I every so often get the task of preparing for a WAN IP address change on a remote router. Often the change happens outside of business hours, and we of course want the least amount of downtime. Failing at this could leave the router unreachable and require a technician to go to the location to manually fix the issue.
There are several ways to do this, such as making a scheduled script to change it, or setup a separate interface with the new IP address and ask the on-site personal to swap the cables around.
The scheduled script is nice, but only if you know the exact time of the IP change.
Setting up a separate interface can be annoying if your firewall is interface based.
I have been toying with another option, it has a few things I am unsure of though.
It is possible to set multiple IP addresses on an interface in RouterOS, and I can set a second default gateway that will be ignored because an active route to that IP (0.0.0.0/0) already exist.
The questions I have is:
How does RouterOS handle having multiple IP addresses on the same interface?
Would it be able to notice that the IP suddenly change and start routing to the other gateway?
Would a reboot make it always select currently active IP and gateway? Or is this random?
Don’t know what you mean, ROS can have any number of IP addresses on the same interface. This can mess routing however if not done properly.
How would IP suddenly change? Do you mean having both IPs on the same interface then manually disabling the old IP?
If so, yes, that would be instantly noticed by ROS, disabling all routes that used that IP, and enabling (making active) any other routes using the new IP that you had with higher distance, which would have been sitting unactive (blue).
No need for reboot, and no randomness whatsoever. All that would be possibly needed is flushing the conntrack table (IP > Firewall > Connections) from entries using the old IP.
Yes. Using private addressing for transit, then assigning public WAN IPs on an interface which is not tied to any specific physical interface, i.e. an empty bridge.
You can assign the old and new IPs to this same empty bridge, and manage IP effective change by modifying the private transit routing.
Yeah, but having two routes with the same distance still seems to only make one route active (not blue), so what is the expected behavior when there are two routes with the same distance?
Yeah, so I can set the WAN interface to have both the old and the new IP addresses at the same time. So in theory the ISP could just change the IP address of the gateway or whatever.
I mean “suddenly change” as in the ISP change the gateway address, or some ISP technician changes the modem.
I so often ask myself why anyone, ISP and customer, would not want to just use DHCP.
So if a router boot up with two IP addresses on its WAN interface, both with their own gateway route of distance 1, the router will pick the correct route to make active?
I guess it is a weird question, but I don’t know if “check gateway” settings would be required in this case.
Ok, you have me intrigue, but I have no idea what you mean. Maybe you could explain a little better?
Can you please elaborate on the scenario? I thought you were the ISP.
It’s common practice in fact, either by using DHCP, or PPPoE. Again, I’m puzzled by your scenario, does your ISP only offer static ip setting for fixed addresses?
It will treat them as ECMP, but unless this is taken into account on the other end (ISP) it won’t work. Check gateway could be the way of automagically disabling the no longer valid ip/route so that no ECMP takes place, you’ll have to experiment…
I’m afraid that’s not possible to implement in your scenario. It’s common practice in NOCs and ISP serving other ISPs, to save on IPv4 address space and to achieve greater flexibility too.
1.- Add an empty bridge on Customer Router
2.- Assign public IP address w.x.y.z.
3.- Use 10.0.0.1 as default GW
4.- src-nat outgoing connections as w.x.y.z
Short version is that I sell network solutions. I setup a router at the customer’s location and have VPN tunnels to my officer where I have some special services available.
The customer is responsble for their internet connection, and therefore some of my customers have static IP addresses through their ISP.
The link was very helpful, guess I missed that. It clearly state that multipath (ECMP) routes aren’t supported and only one route is active. Which brings me back to my question of which route how the active route is selected.
See: wiki/Manual:IP/Route#Multipath_(ECMP)_routes
The link was very helpful, guess I missed that. It clearly state that multipath (ECMP) routes aren’t supported and only one route is active. Which brings me back to my question of which route how the active route is selected.
See: wiki/Manual:IP/Route#Multipath_(ECMP)_routes
Ouch, I was thinking on the private transit scenario and mixed up ECMP.
ECMP requires same gateway, reachable through multiple interfaces.
In your specific question possibly it will enable the route with the lowest absolute value IP, i.e. 1.1.1.1
Short version is that I sell network solutions. I setup a router at the customer’s location and have VPN tunnels to my officer where I have some special services available.
The customer is responsble for their internet connection, and therefore some of my customers have static IP addresses through their ISP.