Answer the question
In order to leave comments, you need to log in
How to understand the failover process on mikrotik with two WANs?
There is an example: wiki.mikrotik.com/wiki/Advanced_Routing_Failover_w...
I am considering an advanced version with 4 host checks (2 through ISP1, and 2 other hosts through ISP2). In general terms, the idea is clear, everything works for me, but with modifications, but the question is not in them, but in the clarity of the process. Just in case, I saw articles on Habré and in many other places.
I would like to understand what should be added to the official wiki, which I cited above.
Here is the code (I will number the lines, of course, there is no numbering in the script):
1) /ip route
2) add dst-address=Host1A gateway=GW1 scope=10
3) add dst-address=Host1B gateway=GW1 scope=10
4) add dst-address=Host2A gateway=GW2 scope=10
5) add dst-address=Host2B gateway=GW2 scope=10
6) add dst-address=GW1 gateway=Host1A scope=10 target-scope=10 check-gateway=ping
7) add dst-address=GW1 gateway=Host1B scope=10 target-scope=10 check-gateway=ping
8) add dst-address=GW2 gateway=Host2A scope=10 target-scope=10 check-gateway=ping
9) add dst-address=GW2 gateway=Host2B scope=10 target-scope=10 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=GW1 distance=1
add dst-address=0.0.0.0/0 gateway=GW2 distance=2
/ip route add dst-address=0.0.0.0/0 gateway=Host1A distance=1 check-gateway=ping
/ip route add dst-address=0.0.0.0/0 gateway=Host2A distance=2 check-gateway=ping
/ip route disable [find comment="ISP1"]
/ip route enable [find comment="ISP1"]
Answer the question
In order to leave comments, you need to log in
Read the article carefully. as a result, we come to a double recursion. By the way, an interesting solution. It turns out that we monitor several hosts with direct routes to the Internet, through each of them we make a route for a "virtual" address, which, in turn, is a gateway for the default recursive route for clients. It turns out that routes through "virtual" addresses check any number of external addresses. And if one of the addresses is not available, and the rest are working, it will be in the apa. If all addresses are dead, then the provider is unavailable, deactivate the route. If you understand how it works, you won't get confused. You need to register a lot of routes, yes. But the solution is interesting)
I completely disagree with the statement l0ser140about the fact that fireover on scripts is better. There is nothing good in it. Pure routing handles this 200% without any crutches.
I also spent a very long time with the redundancy setting, I got this design.
/ip address
add address=<ISP1_IP_ADDRESS> interface=ether1_WAN_MAIN
add address=<ISP2_IP_ADDRESS> interface=ether2_WAN_RESERVE
/interface list
add name=WAN
/interface list member
add interface=ether2_WAN_RESERVE list=WAN
add interface=ether1_WAN_MAIN list=WAN
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
/ip firewall mangle
add action=mark-connection chain=input in-interface=ether1_WAN_MAIN new-connection-mark=Input/ISP1
add action=mark-routing chain=output connection-mark=Input/ISP1 new-routing-mark=ISP1 passthrough=no
add action=mark-connection chain=input in-interface=ether2_WAN_RESERVE new-connection-mark=Input/ISP2
add action=mark-routing chain=output connection-mark=Input/ISP2 new-routing-mark=ISP2 passthrough=no
add action=mark-connection chain=prerouting in-interface=ether1_WAN_MAIN new-connection-mark=Forward/ISP1
add action=mark-routing chain=prerouting connection-mark=Forward/ISP1 in-interface=!ether1_WAN_MAIN new-routing-mark=ISP1 passthrough=no
add action=mark-connection chain=prerouting in-interface=ether2_WAN_RESERVE new-connection-mark=Forward/ISP2
add action=mark-routing chain=prerouting connection-mark=Forward/ISP2 in-interface=!ether2_WAN_RESERVE new-routing-mark=ISP2 passthrough=no
/ip route
add distance=1 gateway=<ISP1_GATEWAY> routing-mark=ISP1
add distance=1 gateway=<ISP2_GATEWAY> routing-mark=ISP2
add distance=1 dst-address=8.8.4.4/32 gateway=<ISP2_GATEWAY>
add distance=1 dst-address=8.8.8.8/32 gateway=<ISP1_GATEWAY>
add distance=1 dst-address=77.8.8.1/32 gateway=<ISP2_GATEWAY>
add distance=1 dst-address=77.8.8.8/32 gateway=<ISP1_GATEWAY>
add check-gateway=ping distance=10 gateway=8.8.8.8 target-scope=30
add check-gateway=ping distance=20 gateway=8.8.4.4 target-scope=30
add check-gateway=ping distance=10 gateway=77.8.8.8 target-scope=30
add check-gateway=ping distance=20 gateway=77.8.8.1 target-scope=30
/ip route rule
add action=lookup-only-in-table routing-mark=ISP1 table=ISP1
add action=lookup-only-in-table routing-mark=ISP2 table=ISP2
I think it's some kind of crutch.
The only plus in them is that there is no script, but otherwise there are solid minuses.
I advise you to implement using a script, you can google examples. You will check the same hosts through both connections, run at the desired frequency, write to the logs about the unavailability of the Internet, there will be no such trash in the routing and other goodies.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question