I have three types of WAN - LTE, Satellite and and WiFi (ethernet). I would like to create an automatic WAN failover. Primary connection should be WiFi, secondary LTE and the third Satellite internet. I was trying to do this using this guide - https://wiki.mikrotik.com/wiki/Advanced_Routing_Failover_without_Scripting. But I just can figure it out how to configure this.
WAN-WiFi: 192.168.1.2/24
WAN-LTE: 192.168.2.2/24
WAN-Sat: 192.168.3.2/24
LAN network: 10.0.0.1/24
So, how should I configure routing? How should I also configure NAT and Mangle?
Which IP addresses should I use for checking the link status? Can I use IP addresses of root DNS servers?
Can you maybe provide a configuration example for my scenario?
add each route normally and with static route so the three of them are working and mark them and make three mangles route mark
then because now u have them working the gateway of each source is pingable so use netwatch and script in it if one is down the enable mangle that will route u to different source and u choose to prefer which is first and which is last
I use Google DNS (8.8.8.8 or 8.8.4.4) and Level3 (4.2.2.1, 4.2.2.2, 4.2.2.3, 4.2.2.4), or your can use any other reliable icmp responder that can be reached from that WAN
Routing: As far as routing is concerned, the example in the “Advanced Routing Failover Without Scripting” wiki post works pretty well. You can use static routes, as in the wiki. Remember to use an IP address for the gateway. Do not specify a gateway interface name. Recursive routing requires numerical IP addresses. See this topic for more info http://forum.mikrotik.com/t/routing-failover-without-scripting/123751/1
Mangle: You would need to mark the connections or packets and set routing marks that correspond to the routing marks on your routing rules, but this really depends your setup and requirements, and you have not provided those details.
For checking I’m using these IP addresses: 8.8.8.8, 8.8.4.4, 4.2.2.1, 4.2.2.2, 4.2.2.3, 4.2.2.4.
My gateways are now: ISP1: 10.1.2.1, ISP2: 10.1.3.1, ISP3: 10.1.4.1
Virtual hops are just some unused IP addresses, that are not used anywhere? I have left those that are in tutorial (is this ok?): 10.1.1.1, 10.2.2.2, 10.3.3.3
Will these virtual hop addresses interfere with other addresses (I’m using the same subnets)?
ISP1 should be primary, ISP2 should be secondary and ISP3 should be the third. There should be no load balancing.
As far as I can see you have implemented the “Multiple host checking per Uplink”. You should use your real gateway IP addresses for each WAN. You do not need to change your gateways to the gateways mentioned in the WiKi as they are just examples. This allows more than 1 ICMP responder to be used for checking to see if the uplink is available. I suggest that when possible, use ICMP responders from different companies for each WAN. For example, use 1 google ICMP responder and 1 Level3 ICMP responder for WAN1, a mixed pair for WAN2, etc
You also implemented a double recursive lookup for each WAN. The main objective that this “virtual hop” accomplishes is that instead of putting the ICMP responder address that corresponds to an internal address in your subsequent routes. This makes thins simpler and clearer.
Your last group of route rules reference routing marks. If am uncertain if you did that on purpose, or if you simply copied the WiKi. If you only objective is 100% pure serial failover of all packets, you do not need to route-mark the packets. In this case you should remove all references to routing marks in your last group of route rules. If you do need to force some connections or packets through specific WANs, don’t forget that you need to use IP/MANGLE to mark your routing marks if you have not already done so.