Hi,

I have 2 ISPs.
I like to have 2 default routes of 0.0.0.0/0 but only use one and use the other if the first is down.
How to do this?

0.0.0.0/0 to 172.16.0.250 Primair
0.0.0.0/0 to 172.16.0.251 as backup if Primair is down. (can not ping 8.8.8.8 for example).

Just use a different cost (distance) for each one. For example use distance=1 for primary and distance=2 for backup.

I then use recursive routing to validate if the routes themselves are working.

Thanks,

And how can I do this:
I then use recursive routing to validate if the routes themselves are working.

Use check-gateway=ping in each of the routes is simpler than recursive route (but only checks the next hop)

And doesn’t do you any good as failures often happen upstream from the first hop.

49er: The following document describes how to use recursive routing to set up routing failover:
http://wiki.mikrotik.com/wiki/Advanced_Routing_Failover_without_Scripting

Essentially, you pick two hosts on the internet (say yahoo.com and google.com) and use them to help determine if a route is up or down.

Thanks a lot, I understand checking host 1 and host 2 but in this example I miss the 0.0.0.0/0 ?
Don’t we need this?

If you mean the cli commands, 0.0.0.0/0 (default route) is implied if not specified.

what do you mean?
Why is it not in the example?

What must I add for commands to have the recursive route?

This is what I get if I do a /ip route export

/ip route
add check-gateway=ping comment="Gateway naar de Sonicwall Ring 393" distance=1
gateway=172.16.0.125
add check-gateway=ping comment="Gateway naar de Sonicwall Ring 225" distance=2
gateway=172.16.0.126
add distance=1 dst-address=192.9.201.0/24 gateway=192.9.201.250

