Configuring Secondary Wan Ip

ArslanK · March 17, 2018, 12:40pm

Just an overview what i’m trying to do.

I got ISP modem with 2 ISP LINKS attached to it. If one link goes down other link starts providing internet. Both these links are on static IP + different subnets and modem only got 1 Ethernet port. ISP recommends to setup these IP’s on router but im confused how to setup 2 different static IP’s on ethernet port 1 of Mikrotik.

Lets say the IP’s are 100.100.100.10/29 and 200.200.200.20/29. These are two different subnets. Can we setup ping check in route list to ping and set static automatically on which gateway is available.

sindy · March 17, 2018, 4:14pm

Technically, nothing prevents you from having several addresses from different subnets on the same physical interface. So if the modem always “connrects” the Ethernet port to just one of the two uplinks, you can use recursive routing together with gateway availability monitoring to route the traffic through the currently available gateway. I just wonder whether you can physically disconnect the uplink lines to verify that you have configured it correctly.

This article tells you everything you need for the purpose. The only difference in your case is that you use a single physical interface for both WAN subnets, so if the modem itself breaks down, it doesn’t help you that it has two uplinks. But the same is true if your Mikrotik breaks down, so the modem is not the only SPOF in your scheme anyway.

ArslanK · March 17, 2018, 5:23pm

I checked if alternate ip wakes up and starts working. Called ISP and they turned off one ip and mikrotik never routed to other IP. There is only one option to set static IP address and gateway. Lets say. 100.100.100.09 is gateway to ip 100.100.100.10 and this server is down.
Mikrotik shows in route list that this server is down and 200.200.200.19 gateway is pingable but where to configure static IP 200.200.200.20 for this interface.

Is there any settings that can make mikrotik to change IP address and Gateway automatically.

sindy · March 17, 2018, 7:00pm

Have you read that article? The trick is to have two static default routes, with different distances (the primary one has distance=1, the secondary has distance=2) which do not have the actual IP of the ISP as gateway but some public IP address which is always on. Individual /32 routes to such addresses must exist.
****So you have WAN subnet A and WAN subnet B. In each of them, you have your own address

X.X.X.own

and a gateway address

X.X.X.gw

. You attach them both to the same interface (e.g.,

ether1

):

/ip address add address=A.A.A.own/maskA interface=ether1
/ip address add address=B.B.B.own/maskB interface=ether1

Now you add two individual routes:

/ip route add dst=address=8.8.8.8 gateway=A.A.A.gw scope=10
/ip route add dst=address=8.8.4.4 gateway=B.B.B.gw scope=10

At this stage, pings to 8.8.8.8 will be sent via A.A.A.gw, so if the ISP puts link A down, they fail. Pings to 8.8.4.4 will be sent via B.B.B.gw, so they fail when ISP puts link B down.

Next, you create the two default routes as described above:

/ip route add check-gateway=ping gateway=8.8.8.8 scope=10 distance=1
/ip route add check-gateway=ping gateway=8.8.4.4 scope=10 distance=2

The scope parameter of all routes is critically important as otherwise the recursive gateway resolution does not work.

With this configuration, you should be able to access internet regarless which of the two uplinks would be currently active. Remember that existing sessions are broken each time the uplink changes as packets from your side start leaving from the other one of the two WAN addresses.

To permit devices on your LAN to work properly, you need to have a masquerade rule in place in the firewall:

/ip firewall nat add action=masquerade chain=srcnat out-interface=ether1

The masquerade handles automatically which of your WAN addresses to use for src-nat depending on the gateway used.