Advanced Routing Failover without Scripting

DarkNate · August 31, 2020, 10:47pm

I have tried setting the routes as described in the first post, but it did not work. Later from the thread I realized that I would need to setup mangle rules for this to work.

You don’t need routing marks at all:
/ip route
add dst-address=CheckingHost gateway=GW_MAIN_IP scope=10
add distance=1 gateway=CheckingHost check-gateway=ping
add distance=10 gateway=GW_FAILOVER_IP

So why did you use routing marks in the original post in the first place?

rkrisi · September 1, 2020, 9:29am

Yes, sorry I forgot that this would only work with point-to-point interfaces. I can add the IP address there, but what if the IP address changes on this gateway?

It seems to work like this:

 0 A S  0.0.0.0/0                          8.8.8.8                   1
 1   S  0.0.0.0/0                          GW2_IP              10
 2 A S  8.8.8.8/32                      GW1_IP               1

However this way, I need to update at least GW1_IP in case it changes… What is the best way to do this? DHCP client script?

Chupaka · September 1, 2020, 10:32am

Because that config was for traffic balancing. Failover scenario can be greatly simplified, as you can see

Exactly. Add a comment to your route (e.g. “GW1_IP”) and then something like this in DHCP Client Script should be quite enough:

:if ($bound=1) do={
  :local iface $interface
  :local gw [ /ip dhcp-client get [ find interface=$"iface" ] gateway ]
  /ip route set [ find comment="GW1_IP" gateway!=$gw ] gateway=$gw
}

rkrisi · September 1, 2020, 10:50am

So why did you use routing marks in the original post in the first place?

Because that config was for traffic balancing. Failover scenario can be greatly simplified, as you can see

However this way, I need to update at least GW1_IP in case it changes… What is the best way to do this? DHCP client script?

Exactly. Add a comment to your route (e.g. “GW1_IP”) and then something like this in DHCP Client Script should be quite enough:
:if ($bound=1) do={
  :local iface $interface
  :local gw [ /ip dhcp-client get [ find interface=$"iface" ] gateway ]
  /ip route set [ find comment="GW1_IP" gateway!=$gw ] gateway=$gw
}

Thanks for your help and detailed answers!
From the first post I also assumed that this is clearly for failover and not load balancing. Anyway, right now this approach seems to work as it should!
Can I use multiple CheckingHosts here? If yes, how?
Also is it possible to send Email when the failover link becomes active?

I have another location where something similar should be done, however the layout of the network if a little bit different.
I have an LTE uplink and a WiFi client uplink. I want to fallback to WiFi when the LTE is unreachable. I saw that you (same as me) don’t have much experience with LTE, but maybe you can help.
Wifi has DHCP client, so the same script could be used there.
However LTE does not have DHCP client, default route is added in LTE APN. It seems that it is a point-to-point interface because the address/network is

1 D 100.115.98.168/32  100.115.98.168  lte1

What I don’t know if this address changes or not.. If not, then in this scenario gateway=interface can be used right?

DarkNate · September 1, 2020, 2:46pm

Ah, that makes sense. This is what I’ve done. And it works when tested, as my ISP1 goes down pretty often and I never noticed any down-time on my client devices.

/ip route
add dst-address=8.8.8.8 gateway=pppoe-out1 scope=10
add dst-address=104.16.248.249 gateway=pppoe-out2 scope=10

/ip route
add distance=1 gateway=104.16.248.249 routing-mark=to_ISP1 check-gateway=ping
add distance=2 gateway=8.8.8.8 routing-mark=to_ISP1 check-gateway=ping

/ip route
add distance=1 gateway=8.8.8.8 routing-mark=to_ISP2 check-gateway=ping
add distance=2 gateway=104.16.248.249 routing-mark=to_ISP2 check-gateway=ping

But the “gateway” “host” is shown as unreachable. Any ideas why?

Chupaka · September 2, 2020, 10:47am

Sure, just add a route to a new checking host and add default route via that host. One of those default routes will be active.

You need some external script to check, for example, if your failover route is active and then do what you want.

However LTE does not have DHCP client, default route is added in LTE APN. It seems that it is a point-to-point interface because the address/network is
1 D 100.115.98.168/32  100.115.98.168  lte1
What I don’t know if this address changes or not.. If not, then in this scenario gateway=interface can be used right?

You just create a route with gateway=LTE and see if you still have access to the Internet

Chupaka · September 2, 2020, 10:52am

Yeah, all your routes are not working It’s because of RouterOS limitation: recursive routes cannot be resolved via interface routes (i.e. gateway=pppoe-out1 is bad route).

As a workaround, you make a copy of your PPP Profile that is used for that PPPoE connection, set “Remote address” to your Host (e.g. remote-address=8.8.8.8) and then simply remove a route to 8.8.8.8. Everything should work after that.

rkrisi · September 2, 2020, 10:57am

Can I use multiple CheckingHosts here? If yes, how?

Sure, just add a route to a new checking host and add default route via that host. One of those default routes will be active.

