Evening all, has anybody got this to work?
http://wiki.mikrotik.com/wiki/Advanced_Routing_Failover_without_Scripting
I have been struggling and just want to check it does actually do what it says on the tin…
Thanks
Jamie
yes, it actually does what is said in the article =)
I have it working on many places. Working with 2 adsl lines without problems. A friend tell me that it doesnt work with a lot of traffic, but I dont tryed this. I believe that the Mbps doesnt matter.
probably it’s because of congested link, so ping packets are getting lost
Ummmm.. : D! Priorization of the output will fix it. We have v2.0rc xD
I’m sorry cause I will ressurect an old topic, but doesn’t work for me as well:
[admin@MTIK_KAZINO] /ip route> /ping 10.10.10.254
10.10.10.254 64 byte ping: ttl=64 time<1 ms
10.10.10.254 64 byte ping: ttl=64 time<1 ms
10.10.10.254 64 byte ping: ttl=64 time<1 ms
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0/0.0/0 ms
[admin@MTIK] /ip route> /ping 209.85.148.105
209.85.148.105 ping timeout
209.85.148.105 ping timeout
209.85.148.105 ping timeout
209.85.148.105 ping timeout
4 packets transmitted, 0 packets received, 100% packet loss
[admin@MTIK] /ip route> print detail
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
0 S dst-address=0.0.0.0/0 gateway=10.20.20.254 interface=LINK2 check-gateway=ping gateway-state=reachable distance=2 scope=30 target-scope=101 A S dst-address=0.0.0.0/0 gateway=209.85.148.105 interface=LINK1 gateway-state=recursive distance=1 scope=30 target-scope=10
2 ADC dst-address=10.0.0.0/24 pref-src=10.0.0.254 interface=CLIENT2 distance=0 scope=10
3 ADC dst-address=10.10.10.0/24 pref-src=10.10.10.1 interface=LINK1 distance=0 scope=10
4 ADC dst-address=10.20.20.0/24 pref-src=10.20.20.1 interface=LINK2 distance=0 scope=10
5 A S dst-address=66.220.158.25/32 gateway=10.20.20.254 interface=LINK2 gateway-state=reachable distance=1 scope=10 target-scope=10
6 ADC dst-address=192.168.0.0/24 pref-src=192.168.0.102 interface=ether1 distance=0 scope=10
7 ADC dst-address=192.168.101.0/24 pref-src=192.168.101.254 interface=CLIENT1 distance=0 scope=10
8 A S dst-address=209.85.148.105/32 gateway=10.10.10.254 interface=LINK1 gateway-state=reachable distance=1 scope=10 target-scope=10
[admin@MTIK] /ip route> /ip address print
Flags: X - disabled, I - invalid, D - dynamicADDRESS NETWORK BROADCAST INTERFACE
0 192.168.101.254/24 192.168.101.0 192.168.101.255 CLIENT1
1 10.0.0.254/24 10.0.0.0 10.0.0.255 CLIENT2
2 10.20.20.1/24 10.20.20.0 10.20.20.255 LINK2
3 10.10.10.1/24 10.10.10.0 10.10.10.255 LINK1
4 192.168.0.102/24 192.168.0.0 192.168.0.255 ether1
[admin@MTIK] /ip route>
As you can see ‘control’ host (209.85.148.105) is not pingable but routing path is still marked as A (active), which is wrong.
I tried with adding blackhole:
/ip route add dst-address=209.85.148.105 type=blackhole distance=20
but still nothing.
Any ideas?
ps. As you can see I didnt implement whole concept, just tried what will happen if one route is down (didnt make any route marking etc) - this is basic example of routing failover if control host is not reachable.
Note: this is just testing environment made on Xenserver, all mikrotik versions are 3.22
in route #1 you don’t have ‘check-gateway’ parameter, that’s why gateway=209.85.148.105 is not checked against reachability
/ip route set 1 check-gateway=ping
chupaka, thank you for fast response.
