HA Setup for homelab access

hp_inkjet · September 30, 2021, 9:17am

Hi all! First of all thank you for making such a great product!
I need an advice on how configure an HA lan access setup for my homelab and I would like to leverage the new Zerotier Mikrotik integration to do so.

I’ve a couple of CRS317 as my core switches (from which all the trunk-bonds are created, thanks to MLAG) my plan is to join them to my network and configure bridging (+ Default route) on the management VLAN in order to be able to access all my VLANs remotely.

My doubts are:

Is my plan feasible? Such bridge configuration in a L2 “physical” network creates loops, how zerotier manages loops? Can I configure STP or an “active-passive” (one bridge forwarding, the other waiting for a fault/failover/maintenance) link to my bridged network?
Should I go for a L3 routed setup? If so, can I add multiple routes to the same network through my 2 switches? Is Zerotier aware of faults thus preventing forwarding of packets if one of the 2 “routers” is offline? Does Zerotier support ECMP for such configuration in order to achieve load balancing?

Thank you,
Matteo Manzoni

timmmy · October 9, 2021, 9:47pm

Hi @hp_inkjet,

Interesting case
This might complete BS, but for what it’s worth, some thoughts:
I guess you would like to run two different instances of Zerotier on two different switch, right? In the L2 scenario, if you would define the two remote connections as two separate zerotier networks, they should not create loops on the network. If you then have STP running, in theory it should disable packets from using one of the two links, no? In that case there’s no need for zerotier to handle anything…
L3 case looks tricky…

How fast should the failover be?
Maybe some scripts can help you out… (Maybe even in combination with the zerotier API)

Kind regards,

Timmmy

hp_inkjet · October 11, 2021, 8:03am

Hi @timmmy,
Thank you so much for your feedback, ideally the failover should be instant (as it is “instant” an OSPF adjacency change or STP convergence), eg. I want to firmware upgrade my switch, when the switch reboot I want to keep reaching (maybe with ~seconds delay) my network anywhere I am

I would like to have everything under a common network for improved ease of use, I think that this can be achieved as follows:

L3 monitored routes in order to failover in case of reachability issues. (“10.10.10.0/24 via 10.27.27.101 metrics 10 monitor ping”, “10.10.10.0/24 via 10.27.27.102 metrics 100 monitor ping”)
The downside is that this solution imply development ZeroTier side
L2 BPDU should be forwarded through ZeroTier (is this currently the case?) in order block one of the 2 ZT interfaces (the one in the non root switch)
The downside is that extending the broadcast domain is always to avoid, BPDU are tricky and slow and currently thanks to MLAG I’ve removed STP from my network with the hope to never reintroduce it again. This solutions doesn’t support Mobile clients

At the moment my workaround is to use my 2 CCR2004 (configured as my gateway through VRRP) to call ZeroTier APIs on VRRP master-backup events to update the routes to my network