Dual WAN failover - help and advice needed

RouterOS General
1

I have a small remote network using a RB750 as the head end router. There are two WAN sources - one a 26 mile wireless link (primary) and a Verizon LTE link handled by a Cradlepoint IBR650 (secondary).

Currently, the Cradlepoint is connected to ETH1 on the RB750. The Cradlepoint is managing the wireless link as primary and the LTE link as failover and is working OK (it can accept an external WAN source as well as using its internal LTE modem).

While I am getting by with this, I would rather have the RB750 accept both WAN sources and manage failover. The 650 is kinda a “black box” and doesn’t allow for a lot of flexibility in its configuration. Specifically, when it is operating in passthrough mode (like a bridge), it isn’t doing any routing and therefore won’t allow a src-nat rule that will allow me to access the wireless link devices so I can administer them. The 750 does this fine.

I have paged through lots of Mikrotik dual-WAN setups online and to say the least, am confused. Use NETWATCH, don’t use it, use a script, just use route commands…lots of different ways to go here.

Here is what I would like to be able to do:

Have my primary wireless feed connected to ETH1 on the 750 and the LTE feed via the Cradlepoint on ETH2 (unless this doesn’t make sense - I am open to suggestions).

Ping out on ETH1 to 8.8.8.8 (or whatever) to check for connectivity. If pings fail after some set period, switch to LTE on ETH2. When connectivity is restored on ETH1 (verifying by pings again), switch back.

I need to know how to change my current config to accept two WAN sources and then implement the failover scheme above. Again, I am open to suggestions on the scheme - I will readily admit that this isn’t my field of expertise. Because of that, simpler is better.

Here’s my current interface scheme:

[admin@MikroTik] > interface print
Flags: D - dynamic, X - disabled, R - running, S - slave

NAME TYPE ACTUAL-MTU L2MTU

0 R ether1-gateway ether 1500 1598
1 RS ether2-master-local ether 1500 1598
2 RS ether3-slave-local ether 1500 1598
3 RS ether4-slave-local ether 1500 1598
4 RS ether5-slave-local ether 1500 1598
5 R ;;; created from master port
bridge1 bridge 1500 1598
[admin@MikroTik] >

I would appreciate some help here as to what to change (and how) that won’t break everything else the router is doing. What will happen if ether2 becomes another gateway and ether3 becomes the “master”? Will all other router functions continue as before?

I am sure most of this is just basic stuff, but as I said before, I am no expert.

Thanks in advance for any help on this.

2

I really recommended to learn and do this one HowTo who have got the best way to use many WAN’s at ones.
Next you can use any method netwatch/script/pcc etc to just flow the outgoing - then this is small stuff.

Bandwidth-based load-balancing with failover. This presentation also covers Mangle.
This was presented at the MUM (MikroTik User Meeting) in New Orelans, USA.
Tomas Kirnak - YouTube: https://www.youtube.com/watch?v=67Dna_ffCvc&t=1s
http://mum.mikrotik.com/presentations/US12/tomas.pdf

3

I am not sure which RouterOS version are you using (it is recommended to use latest), but looks like ether2 interface is still part of the LAN bridge. Before configuring a separate network (WAN) on ether2 it must be removed from LAN bridge.

Just to have a simple failover something like https://wiki.mikrotik.com/wiki/Advanced_Routing_Failover_without_Scripting#Basic_Setup (but without routing marks)can be used. Preferably with some mangle rules to prevent incorrect source addresses leaking through incorrect ISPs.

4

Sorry, everyone - got busy and hadn’t gotten back to this.

I appreciate the responses. Will do some more research and see if I can figure this out for myself. My biggest question is how to reconfigure the existing ether2 port to be another WAN gateway.

It’ll probably be easier if I approach this as two separate issues. Get the additional port reconfigured and then tackle the failover.

5

VanceG

WinBox > Bridge > Ports tab > remove the ether2 from here
or
WinBox > Interface > ether2 > Master port setting must be Disabled - this give you hint that ROS must be upgraded if you see this settings.

6

So, after several months of hardware changes, I need to resurrect this topic.

I’ve given up on the Cradlepoint as backup WAN. Too expensive and Verizon is too flaky since they rolled out a tower update last July.

Now, I still use a 5G link as primary, but my backup link will be a 2G (lower speed but more likely to stay up during bad weather).

They will both connect via the same single connection from my ISP. All the examples I have checked out are for two ISP’s with two different IP’s. This will not be the case here.

Will the dual-ISP examples work with the same IP in both primary and secondary? Couldn’t find an answer to that.

Right now, I am able to manually switch between the two links without issues by swapping cables, so the ISP supports it OK.

7

This might help you: http://forum.mikrotik.com/t/advanced-routing-failover-without-scripting/136599/1

8

No, the same ISP for two SIM cards give you a two differ IP.