Hi all,
I’m looking for help here in mikrotik forum. I want to make a ‘‘simple failover system’’ between 2 networks. I said simple because it’s easy for you but not for me
At the moment I’m running both network separatly with 2 ccr1009 and 2 different ISP.
If 1 provider is down, I turn on a ubiquiti airfiber PTP link and then I can have a ‘‘backup’’ connection. It’s a stupid way to do. I want to make it completly transparent and automatic.
I surf the web to find answer, idea etc.
I’m affraid, i’m looking at . PCC , OSPF , VLAN , SCRIPTS , and other. I don’t know what is the best for me. Can someone point me to the right direction?
I am going to take a stab in the dark on this an assume these internet connection via the diagram are not running BGP or anything fancy. So here are my observations and let me know if this is somewhat accurate:
For this I will say Router A connects to AT&T and Router B connects to Comcast
Observations/assumptions:
Router A and Router B both have address space on the same subnets
During normal operations Router A and Router B run independently and failover requires manual intervention
Devices listed in the topology are strictly layer 2
NAT and a static default route are configured on both router A and router B to use their respective ISP
Possible solutions based on observations
Configure a VRRP instance on both router A and router B to create a VIP used as a gateway
1a. Stagger the priorities and ensure preemption is enabled (this will control your load-balance between ISPs)
1b. ALWAYS use strong authentication
Use OSPF between routers A and B and ensure both are originating default routes
2a. Create a separate VLAN for the OSPF interconnection and ensure you authenticate it (prevents man in the middle injections)
Things of note:
Without a control protocol on the given ISP links, there is no way to tell if the interface is actually capable of being used. The failover will only take place if/when the ISP facing interface goes down
VRRP uses multicast hello, so ensure multicast traffic is enabled (it is by default)
Ensure the physical address on each router is unique for VRRP, the VIP adress MUST match
Yep. Just keep the PtP connection open and it’ll automatically select the lowest gateway that is actually reachable. For each route you can configure method and interval to check whether or not reachable. Definitely simplest and probably most stable way to achieve what you want.
The question is , how do I add RT2 routes for this specific subnet? I guess I need to change the DG for each subnet for something different like 10.12.1.2 instead of 10.12.1.1 ?
At the moment both router have the exact ip subnet range and setup.
The packet will pass from PC1 (10.12.1.69) through RT1 look for a route:
10.12.1.0/24 try to reach destination on Bridge-1, no match, so jump to the next route :
0.0.0.0/0 and try to reach 96.42.1.0 subnet with a cost of (0). No match found since eth-1 (WAN) is down , then go to the next route:
10.12.1.0/24 try to reach 10.12.1.2 with a cost of (10) wich is bigger than (0) Find a match !:
Then packet are processed to the second router (RT2) and reach www.google.com
Assuming your default ISP route is weight 1 (e.g.: 0.0.0.0/0 via 96.42.1.1 distance 1), to route RT1 controlled via Comcast, add a default route 0.0.0.0/0 via 10.x.2.2 with a distance greater than 1; to route RT2 via AT&T add a route 0.0.0.0/0 via 10.x.1.1 with a distance greater than 1.
That said, I do not have a clear understanding of your network topology and your subnetting (at least from presentation) looks odd from the addresses assigned to the blue device. What type of devices are the blue ones? Switches?
yeah, this is a sharp question and I gave you a simple diagram of a part of my network. So sorry.
Yes in blue these are switchs.
I add to my routers a lot of subnet. The reason is to put together all devices related to this section of thenetwork. For exemple , 10.13.1.0/24 are all for the city A and 10.1.1.0/24 are all from a city B
10.13.1.50 to 10.13.1.99 reserved for Sectoriels AP, 10.13.1.100 to 10.13.1.200 range is for my suscribed customers.
Maybe it’s not a good way to make it, but it works for me at the moment. Any suggestions are welcome!
I will reproduce the idea in my lab soon and I will let you know if it work or where i’m blocked. Thank you very much for any helps and your time!
