masquerade chain=srcnat out-interface=ether1 src-address=192.168.100.0/24

/interface eoip add name=EoIP_R1 remote-address=60.50.60.50 tunnel-id=10

/ip address add address=10.10.10.1/30 interface=EoIP_R1

/ip route add dst-address=192.168.101.0/24 gateway=10.10.10.2

R2:

/ip address add address=60.50.60.50/29 interface=ether1

/ip route add dst-address=0.0.0.0/0 gateway=60.50.60.49

/ip firewall nat add action=masquerade chain=srcnat out-interface=ether1 src-address=192.168.101.0/24

/interface eoip add name=EoIP_R2 remote-address=50.60.50.58 tunnel-id=10

/ip address add address=10.10.10.2/30 interface=eoip1

/ip route add dst-address=192.168.100.0/24 gateway=10.10.10.1

After you finish the above configuration, you should be able to ping from PC1 to PC2 / PC2 to PC1