2 WANs, switching when there's no Internet

ricardovianna · June 5, 2020, 8:05pm

Hi,

I read topic http://forum.mikrotik.com/t/2-wan-switch-between-when-no-internet/119014/1 but it is locked for new replies.

My setup:

Ether 1: main Internet connection – DHCP client from gateway 192.168.1.1. Default route = disabled
Ether 2: secondary Internet connection (metered/LTE) – DHCP client from gateway 192.168.2.1. Default route = disabled
Ether 3 to 5: bridge / LAN ports

My objetive: check if external addresses are reachable in ether1. If not, route WAN to ether2. Re-route back to ether1 when the external addresses become available.

I make the IP Route, following the instructions of previous post:

Adding external addresses via both gateways:

/ip route
add dst-address=1.1.1.1 gateway=192.168.1.1
add dst-address=8.8.8.8 gateway=192.168.1.1
add dst-address=1.0.0.1 gateway=192.168.2.1
add dst-address=8.8.4.4 gateway=192.168.2.1

Checking ping of external addresses:

/ip route
add distance=1 gateway=1.1.1.1 check-gateway=ping
add distance=2 gateway=8.8.8.8 check-gateway=ping
add distance=3 gateway=1.0.0.1 check-gateway=ping
add distance=4 gateway=8.8.4.4 check-gateway=ping

Adding routes with distances:

/ip route
add destination=0.0.0.0/0 gateway=192.168.1.1 distance=1
add destination= 0.0.0.0/0 gateway=192.168.2.1 distance=2

The result is:
Screen Shot 2020-06-05 at 4.54.34 PM.png
I see that the second piece of commands (adding external address as routes and checking ping) all marked as unreachable.
If I took out the ether1 cable, MK starts to route thru ether2 correctly. But, I’m not sure that this will happen if the ether1 gateway is there, with no Internet.

So, my question is: am I doing this correctly?

Thank you!

WeWiNet · June 10, 2020, 5:39pm

Should work as its same as I do.
Maybe just use an IP address instead of 8.8.8.8 that does not respond to a ping …
As that IP address does not responds the route will be disabled.

solar77 · June 10, 2020, 6:11pm

looks like you did not specify scope and target-scope

have a look here:
http://forum.mikrotik.com/t/advanced-routing-failover-without-scripting/136599/1

and more details here
https://wiki.mikrotik.com/wiki/Manual:Using_scope_and_target-scope_attributes

alexanwar · June 10, 2020, 6:22pm

usually, you need to make script for this purpose, but there’s easy trick to perform this based on your setup without script.

first, modify the routes

/ip route
add gateway=192.168.1.1 distance=10 comment="ISP1"
add gateway=192.168.2.1 distance=20 comment="ISP2'

then assign routes to ip address to check using specific gateway:

add dst-address=8.8.8.8 gateway=192.168.1.1 distance=5
add dst-address=8.8.4.4 gateway=192.168.1.2 distance=5

then use netwatch to ping those ip addresses, also a simple command to enable or disable the route:

/tool netwatch
add down-script="/ip route set [find comment=\"ISP1\"] distance=250" host=8.8.8.8 up-script="/ip route set [find comment=\"ISP1\"] distance=10"
add down-script="/ip route set [find comment=\"ISP2\"] distance=250" host=8.8.4.4 up-script="/ip route set [find comment=\"ISP2\"] distance=20"

and all set.
this will make traffic to 8.8.8.8 will use ISP 1 and traffic to 8.8.4.4 will use ISP 2, then you just ping that ip address using netwatch. if netwatch cannot reach the destination ip (status down), it will lower the distance of the gateway of the specific ISP. it will be reverted back when the ping success (status up) again.

gazingbazooka · June 11, 2020, 2:43pm

Here is what I was able to piece together for Dynamic WAN + PPPoE failover:

/interface bridge
add auto-mac=no name=bridge
/interface pppoe-client
add disabled=no interface=ether1 name=pppoe-out1
/interface list
add name=WAN
add name=LAN
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.100
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge lease-time=1h name=DHCP-Home
/interface bridge port
add bridge=bridge interface=ether2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add interface=bridge list=LAN
add interface=ether1 list=WAN
add interface=pppoe-out1 list=WAN
add interface=ether3 list=WAN
/ip address
add address=192.168.88.1/24 interface=ether2 network=192.168.88.0
/ip dhcp-client
add add-default-route=no disabled=no interface=ether3 script="log info \"\$[/system identity get name] DHCP Client Starting\";\
\n:if (\$bound=1) do={ \
\n log info \"\$[/system identity get name] DHCP Client Bound IP \$\"lease-address\" GW \$\"gateway-address\"\";\
\n /ip route set [find comment=\"Rogers\"] gateway=(\$\"gateway-address\");\
\n} else={\
\n log error \"\$[/system identity get name] DHCP Client Not Bound\";\
\n}" use-peer-dns=no
/ip dhcp-server config
set store-leases-disk=12h
/ip dhcp-server network
add address=192.168.88.0/24 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=9.9.9.9,1.1.1.1
/ip dns static
add address=192.168.88.1 name=router.home
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/ip route
add check-gateway=ping distance=1 gateway=9.9.9.9
add distance=2 gateway=pppoe-out1
add comment=Rogers distance=1 dst-address=9.9.9.9/32 gateway=1.2.3.4 scope=10
/system ntp client
set enabled=yes server-dns-names=time.google.com