Also is it possible to send Email when the failover link becomes active?

You need some external script to check, for example, if your failover route is active and then do what you want.
However LTE does not have DHCP client, default route is added in LTE APN. It seems that it is a point-to-point interface because the address/network is
1 D 100.115.98.168/32  100.115.98.168  lte1
What I don’t know if this address changes or not.. If not, then in this scenario gateway=interface can be used right?
You just create a route with gateway=LTE and see if you still have access to the Internet

Well I’m pretty sure now that this would work this, because the default route added by ROS is also just using gateway=lte1, so this is a point-to-point interface.
However I have added everything as described, with the lte interface instead of IP and the connection won’t come up with this setup (These devices are in a remote location so I don’t really know what happens after these routes are applied).

DarkNate · September 2, 2020, 11:22am

Hey, it seems to have worked, thanks.

I suggest you actually add this work-around in the OP so that everyone else can get it right from first try.

Chupaka · September 2, 2020, 11:28am

Yeah, please see my post above… I don’t know what’s the best way to deal with LTE in that case. If there’s no event-driven scripts (like a script in DHCP Client), then probably a Scheduler is your friend, to check like every minute or so if LTE gateway IP changed and change your route accordingly.

DarkNate · September 2, 2020, 6:12pm

How would we replicate this same work-around when a PPPoE connection has both native IPv4 and native IPv6? I was able to do it for IPv4, but not for IPv6 as the “remote-address” only accepts a single IP.

Chupaka · September 2, 2020, 9:25pm

Unfortunately, I don’t have PPPoE with IPv6, so can’t even test… You may try to add your checking IP directly to the interface and see if it helps.

DarkNate · September 2, 2020, 9:53pm

That can’t be done as mentioned before, “Remote Address” in PPP profile only accepts a single address. Which is the same for IPv4, it limits recursive routing to single “Checking Host” as we can’t use for more than one IP for each PPP profile/interface’s “Remote Address”.

Any other possible workarounds?

Chupaka · September 2, 2020, 10:12pm

I mean, not via PPP Profile but directly, with /ipv6 address add

DarkNate · September 3, 2020, 2:08pm

Yeah, I tried it via address. Does not work.

Regarding IPv4 PPP profile, how could we have more than one “checking host” when “remote address” per PPP profile is limited to one?

Chupaka · September 3, 2020, 2:54pm

I see that you may add those routes manually via:

/ip address
add interface=PPP address=127.1.2.3 network=8.8.4.4

This (8.8.4.4) does work as gateway for recursive routes, according to my quick testing.

DarkNate · September 3, 2020, 9:16pm

I see that you may add those routes manually via:
/ip address
add interface=PPP address=127.1.2.3 network=8.8.4.4
This (8.8.4.4) does work as gateway for recursive routes, according to my quick testing.

But I get dynamic IPs from the PPPoE which my ISP changes randomly throughout the day. So that wouldn’t work.

Chupaka · September 3, 2020, 11:09pm

Well, by 127.1.2.3 I meant exactly 127.1.2.3, i.e. any private/unused address.

DarkNate · September 4, 2020, 4:12pm

Wait I’m not following so here, please help me understand this.

/ip address
add interface=PPP address=127.1.2.3 network=8.8.4.4

Network of course refers to the “test host”.
Address given means any private/unused address? I don’t understand its function/purpose, I don’t see how it would help in recursive routing failover with pppoe interfaces.

I tried this but it results in “reachable” only via single pppoe2 or 1 even if it’s destined for the other one

###Workaround for interfaces###
/ip address
add address=127.0.0.1 comment="Host for Recursive Routing on ISP 1" interface=pppoe-out1 network=8.8.8.8
add address=127.0.0.1 comment="Host for Recursive Routing on ISP 1" interface=pppoe-out1 network=1.1.1.1

add address=127.0.0.1 comment="Host for Recursive Routing on ISP 2" interface=pppoe-out2 network=1.1.1.1
add address=127.0.0.1 comment="Host for Recursive Routing on ISP 2" interface=pppoe-out2 network=8.8.8.8

/ip route
add distance=1 gateway=8.8.8.8 routing-mark=to_ISP1 check-gateway=ping comment="Recursive Route for first test host to ISP 1"
add distance=2 gateway=1.1.1.1 routing-mark=to_ISP1 check-gateway=ping comment="Recursive Route for second test host to ISP 1"

/ip route
add distance=1 gateway=1.1.1.1 routing-mark=to_ISP2 check-gateway=ping comment="Recursive Route for first test host to ISP 2"
add distance=2 gateway=8.8.8.8 routing-mark=to_ISP2 check-gateway=ping comment="Recursive Route for second test host to ISP 2"

Chupaka · September 5, 2020, 10:38am

You cannot check different uplinks via the same test host. So you need different hosts per uplink (like 8.8.8.8 and 1.1.1.1 for ISP1 and 8.8.4.4 and 1.0.0.1 for ISP2)