I want to explore the possibility for MIRRORING or FAILOVER my OpenWrt router

Apparently some Failover methods implement is minimalistic 2nd install.
I want to mirror an exact copy of the router, hardware & OS/install.

One way to install a manual failover is to install in parallel.....

My setup ---

5g modem -> [ WAN Switch ] --> --> [ LAN Switch]
(router forwarded)

Manual Failover ---

5g modem --> [ WAN Switch ] --> [ OpenWrt no1 ] --> [ LAN Switch ]
--> [ OpenWrt no2 ] -->

The 2 OpenWrt devices should be listed vertically together, so both installed betw WAN Switch & LAN Switch.

So, TWO devices (exact same hw), exact same install inc IPs, only ONE device on/operational at a time.

To switch devices, power down operational device, power up "backup" device (can't operate both devices simutaneously as both have same IP).

I would prefer to figure out an improvement to above design, being able to switch OpenWrt devices WITHOUT interrupting WAN/LAN traffic/activity.
Basically a "live" failover. I don't know if that's possible.... I've never had to implement anything more complicated than disk mirroring.

One option I'm considering is doing the failover at SWITCH level, poss using mirrored traffic/ports. Is there a way, at switch level, to change switch port to the port feeding "secondary" router, either an auto port switch at firmware level, or a manual port switch at firmware level?

So, on the switch port perspective, the "secondary" router's switch port would NOT be active, even if "secondary" router were powered on.

Sorry for any confusion, I'm a little underwater re any appropriate terms, & just fishing for terms / solutions.

https://www.walmart.com/ip/RJ45-Network-Switch-Selector-2x1-1x2-2-Port-Network-Hub-2-Ports-Network-Switch/1743294326 ?

shouldn't it be

5g modem --> [ WAN Switch ] --> [ OpenWrt no1 ] --> [ LAN Switch ]
                            |-> [ OpenWrt no2 ] --> [ LAN Switch ]

if you add another one of those Walmart switches between the openwrt devices, and the LAN switch, you'll only need one port in the switch.

AFAIK, no matter how you do it, it'll terminate all open connections.

You can have a wan switch, connect two routers to it. Sync the config however you like. Ensure you have a static wan address and use conntrackd to sync the connection table. If you have no static address then you can simply fail over and watch all your client connections timing out...
And of course use keepalived to handle the auto assignment of virtual addresses...

I have a static wan address.

I seem to remember conntrackd was no longer in dev. Have to learn more what it does.

What is syncing the connection table? Routing table?

Ok, so when failing over router, there is no way to maintain live traffic/connections?

Conntrackd is still actively maintained. And yes it is used to sync the connection table. To view the current table use conntrack (mind the missing d at the end).
Also, depending on your use case you might want/have to sync your DHCP pool so you might have a lock at kea.

See the other post. Conntrackd is used to sync the connection state.
The source folder contains explainations as well as example configs for different scenarios. Like active passive, active active, using unicast and multicast...

1 Like

So, does conntrackd run on OpenWrt?

As syncing is happening, both routers need to be operational simultaneously right? So they can't both have the std OpenWrt 192.168.1.1 IP (which mine has).

I'll have another look at the docs.

I was looking for an ethernet splitter to try, in my region (Austria / Germany). Couldn't find anything listed.... All the stores including Amazon list small switches instead.

I thought of another way of controlling 2x routers.... By using a smart switch & enabling / disabling the router ports.

I had a look at the firmware of one of my smart switches.... Indeed, enabling /disabling ports is possible.

My current router is PoE powered.... Via a poe splitter.

I found a managed switch supporting PoE, including turning poe on and off, per port.
should be interesting to try that one.

.... Although trying to think this thing through, Using a smart PoE switch as the WAN switch, My workstation traffic has to cross the router to get there.

Is it even possible to connect to the IP address of a switch on the WAN side of OpenWrt?

upon yet further reflection.....

I mentioned my existing router is already PoE powered..... from the LAN switch.

If I power Both OpenWrt routers From a managed PoE LAN switch, That should be more practical.

( Random capitals from voice to text keyboard!)

If you have a static address and on wan then the setup could look like this:

  • You go on your uplink port to a switch. I'm unsure if a dump unmanaged switch will do. I think you need a "proper" switch with vlan support and the like ...
  • You put the wan port into a vlan and untagged it.
  • Then you connect your two Openwrt routers wan port to that switch, also untagged into this vlan.
  • Now keepalived enters the show: you configure the Openwrt wan without an address, and the lan port with addresses like .2 and .3. keepalived gets configured to handles the address assignment of .1 and also the wan address. This is called a virtual address.
  • And conntrackd gets configured to sync state between the 2 Openwrt routers.
  • I just leave the handling and syncing of DHCP pools aside for now...

With these notes and keywords you should be able to search for tutorials.

1 Like

Tnx for a lot of context. Yes, I'll do some research.

OK, so you're talking about the OpenWrt uplink switch being a "proper" (managed) switch w firmware/vlans/its own IP etc....

Would a switch in this infrastructure placement (upstream / WAN subnet) actually be reachable from the LAN subnet? IP something like 192.168.0.2?
Would OpenWrt create a route to the upstream switch?

I need to do so much research here before I attempt any install.....

No, the Uplink switch just bridges. No IP assignment on the switch. Only the active Openwrt router holds the wan address.

Ok... I've Currently got my uplink switch as a dumb, as in no software switch.

The "proper" (managed) switch we're talking about with the VLAN has software reachable via an IP address.

Currently, I reach the 5G modem (WAN device) via the IP address of 192.168.0.1. I've seen OpenWrt referencing this address in its routing.

So in my understanding, Somehow the upstream/WAN smart switch with software needs to be addressed somehow, Otherwise, it cannot be configured.

I didn't understand from your post that KEEPALIVED is actually an OpenWrt MODULE. I assumed it was some sort of third device.

Now I've installed KeepaLived and the Luci module.... On my one router.