here is my exact failover script that i use and so on as i tested it works well… any comments? i use distance 1 in both wan cause i mark ports in magle and i do routing mark. LB in torrents and failover seems that working fine.
Hi Note,
If you have a rule that marks a connection, and then a rule to mark a route then you must have passthrough = YES on the mark connection. That way, the processing can drop onto the route mark rule.
I do not know what exactly u mean by that, but to have that working well i had to put the ports that i mark in the beginning and the LB rules after and only the dividers with passthrough yes. Otherwise i had issues.
Just a note: you don’t need to mark connections in your setup, as you mark connection for every packet from LAN, and then mark routing for every packet from LAN using connection-mark you just set. You can mark routing directly. Unless you’re using those marks in Filter or NAT for some reason…
Anyway, I’d like to see basic diagnostics when WAN1 is unavailable. Traceroute, for example. Because generally everything looks good.
I know what you’re talking about. 1 packet loss every time. Just 1 literally. And it happens on LAN traffic as well.
I’ve narrowed down the problem to PCC load balancing itself, I’ve reduced it by using a destination address list for LAN traffic to exclude it from marking. But the 1 packet loss still occurs. It has nothing to do with the recursive routes.
I am marking connections because I cannot get any traffic to flow without conn marks.
What kind of mangle do I need here?
Mark routing on Prerouting?
Mark routing on Output?
I am convinced the reason this doesn’t work is the mangle.
My current config has the connections in Route, switching over when a link dies, so that is good. But no traffic flows.
I am using SRCNAT. Is that correct? should I be using Masquerade?
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S ;;; DEFAULT route for WAN1 devices to WAN1
0.0.0.0/0 8.8.8.8 1
1 S ;;; backup route for WAN1 devices to WAN2
0.0.0.0/0 8.8.4.4 2
2 A S ;;; DEFAULT route for WAN2 devices to WAN2
0.0.0.0/0 8.8.4.4 1
3 S ;;; backup route for WAN2 devices to WAN1
0.0.0.0/0 8.8.8.8 2
5 A S ;;; Ping target 2 on WAN2
8.8.4.4/32 192.168.15.1 1
6 A S ;;; Ping target 1 on WAN1
8.8.8.8/32 192.168.10.1 1
7 ADC 192.168.10.0/24 192.168.10.10 ether7 0
8 ADC 192.168.15.0/24 192.168.15.254 ether6 0
9 DC 192.168.40.0/24 192.168.40.1 sfp-sfpplus1 255
10 ADC 192.168.50.0/24 192.168.50.1 bridge1 0
11 DC 192.168.51.0/24 192.168.51.1 ether5 255
12 DC 192.168.80.0/24 192.168.80.1 ether8 255
Route
/ip route
add check-gateway=ping comment="DEFAULT route for WAN1 devices to WAN1" distance=1 gateway=8.8.8.8 routing-mark=to_WAN1 scope=10
add check-gateway=ping comment="backup route for WAN1 devices to WAN2" distance=2 gateway=8.8.4.4 routing-mark=to_WAN1 scope=10
add check-gateway=ping comment="DEFAULT route for WAN2 devices to WAN2" distance=1 gateway=8.8.4.4 routing-mark=to_WAN2 scope=10
add check-gateway=ping comment="backup route for WAN2 devices to WAN1" distance=2 gateway=8.8.8.8 routing-mark=to_WAN2 scope=10
add comment="Ping target 2 on WAN2" distance=1 dst-address=8.8.4.4/32 gateway=192.168.15.1 scope=10
add comment="Ping target 1 on WAN1" distance=1 dst-address=8.8.8.8/32 gateway=192.168.10.1 scope=10
Mangle (EDIT - this is not correct, see next post)
With SRCNAT There is a delay of maybe 10 seconds but the sessions do not appear to recover when switching over. Pages already trying to load then stall.
With Masquerade NAT there is the same delay but things don’t properly load for about 10 seconds, then after that all is ok. I do get some page stall but appears less pronounced.
I removed the Source address and it made no difference.
I don’t know if I’m imagining it but now I have a simple Mangle on Prerouting, it appears that some web pages are stalling. Is it correct to simply have a single prerouting mangle rule covering the lan (for each WAN)?
I would need to have a failover link in my setup.
Reading through this thread, I’m a little bit confused and I was unable to use this in my setup.
Can someone help me? Is this a good way to go?
What I would need:
I have 2 uplinks (ether) and I would need if the first (main) goes down to route all traffic to the second (failover) uplink. When the main link is up, don’t route anything to the failover link.
I have tried setting the routes as described in the first post, but it did not work. Later from the thread I realized that I would need to setup mangle rules for this to work.
What would be the best in my scenario? Setup mangle rules to mark packets or something else? Can anyone help me setting up the mangle rules?
I forgot to mention that I use DHCP client because I don’t have static public IPs. Only dynamic ones. I assume that this works there also, I just need to remove the default route from dhcp-client right?
If your gateways are static (I didn’t see any situations where they are not), just disable adding the default route. If they are not, you may use DHCP Client Script to update your routes with correct gateways.