This is what I get if I do /ip route print

Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit

DST-ADDRESS PREF-SRC GATEWAY DISTANCE

0 A S ;;; Gateway naar de Sonicwall Ring 393
0.0.0.0/0 172.16.0.125 1
1 S ;;; Gateway naar de Sonicwall Ring 225
0.0.0.0/0 172.16.0.126 2
2 ADC 172.16.0.0/25 172.16.0.1 BR_LAN_MGMT 0
3 ADC 172.16.0.128/27 172.16.0.129 VLAN_LAN_SERVER 0
4 ADC 172.16.1.0/27 172.16.1.1 VLAN_LAN_1_DATA 0
5 ADC 172.16.1.32/27 172.16.1.33 VLAN_WLAN_1_DATA 0
6 ADC 172.16.1.64/27 172.16.1.65 VLAN_WLAN_1_GUEST 0
7 ADC 172.16.1.96/27 172.16.1.97 VLAN_LAN_1_MFP 0
8 ADC 172.16.1.128/27 172.16.1.129 VLAN_LAN_1_GAME 0
9 ADC 172.16.1.160/27 172.16.1.161 VLAN_LAN_1_CAMERA 0
10 ADC 172.16.1.192/27 172.16.1.193 VLAN_LAN_1_TVMM 0
11 ADC 172.16.1.224/27 172.16.1.225 VLAN_WLAN_1_SP 0
12 ADC 172.16.2.0/27 172.16.2.1 VLAN_LAN_2_DATA 0
13 ADC 172.16.2.32/27 172.16.2.33 VLAN_WLAN_2_DATA 0
14 ADC 172.16.2.64/27 172.16.2.65 VLAN_WLAN_2_GUEST 0
15 ADC 172.16.2.96/27 172.16.2.97 VLAN_LAN_2_MFP 0
16 ADC 172.16.2.128/27 172.16.2.129 VLAN_LAN_2_GAME 0
17 ADC 172.16.2.160/27 172.16.2.161 VLAN_LAN_2_CAMERA 0
18 ADC 172.16.2.192/27 172.16.2.193 VLAN_LAN_2_TVMM 0
19 ADC 172.16.2.224/27 172.16.2.225 VLAN_WLAN_2_SP 0
20 ADC 172.16.3.0/27 172.16.3.1 VLAN_LAN_3_DATA 0
21 ADC 172.16.3.32/27 172.16.3.33 VLAN_WLAN_3_DATA 0
22 ADC 172.16.3.64/27 172.16.3.65 VLAN_WLAN_3_GUEST 0
23 ADC 172.16.3.96/27 172.16.3.97 VLAN_LAN_3_MFP 0
24 ADC 172.16.3.128/27 172.16.3.129 VLAN_LAN_3_GAME 0
25 ADC 172.16.3.160/27 172.16.3.161 VLAN_LAN_3_CAMERA 0
26 ADC 172.16.3.192/27 172.16.3.193 VLAN_LAN_3_TVMM 0
27 ADC 172.16.3.224/27 172.16.3.225 VLAN_WLAN_3_SP 0
28 ADC 172.16.4.0/27 172.16.4.1 VLAN_LAN_4_DATA 0
29 ADC 172.16.4.32/27 172.16.4.33 VLAN_WLAN_4_DATA 0
30 ADC 172.16.4.64/27 172.16.4.65 VLAN_WLAN_4_GUEST 0
31 ADC 172.16.4.96/27 172.16.4.97 VLAN_LAN_4_MFP 0
32 ADC 172.16.4.128/27 172.16.4.129 VLAN_LAN_4_GAME 0
33 ADC 172.16.4.160/27 172.16.4.161 VLAN_LAN_4_CAMERA 0
34 ADC 172.16.4.192/27 172.16.4.193 VLAN_LAN_4_TVMM 0
35 ADC 172.16.4.224/27 172.16.4.225 VLAN_WLAN_4_SP 0
36 ADC 172.16.5.0/27 172.16.5.1 VLAN_LAN_5_DATA 0
37 ADC 172.16.5.32/27 172.16.5.33 VLAN_WLAN_5_DATA 0
38 ADC 172.16.5.64/27 172.16.5.65 VLAN_WLAN_5_GUEST 0
39 ADC 172.16.5.96/27 172.16.5.97 VLAN_LAN_5_MFP 0
40 ADC 172.16.5.128/27 172.16.5.129 VLAN_LAN_5_GAME 0
41 ADC 172.16.5.160/27 172.16.5.161 VLAN_LAN_5_CAMERA 0
42 ADC 172.16.5.192/27 172.16.5.193 VLAN_LAN_5_TVMM 0
43 ADC 172.16.5.224/27 172.16.5.225 VLAN_WLAN_5_SP 0
44 ADC 172.16.6.0/27 172.16.6.1 VLAN_LAN_6_DATA 0
45 ADC 172.16.6.32/27 172.16.6.33 VLAN_WLAN_6_DATA 0
46 ADC 172.16.6.64/27 172.16.6.65 VLAN_WLAN_6_GUEST 0
47 ADC 172.16.6.96/27 172.16.6.97 VLAN_LAN_6_MFP 0
48 ADC 172.16.6.128/27 172.16.6.129 VLAN_LAN_6_GAME 0
49 ADC 172.16.6.160/27 172.16.6.161 VLAN_LAN_6_CAMERA 0
50 ADC 172.16.6.192/27 172.16.6.193 VLAN_LAN_6_TVMM 0
51 ADC 172.16.6.224/27 172.16.6.225 VLAN_WLAN_6_SP 0
52 ADC 172.16.7.18/32 172.16.7.19 <pptp-ronald.ve... 0

I meant that if you don’t specify dst-address, like in

add check-gateway=ping comment="Gateway naar de Sonicwall Ring 393" distance=1 \
gateway=172.16.0.125

dst-address is implied to be 0.0.0.0/0, i.e. default route.

You want to use a host further down your router to be able to enable meaningful gateway checking; otherwise you would be checking your own router, which doesn’t mean there’s real connectivity to Internet.

For that, you create routes using internet hosts with well-known availability as “gateways”, 8.8.8.8 or 8.8.4.4 for example.

“Problem” is ROS won’t allow you to use a gateway that it isn’t directly reachable.

Look at your directly connected routes: all have a scope of 10. (By default ROS assigns a scope of 10 only to directly connected routes)

In order to make ROS consider these “gateways” as directly reachable, you should lower its (set scope=10 from its default not-directly connected scope of 30) that way you will be able to use them as gateways.