Check Gateway ping failover not working for Provider

tobcon · April 21, 2024, 10:45am

Hello

I have a Provider, which has its first hop within the local POP. This means, if there is an issue outside the local POP, the gateway still can be pinged. But connection to the Internet is not available anymore.

Due to this circumstance, the route, even with check-gateway enabled, still keeps being active when the Provider has issues within its network.

Is there a way to work around this?

I have found this solution to reroute e.g. 1.1.1.1 and do a check-gateway onto this. But isn’t this kind of risky? If there is a routing issue to 1.1.1.1 or 1.1.1.1 is unreachable, it will deactivate the route. http://forum.mikrotik.com/t/wan-load-balancing-between-2-isps-one-with-cgnat-and-another-in-bridge-mode-real-ipv4-address/150195/2

Is there a way to ping multiple targets, so there is the logic to just disable the route if all targets are unreachable?

anav · April 21, 2024, 10:47am

Yes its called recursive routing.

jaclaz · April 21, 2024, 11:46am

Maybe you want a netwatch script like:
http://forum.mikrotik.com/t/advanced-netwatch/163927/1

tobcon · April 22, 2024, 11:08pm

My provider now gave me an IP within its network which I can use as up metric.

Somehow, I’m unable to test recursive routing. Does it not work with different routing tables?

This is my test setup:

mangle rule

> /ip/firewall/mangle export where new-routing-mark=test
/ip firewall mangle
add action=mark-routing chain=prerouting dst-address-list=!allowed_to_router \
    new-routing-mark=test passthrough=yes src-address=172.16.90.117

not working (traffic flows over main table)

> /ip/route/export compact where routing-table=test
/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=1.1.1.1 pref-src="" routing-table=\
    test scope=30 suppress-hw-offload=no target-scope=12
add disabled=no distance=1 dst-address=1.1.1.1/32 gateway=192.168.88.1 pref-src="" routing-table=test scope=30 \
    suppress-hw-offload=no target-scope=1

working (traffic flows over test table)

> /ip/route/export terse  where routing-table=test      
/ip route add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.88.1 pref-src="" rout
ing-table=test scope=30 suppress-hw-offload=no target-scope=12

P.S. I’m also having issues with Fasttrack and the mangle rule. If I mangle it to this test table with Fasttrack enabled, the performance is terrible. Speedtest with just a few kb/s. Is this normal? Traffic over the main table over the same gateway is OK with Fasttrack enabled.

/ip firewall filter add action=fasttrack-connection chain=forward connection-state=established,related hw-offload=yes

anav · April 22, 2024, 11:58pm

A config is not snippets… and not into chasing moving targets!
Provide a network diagram ( should detail any vlans, WAN sources and type ( static,dynamic, public, not publice )
Provide a complete config
Provide requirements
a. identify all user(s)/device(s) and groups of users/devices including admin
b. identify all the traffic they require.

+++++++++++++++++++++++++++++++++++++++++++++++