Sign in Subscribe
3 min read

High Availability Home Network with VRRP and 802.11r Fast Roaming

Single router = single point of failure. Router dies? Everything's offline. ISP hiccups? No internet.

I built a dual-router HA setup using VRRP (Virtual Router Redundancy Protocol) with 802.11r fast roaming. Result: <5 second failover and <20ms roaming between APs.

The Setup

Hardware:

  • Master: D-Link DIR-878 (OpenWrt) - 10.77.0.254
  • Backup: JGC Q20 (OpenWrt) - 10.77.0.253
  • VRRP VIP: 10.77.0.1/22 (shared gateway)
  • Network: 10.77.0.0/22 (1024 hosts)

Both routers share a virtual IP (10.77.0.1). All clients use this VIP as their gateway. DIR-878 runs as Master (priority 200), Q20 as Backup (priority 100). If Master fails or loses WAN, Backup takes over instantly.

VRRP Configuration

DIR-878 (Master):

opkg update && opkg install keepalived
cat > /etc/keepalived/keepalived.conf << 'EOF'
global_defs {
router_id DIR878_MASTER
}
vrrp_script check_wan {
script "/usr/bin/ping -c 2 8.8.8.8 > /dev/null 2>&1"
interval 5
weight -50
}
vrrp_instance VI_LAN {
state MASTER
interface br-lan
virtual_router_id 1
priority 200
advert_int 1
authentication {
auth_type PASS
auth_pass SecurePass123
}
virtual_ipaddress {
10.77.0.1/22 dev br-lan
}
track_script {
check_wan
}
}
EOF
/etc/init.d/keepalived enable
/etc/init.d/keepalived start

JGC Q20 (Backup):

opkg update && opkg install keepalived
cat > /etc/keepalived/keepalived.conf << 'EOF'
global_defs {
router_id Q20_BACKUP
}
vrrp_script check_wan {
script "/usr/bin/ping -c 2 8.8.8.8 > /dev/null 2>&1"
interval 5
weight -50
}
vrrp_instance VI_LAN {
state BACKUP
interface br-lan
virtual_router_id 1
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass SecurePass123
}
virtual_ipaddress {
10.77.0.1/22 dev br-lan
}
track_script {
check_wan
}
}
EOF
/etc/init.d/keepalived enable
/etc/init.d/keepalived start
DHCP Configuration (Both Routers):
uci set dhcp.lan.dhcp_option='3,10.77.0.1'
uci commit dhcp
/etc/init.d/dnsmasq restart

Clients now get 10.77.0.1 as their gateway. Zero reconfiguration needed.

802.11r Fast Roaming

Standard WiFi roaming takes 500-1000ms (dropped VoIP calls, buffering). 802.11r cuts this to <20ms.

Configuration (Both Routers):

uci set wireless.default_radio0.ieee80211r='1'
uci set wireless.default_radio0.mobility_domain='a1b2'
uci set wireless.default_radio0.ft_over_ds='0'
uci set wireless.default_radio0.ft_psk_generate_local='1'
uci set wireless.default_radio1.ieee80211r='1'
uci set wireless.default_radio1.mobility_domain='a1b2'
uci set wireless.default_radio1.ft_over_ds='0'
uci set wireless.default_radio1.ft_psk_generate_local='1'
uci commit wireless
wifi reload

Critical: mobility_domain must be identical on all APs. Use Over-the-Air (ft_over_ds=0) for better iOS compatibility.

Testing Results

VRRP Failover:

Test 1 - Master Down:

/etc/init.d/keepalived stop

Failover time: 3.2 seconds
Packet loss: 3 pings
Result: Q20 took over, clients stayed connected

Test 2 - WAN Failure:

ifconfig eth0.2 down

Detection time: 10 seconds
Failover time: 2.8 seconds
Total: ~13 seconds
Result: Automatic failover triggered

802.11r Roaming:

Walked between rooms while pinging 8.8.8.8:

64 bytes from 8.8.8.8: time=12ms
64 bytes from 8.8.8.8: time=14ms
[Roaming...]
64 bytes from 8.8.8.8: time=19ms
64 bytes from 8.8.8.8: time=11ms

Roaming time: ~15ms
Packet loss: 0
Result: Seamless, WhatsApp call didn't drop

Troubleshooting

VIP Not Showing:

ip addr show br-lan | grep 10.77.0.1
logread | grep VRRP
/etc/init.d/keepalived restart

iOS Won't Connect:

Always use Over-the-Air (ft_over_ds=0). iOS has issues with Over-the-DS in OpenWrt.

Both Routers Claim Master:

cat /etc/keepalived/keepalived.conf | grep auth_pass

Must be identical on both routers.

Monitoring

Quick health check script:

!/bin/sh
echo "=== VRRP Status ==="
ip addr show br-lan | grep 10.77.0.1 && echo "✅ MASTER" || echo "⚠️ BACKUP"
pgrep keepalived > /dev/null && echo "✅ Keepalived running" || echo "❌ Keepalived down"
ping -c 2 8.8.8.8 > /dev/null 2>&1 && echo "✅ WAN up" || echo "❌ WAN down"

Performance Summary

Failover time: 3.2s
WAN detection: 10s
Roaming delay: 15-18ms
Packet loss: 0 (roaming)
Uptime (30d): 99.97%

Why This Works

VRRP ensures router redundancy. 802.11r ensures seamless roaming. Combined = production-grade home network that survives hardware failures and ISP issues.

Total cost: ~2M IDR (second-hand gear). Worth every rupiah for zero downtime during WFH.

Next steps: Add third router for N+2 redundancy, implement dual-WAN VRRP, set up Prometheus monitoring.

Published by:

Joe

Member discussion