I need help setting up the Internet failover to MikroTik.
We have three MikroTik devices:
R1 and R2 – both with Internet access (WAN) and connected to the same LAN.
R0 – a central device that connects to R1 and R2 in LAN and can have an additional “ro-xp” network for local hosts.
The goal is to configure R0 to mainly use the link via R1, but in the event of an Internet connection failure at R1, it automatically switches to R2.
Verification of Internet availability is carried out by ping to an external address (e.g. 8.8.8), not just after the presence of R1 on the network.
BUT it implies in your case having a double NAT (which - depending on a number of factors, like speed of the devices involved, speed of the ISP's connections, need for low latency, etc. may - or may not - be an issue).
Without more details on devices involved, topology, how LAN(s) are configured, It Is difficult to say if there can be alternatives.
You can go with any of the usual solutions for failover between two ISPs, simply considering R1 and R2 as representing the ISPs from the POV of R0.
A much more elegant solution - and I think one you'd prefer - is that actually two default routes doesn't in any way imply NAT, so as long as the proper routes are available on both R1 and R2 to the clients served by R0, no NAT in R0 is necessary, only two defaults. Failover between those can be handled in the usual ways.
The much more proper and elegant solution is one that requires a bit of willingness to engage with actual networking principles, i. e. a bit masochistic for someone who's never done this before. This involves both R1 and R2 separately monitoring their respective connections, while both injecting their defaults into the routing domain. R0 simply receives them and probably has a preference. When both are working, the preferred one is used, when that fails, it's withdrawn.
The solution I presented above does not in any way imply that there is NAT on the R0 router, the place where he would configure the failover solution.
I have no idea why he uses 3 routers, it could be because R1 and R2 are actually LTE and 5G dishes mounted outside.
It could also be legacy, or maybe he sees this as a simple solution to provide both direct access to 2 different WANs and a failover access. Of course that can be done in a single router as well.
Anyway, the 'recursive routing' solution can be applied, and it works well. The only disadvantage over scripted solutions is that there is no easy way to send an e-mail when failover occurs.
I wasn't implying that you were implying. I just pointed out that in the usual examples NAT is done in one place that receives both connections. If for whatever reason (as you wrote) there are already routers for the two ISPs, NAT-ing can happen on them with appropriate (static) routing arrangements.
Maybe this (the lack of double NAT) was obvious to everyone, but I have seen quite a few questions like "how to transport an external IP?" and all sorts of hacky ways of doing so. If for whatever access method is chosen, NAT naturally happens at the terminating router (e.g. LTE) then it's okay to do so, and there is no need to involve any additional complication.
That is only because this page assumes you want to do the entire thing in one router instead of 3.
The solution is for switching between routes by defining a route to something like 8.8.8.8 with ping-check (and gateway is the ISP router, in this case R1 or R2) and then the default routes are set via that route to 8.8.8.8.
This is the recursive routing principle. It does not depend on NAT.
Just a different way of seeing things, that page (in my dictionary) is very far from "ready-made", more like "a completely different setup that contains some parts that may - or may not - apply to the OP situation, once aptly modified"
I have never seen a solution for this (and any other networking) problem where that isn't the case.
In principle it can just be cut/pasted but OF COURSE the local situation, like interface names, IP address of next hop, IP you want to use to monitor etc need to be adapted.
That doc page assumes one router. OP wants just failover so either just check-gateway (simplest but only check next hop) or recursive routes (check some remote host on internet in up, examplea shows 8.8.8.8 as what to determine if internet is up)... so that's the right doc.
But in OP's case, there are multiple routers... so what's confusing here is the desired local routing between routers. If I read this right, the LAN is on bridged on R1 and R2, R1 and R2 each have their own internet, and goal is LAN on R1/R2 is always routed to R0 where a decision is made which WAN to use. Is that correct?
And assuming that's right, you need recursive routes, since a next-hop (check-gateway=ping) alone is not going to help.
More generally since there are multiple routers with internet, one has to be careful to avoid create double NAT due to NAT rules. The NAT rules should only exist on the the routers with internet and only for that internet connection, all other traffic should be routed via /ip/route as needed without any NAT until it actually going out an WAN interface.
There always are multiple routers! The only thing different in the OP's case is that the other 2 routers are on-premise MikroTik routers. In all other cases they would be ISP routers, that could be either on-premise ISP-provided routers or else they would be ISP routers at the other end of the local broadband link.
No, because the details like IP addresses and network interfaces used on the networks are not included. And those are about the only things that would have to be adapted.