I have a setup with Dual WAN. I would like to replicate the current EdgeRouter based setup. The current EdgeRouter Setup pings one IP on the Internet from both Interfaces. It automatically creates two internal Routing Tables with one or the other Interfaces Gateway as Default Gateway. It then uses these two internal Routing Tables to run Pings for one or the other WAN Interface.
My way to solve this now would be to write a Mikrotik Script which on every run does housekeeping on two internal Routing Tables. Housekeeping in terms of creating these internal Routing Tables according to the Default Gateway of both WAN Interfaces. After doing this I can ping the IP on the Internet with internal Routing Table 0 and afterwards with the internal Routing Table 1.
With the results of this I then can run my logic to select the desired WAN and modify the main routing Table.
Is this how this should be done or is there a way easier approach? Both my WAN Interfaces have dynamic IP addresses. I also want to ping the same target from both WAN Interfaces.
I already searched for hours for a ready solution, but didn’t find any ready made solution. I get the IP + Gateway dynamically via DHCP for both WAN. Thus this solution won’t work. Also I don’t want to Ping the Gateway, I want to ping an Endpoint in the Internet. Pinging the Gateway won’t guarantee Internet access!
Ok, I got confused by isp1gateway and isp2gateway. But I think it still doesn’t really help for my use case. I get the IP + Gateway via DHCP. IP + Gateway is dynamic. So I shouldn’t hard code these into some scripts or routes. Your example hard codes the Gateway into the script, but these could change any time.
REMEMBER TO REMOVE “ADD DEFAULT ROUTE” ON DHCP CLIENTs
and add those scripts on “script” section of DHCP client
script for DHCP Client 1 = MAIN
/ip route
set [find where comment~"ISP1"] gateway=$"gateway-address"
script for DHCP Client 2 = FAILOVER
/ip route
set [find where comment~"ISP2"] gateway=$"gateway-address"
This must be pasted on new terminal, better if before do that remove all non dynamic routes from routes
DO NOT CHANGE COMMENTS!!! (until keeped ISP1 and ISP2 inside…)
First time change 2.3.4.5 and 6.7.8.9 with actuals or, after paste on new terminal, disable and re-enable dhcp clients
/ip dns
set servers=1.1.1.1,8.8.8.8
/ip route
add comment="A - 1.1.1.1 must be reachable only from ISP1" distance=1 dst-address=1.1.1.1/32 gateway=2.3.4.5 scope=10
add comment="B - Recursive Routing, check ping 1.1.1.1 instead of ISP IP" distance=10 gateway=1.1.1.1 check-gateway=ping
add comment="C - ISP2 is alternative Gateway" distance=20 gateway=6.7.8.9
Basically one wants to use existing DNS servers to verify not only if the connection to the ISP server is good but that the connection from the ISP server to the internet is also working.
What you haven’t described as requested is a clear set of requirements.
Is their a primary and secondary gateway
Do you have one subnet that should use one gateway and use the other gateway as backup or not
Do you have another subnet that should use the other gateway and use the gateway in 2. as backup or not.
What type of ISP connections (same provider? different provider? static or dynamic?)
Here is an example of my setup with a primary network of Bell Fibre (1gig up/down) and a secondary Eastlink Cable.
Note that all our email is done through Eastlink.
Thanks, this looks pretty amazing! I didn’t notice that I can attach scripts to a DHCP Client, this opens whole new possibilities. I’m still a Mikrotik NOOB, sorry for my dumb assumptions.
Disabled default route on the DHCP clients + Added the three routes + Configured the two DHCP clients with the scripts. After toggling the DHCP clients, the routes updated with the correct gateways. That’s already very nice.
I’m now stuck that it looks like the check-gateway fails. Thus it always prefers ISP2.
My routes:
[admin@MikroTik] > /ip/route print
Flags: D - DYNAMIC; I - INACTIVE, A - ACTIVE; c - CONNECT, s - STATIC, y - COPY; H - HW-OFFLOADED
Columns: DST-ADDRESS, GATEWAY, DISTANCE
# DST-ADDRESS GATEWAY DI
;;; C - ISP2 is alternative Gateway
0 As 0.0.0.0/0 172.16.50.1 20
;;; B - Recursive Routing, check ping 1.1.1.1 instead of ISP IP
1 IsH 0.0.0.0/0 1.1.1.1 10
;;; A - 1.1.1.1 must be reachabble only from ISP1
2 As 1.1.1.1/32 77.109.171.1 1
DAc 77.109.171.0/24 init7 0
DAc 172.16.50.0/24 50 0
DAc 172.16.90.0/24 90 0
DAc 192.168.88.0/24 lan 0
3 As 192.168.99.0/24 172.16.50.1 1
Next I checked if the static route for 1.1.1.1/32 worked. This seems to be the case compared to a traceroute with another IP (172.16.50.3 is an external NAT Router behind the same ISP for testing purposes):
Sorry the other fella will have to help you there, I only use scripts in DHCP client when necessary. Which is mainly to fetch a new gateway IP to stick in routes rules, when my ISP changes my IP address and or power outage or reboot etc…
Its much easier for me to do routing in the routing section and that way one can learn about routing more properly, than instituting a clever shortcut in the client settings.
Thats an advanced bit of work that one can do later once understanding the config of the router more holistically. Thus I dont condone for you doing this in dhcp client scripts.
Thats coming from a guy that is newish in the game without extensive IT experience or training. The other fella is lightyears ahead and thus he dreams this stuff and can quote MT scripts even while intoxicated. PS not insinuating he imbibes or anything just that he has neurons and synapses crammed with MT knowledge.
More importantly you didnt provide the answers to the questions posed 1.,2.3…
I thought it was self-explanatory LOL.
The point was read the link and then be relieved that the example provided is so simple in comparison to the Russian complex methods LOL.
Note1: Checkgateway ping has the effect of telling the router to keep checking the connection every 10 seconds or so.
If the route is down after two attempts then switch to the other route(s) available on the main table.
Keep checking the route and if it comes back up then go back to the original route.
The recursive bit basically states i want to route to the DNS1 using the gateway through MY ISP for the ping check.
If that is not working then try the alternate DNS2 using the gateway through MY ISP
If that is not working then using my secondary ISP gateway to check connectivity for routing.
They are differentiated by distance! So ISP1 DNS1 is primary, ISP1 DNS2 is secondary, and ISP2 is tertiary. ONe could get fancy and check the backup ISP through DNSs as well but I dont require that level of complication. One doesnt need to ping the backup ISP because as soon as connectivity is established via DNS1 or DNS2 on ISP1, the router will kick the routing back to ISP1.
The email bypass entry simply ensures that any traffic smtp which the router resolves to the IP address of the ISP2 mail server, bypasses ISP1.
I probably dont need the distance setting here but I put it just to amplify the priority of this traffic to myself and or the reader of the config.
Hi rextended, my ccr1009 is on version 6 LOL. The RB450Gx4 behind my hex (acting as a switch) and connected to the CCR1009 is running v7 beta6 as a wireguard router,/server mainly for the purposes of connecting to an RB4011 acting as wireguard client router, behind a Bell ISP device (combo modem/router) at a different location.