I actually posted wrong config (without ping check), cause I tried to experiment a bit and see what’s going on. Anyway, even with ping checking I cannot see route is going from ‘reachable’ to ‘unreachable’ . Trlied with ‘blackhole’ and without ‘blackhole’ :
[admin@MTIK] /ip route> /ping 10.10.10.254
10.10.10.254 64 byte ping: ttl=64 time=5 ms
10.10.10.254 64 byte ping: ttl=64 time<1 ms
10.10.10.254 64 byte ping: ttl=64 time<1 ms
10.10.10.254 64 byte ping: ttl=64 time<1 ms
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 0/1.2/5 ms
[admin@MTIK] /ip route> /ping 209.85.148.105
209.85.148.105 ping timeout
209.85.148.105 ping timeout
209.85.148.105 ping timeout
209.85.148.105 ping timeout
4 packets transmitted, 0 packets received, 100% packet loss
[admin@MTIK] /ip route> /ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibitDST-ADDRESS PREF-SRC GATEWAY-STATE GATEWAY DISTANCE INTERFACE
0 S 0.0.0.0/0 reachable 10.20.20.254 2 LINK2
1 A S 0.0.0.0/0 recursive 209.85.148.105 1 LINK1
2 ADC 10.0.0.0/24 10.0.0.254 0 CLIENT2
3 ADC 10.10.10.0/24 10.10.10.1 0 LINK1
4 ADC 10.20.20.0/24 10.20.20.1 0 LINK2
5 A S 66.220.158.25/32 reachable 10.20.20.254 1 LINK2
6 ADC 192.168.0.0/24 192.168.0.102 0 ether1
7 ADC 192.168.101.0/24 192.168.101.254 0 CLIENT1
8 A S 209.85.148.105/32 reachable 10.10.10.254 1 LINK1
9 X SB 209.85.148.105/32 20
[admin@MTIK] /ip route> print detail
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
0 S dst-address=0.0.0.0/0 gateway=10.20.20.254 interface=LINK2 check-gateway=ping gateway-state=reachable distance=2 scope=30 target-scope=101 A S dst-address=0.0.0.0/0 gateway=209.85.148.105 interface=LINK1 check-gateway=ping gateway-state=recursive distance=1 scope=30 target-scope=10
2 ADC dst-address=10.0.0.0/24 pref-src=10.0.0.254 interface=CLIENT2 distance=0 scope=10
3 ADC dst-address=10.10.10.0/24 pref-src=10.10.10.1 interface=LINK1 distance=0 scope=10
4 ADC dst-address=10.20.20.0/24 pref-src=10.20.20.1 interface=LINK2 distance=0 scope=10
5 A S dst-address=66.220.158.25/32 gateway=10.20.20.254 interface=LINK2 gateway-state=reachable distance=1 scope=10 target-scope=10
6 ADC dst-address=192.168.0.0/24 pref-src=192.168.0.102 interface=ether1 distance=0 scope=10
7 ADC dst-address=192.168.101.0/24 pref-src=192.168.101.254 interface=CLIENT1 distance=0 scope=10
8 A S dst-address=209.85.148.105/32 gateway=10.10.10.254 interface=LINK1 gateway-state=reachable distance=1 scope=10 target-scope=10
9 X SB dst-address=209.85.148.105/32 type=blackhole distance=20
[admin@MTIK] /ip route> enable 9
[admin@MTIK] /ip route> /ping 10.10.10.254
10.10.10.254 64 byte ping: ttl=64 time<1 ms
10.10.10.254 64 byte ping: ttl=64 time<1 ms
10.10.10.254 64 byte ping: ttl=64 time<1 ms
10.10.10.254 64 byte ping: ttl=64 time<1 ms
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 0/0.0/0 ms
[admin@MTIK] /ip route> /ping 209.85.148.105
209.85.148.105 ping timeout
209.85.148.105 ping timeout
209.85.148.105 ping timeout
209.85.148.105 ping timeout
209.85.148.105 ping timeout
5 packets transmitted, 0 packets received, 100% packet loss
[admin@MTIK] /ip route> print detail
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
0 S dst-address=0.0.0.0/0 gateway=10.20.20.254 interface=LINK2 check-gateway=ping gateway-state=reachable distance=2 scope=30 target-scope=101 A S dst-address=0.0.0.0/0 gateway=209.85.148.105 interface=LINK1 check-gateway=ping gateway-state=recursive distance=1 scope=30 target-scope=10
2 ADC dst-address=10.0.0.0/24 pref-src=10.0.0.254 interface=CLIENT2 distance=0 scope=10
3 ADC dst-address=10.10.10.0/24 pref-src=10.10.10.1 interface=LINK1 distance=0 scope=10
4 ADC dst-address=10.20.20.0/24 pref-src=10.20.20.1 interface=LINK2 distance=0 scope=10
5 A S dst-address=66.220.158.25/32 gateway=10.20.20.254 interface=LINK2 gateway-state=reachable distance=1 scope=10 target-scope=10
6 ADC dst-address=192.168.0.0/24 pref-src=192.168.0.102 interface=ether1 distance=0 scope=10
7 ADC dst-address=192.168.101.0/24 pref-src=192.168.101.254 interface=CLIENT1 distance=0 scope=10
8 A S dst-address=209.85.148.105/32 gateway=10.10.10.254 interface=LINK1 gateway-state=reachable distance=1 scope=10 target-scope=10
9 SB dst-address=209.85.148.105/32 type=blackhole distance=20
[admin@MTIK] /ip route>
yep, a bit strange. please recheck with the latest version
Look critically becos it is working.
