3 recursive route failover

RouterOS General
1

How to set 3 recursive route failover in the ccr-1009.
I know how to set 2 recursive route failover in ccr using this:
/ip route
add dst-address= 8.8.8.8/32 gateway = 10.0.1.1 scope = 10 comment=“Validate Primary”
add gateway=8.8.8.8 distance = 1 check-gateway = ping comment=“Primary Route”
add gateway=10.0.2.1 distance = 2 comment = “Secondary Route”

Thanks in advanced

2

3 recrusive route failover
Example: we have 3 address list 192.168.1.1,192.168.2.1 and 192.168.3.1 ( Please configure your ip address as your network configure)
select any 3 open dns like google , open dns or any public dns
Example of dns selection
network 192.168.1.1 chosen dns 8.8.8.8
network 192.168.2.1 chosen dns 8.8.4.4
network 192.168.3.1 chosen dns 1.1.1.1

/ip route
add dst-address= 8.8.8.8 gateway = 192.168.1.1 scope = 10
add gateway=8.8.8.8 distance = 1 check-gateway = ping comment=“Primary Route”
add dst-address= 8.8.4.4 gateway = 192.168.2.1 scope = 10
add gateway=8.8.4.4 distance = 2 check-gateway = ping comment=“Secondry Route”
add dst-address= 1.1.1.1 gateway = 192.168.3.1 scope = 10
add gateway=1.1.1.1 distance = 3 check-gateway = ping comment=“Thrid Route”

This configration will do auto failover even your isp interface up but not responding it will change over to second route and as to third route.

Please check and let me know.

3

Hi,
Do it need add virtual host?

4

What do you mean by virtual host? The failover between 3 WANs done this way is just an extension of the one you use for 2 WANs, nothing changed on the principle, still only one WAN is used at a time (and yes, the lowest priority one need not the availability checking via recursive next-hop search if you don’t distribute the traffic among them but really strictly choose one in the order of priority for all traffic).

5

i mean this

https://wiki.mikrotik.com/wiki/Advanced_Routing_Failover_without_Scripting

6

OK, so you mean a virtual hop, not a virtual host.

You do not need a virtual hop to fail over among several WANs. The purpose of using a virtual hop is to allow monitoring of availability of a given link using several hosts in the internet, so if at least one of those hosts responds to pings, the link is considered working. Without it, a fault of the single monitored host causes the link to be considered unavailable.

So this has nothing to do with the number of WAN links and with the way you use them (exclusively by priority or distributing the load among them or a mixture of these).

7

Hi,
thanks for sharing, if i am using 4 WAN load balance from:
https://aacable.wordpress.com/tag/mikrotik-4-wan-load-balance/


so i just need this to check on my 4 WAN right? please correct me if i am wrong.
/ip route
add dst-address= 8.8.8.8 gateway = 192.168.1.1 scope = 10
add gateway=8.8.8.8 distance = 1 check-gateway = ping comment=“Primary Route”
add dst-address= 8.8.4.4 gateway = 192.168.2.1 scope = 10
add gateway=8.8.4.4 distance = 2 check-gateway = ping comment=“Secondry Route”
add dst-address= 1.1.1.1 gateway = 192.168.3.1 scope = 10
add gateway=1.1.1.1 distance = 3 check-gateway = ping comment=“Thrid Route”
add dst-address= 1.1.1.1 gateway = 192.168.4.1 scope = 10
add gateway=1.1.1.1 distance = 4 check-gateway = ping comment=“Fourth Route”

8

I assume it is a copy-paste error that your monitored address for both WAN3 and WAN4 is 1.1.1.1 and that they are actually different. If so (copy-paste error), then yes, these 4×2 routes are sufficient for having all 4 WANs monitored for actual access to internet.

But to distribute (balance) the load among the WANs, you need to use marked routes and assign routing-marks: out of the 4 routes above with 0dst-address=0.0.0.0/0 and no routing-mark, only one is used at a time - in particular, the one with highest priority (lowest value of distance) out of those which are available.

9

ty for post work perfect, save my day!

10

When and how do you flush your connections?

I am using netwatch on my primary.
If that netwatch goes up or down I flush the firewall connections.

Think ing I should use something with more than one ping or maybe two stages.

But what works for you guys?

11

Hi Gotsprings, the answer is I dont flush. :wink:

Seriously, if my main connection goes down for whatever reason it may be very temporary and by flushing things I wiipe out any connections.
If only temporary everything continues kinda okay, but if one has flushed connections then all is lost.
WHat you are doing only seems to apply if a connection is hard down and not good for intermittent interruption.
This is just a theory but one of the reasons besides laziness that I dont add netwatch etc.to the equation.

PS just for giggles last night I added netwatch for the WAN and then primary devices on my network, switches, aps etc. just to see if they work (emails me).

12

I have mangle and a static route set up for my backup connection. This allows me to track and connect over the backup even if the primary is up.

Problem sometimes arises when the system is running on the secondary… Then the primary comes back.

Since that route is set there… Things are not forced off the secondary. So you have to wait for connections to time out. Which could be hours.

Ergo… Flush to kick everything and make it move back to the primary.

This was mostly based on when I had a very slow metered connection for a backup. So you only wanna use it when you have to. Because once you hit the monthly limit for data… It slows down to 200K.

13

No caps here,
So what I would considering doing is flushing the cache after 60 seconds of a switch. ISP1 to ISP2
In other words, detect switch, check after 60 seconds if still switched then flush? if still connected via ISP2 flush

and vice versa.
or something like that.

Trying to avoid interrupting connections by users for an intermittent issue or a glitch and then flushing prematurely.
What would be a safe but effective time frame to do the above or is there a better way??

14

Simple 3/5 ping test would probably be good enough.

But I was thinking about stacking netwatches..

15

Why not do an IF statement in a single netwatch script.
IF 3 successive pings at 5 seconds apart = no connectiivity to ISP1 then
a. check router is now using ISP2
b. flush DNS

16

Pretty close to what I meant.

17

Kewl, would be interested in seeing such a script if you develop one. Right now trying to add telegram messages to iphone from router… sunday fun.

18

Domotz handles most of my remote monitoring.

19

Why would I buy a cloud service when my router does it for free?
Why would I put all my devices status on the cloud for all to see, if its on the cloud ultimately its not secure.

20

Your router does not report when it’s offline. And there are a host of other things that Domotz can keep track of and alert on that makes it very worth while.

Domotz privacy policy is pretty extensive.