In the previous question I have been trying to optimize switching topology.
Now I would like to implement redundancy. And here are the problems I faced.
Assuming the following topology
As routers we use Mikrotik. Switches are cisco.
Redundancy between two routers will be achieved through VRRP.
Unfortunately I can't understand how I can establish NAT after.
We have /28 public address range. It is obvious that both Mikrotiks have to have the IPs from our public range to use the CPE as gateway. VRRP will be inside the network (private). This part is easy and clear.
But then, how to make NAT. While on both Mikrotiks I have to mirror the configuration, thus both will have the same IP addresses in the public range (I had to configure all the list of IPs in order to implement dst-nat).
And from here I can't imagine how should I implement this.
I was thinking about making VRRP inside our public range. But can't yet make a proper picture of the implementation. Or do I need to create two VRRPs, inside and outside the network?
How does usually configuration of a such network topology looks?
Best Answer
NAT is a problem with dual routers because the tables in NAT don't get shared between the routers.
That topology will break NAT if the traffic is asymmetric. Asymmetric traffic will come from the WAN to the wrong router and get passed to the correct router on an inside interface instead of the outside interface, so it will never translate.
EDIT:
This is your drawing modified for what I mean. The link between the routers must be the best path from one router to the other.