Just wanted to say it is working like a charm with routeros 4.17.
Tnx for help people.
Hi to all,
I bring up this thread as I cannot have it working on a 751U-2HnD although I have spent several hours to find out what I’m doing wrong…
I’am trying the “Advanced routing failover without scripting” configuration but without the routing marks as follows:
/ip route
add dst-address=8.8.4.4 gateway=192.168.0.254 scope=10
add dst-address=8.8.8.8 gateway=192.168.1.1 scope=10
add distance=1 gateway=8.8.4.4 check-gateway=ping
add distance=2 gateway=8.8.8.8 check-gateway=ping
I have two gateways:
adsl router 1: 192.168.0.254 (my LAN 192.168.0.0/24, connecting using my mikrotik’s eth port 5)
and
adsl router 2: 192.168.1.1 (neighbour’s net 192.168.1.0/24, connecting using my mikrotik’s wifi iface)
The iface setup on my router:
[admin@MikroTik] > ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 192.168.0.251/24 192.168.0.0 ether5-slave-local
1 192.168.1.251/24 192.168.1.0 wlan1
My PC is at 192.168.0.4
The routing table:
[admin@MikroTik] /ip route> print detail
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
0 A S dst-address=0.0.0.0/0 gateway=8.8.4.4 gateway-status=8.8.4.4 recursive via 192.168.0.254 ether2-master-local check-gateway=ping distance=1 scope=30 target-scope=10
1 S dst-address=0.0.0.0/0 gateway=8.8.8.8 gateway-status=8.8.8.8 recursive via 192.168.1.1 wlan1 check-gateway=ping distance=2 scope=30 target-scope=10
2 A S dst-address=8.8.4.4/32 gateway=192.168.0.254 gateway-status=192.168.0.254 reachable via ether2-master-local distance=1 scope=10 target-scope=10
3 A S dst-address=8.8.8.8/32 gateway=192.168.1.1 gateway-status=192.168.1.1 reachable via wlan1 distance=1 scope=10 target-scope=10
4 ADC dst-address=192.168.0.0/24 pref-src=192.168.0.251 gateway=ether2-master-local gateway-status=ether2-master-local reachable distance=0 scope=10
5 ADC dst-address=192.168.1.0/24 pref-src=192.168.1.251 gateway=wlan1 gateway-status=wlan1 reachable distance=0 scope=10
Masquerading rule only for wifi iface:
[admin@MikroTik] > ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade to-addresses=192.168.1.251 out-interface=wlan1
What happens is that I am able to access the internet from 192.168.0.4 (my PC) when 192.168.0.254 (local adsl router) is connected to the internet (and 8.8.4.4 is reachable). When I disconnect 192.168.0.254 (adsl router / bring down its PPPoE connection), I can see the failover route becoming active with ‘A’, but 192.168.0.4 (my PC) is not able to connect to the internet through 192.168.1.1 (neighbour’s adsl router). However, if I set 192.168.1.1 as the only gateway to the mikrotik, 192.168.0.4 is able to connect to the internet without problem (which means that the masqerading and the routing to 192.168.1.1 over my wifi iface works). Also, if 8.8.8.8 (gw 192.168.1.1) route is set with distance 1 and 8.8.4.4 route (gw 192.168.0.254) is set with distance 2 (swap distance values), then I can connect through 192.168.1.1 but when it fails, I cannot connect through 192.168.0.254 although the 8.8.4.4 route has become active.
Clearly I am missing something here or there is a bug.
RouterOS: 5.25
firmware 3.07
All that simple ping checking is failing if the other end is actively filtering out the ping packets or is just too weak to answer to these (all the time). My ISP is all that and I’ve implemented indirect ways to detect if the connection is indeed down or not.
I have no problem with route activation. When 8.8.4.4 is not accessible, route 1 becomes active. I am even able to ping adresses and ssh to hosts but not able to browse the web. I would really appreciate if somebod could help, as I have spend so many hours trying…
For SEO means, the article is moved from Wiki to http://forum.mikrotik.com/t/advanced-routing-failover-without-scripting/136599/1