Check gateway is what the name suggests, to check gateway. If you want to check some nodes behind the gateway use other tools. If you want to make the route active/inactive based on specific nodes reachability behind the gateway, use either recursive routing or other tools + scripts.
His other request is valid, though! Netwatch could have an optional source address, VRF, and fail-count added.
(not that I want to suggest working on that before finishing the BGP features
I’d used to a dynamic-in rule in V6 to add the check-gateway to a DHCP client injected dynamic route. Scriptable, but if you forget to add a script, no check-gateway. The dynamic-in rule made that automatic but those are still gone…
Since those are DNS addresses it make it look like DNS is involved, but they use them in the example since they are always pingable. But basically the 8.8.8.8 is the “host ip in the route for check gateway” you’re looking for. And if you have only one route, you don’t need the firewall marking either.
Remember to always use a host which is either under your control or has a defined policy w.r.t. pinging.
Otherwise, the admin of the host may at sometime get bored with all the pings, adjust the firewall so it no longer forwards those, and suddenly the ping replies stop and your network is in trouble.
I don’t know if 8.8.8.8 has a policy that allows pinging it, but I think it offers DNS resolver service, not PING service, explicitly. So that may terminate at any moment.
Years ago we had a situation like that in the network of the ISP I used at work. I had all kinds of clever scripting to change from main ADSL line to backup ISDN line and at some time it switched to ISDN because “no more ping on the ADSL”, then found no ping on ISDN either and shutdown the internet and sent an alert.
But all was fine, it was just the sysadmins that had enough of everyone pinging the router (they said it was inefficient and causing a load on their router) and disabled it.
And of course as a user, you have no guarantee that everything can be pinged. So be careful, especially when you have no monitoring.
I do wonder also why mikrotik doesnt provide us simpler gateway failover mechanism.
They could just add option to ping one or more ip in failover and route ping thru the very same gateway automatically thats added in rule like for example.
I’ve been forced down the recursive routing method myself - it works - but confusing. So don’t disagree, in theory “Detect Internet” under Interfaces does a lightweight version of that – but can’t say I’d recommend that approach in most cases.
I don’t use Google DNS myself, both for the concerns as @pe1chl but also if someone else looks at the config, it sure look like some kinda DNS redirection thing at first glance.
To me, Detect Internet seems as first step in that direction. Only so far it ended right there and doesn’t do anything useful beyond confusing users… which actually isn’t very useful.
