I have a network with two mikrotik routers, each heading a subnet, with a connection between them, and also two separate connections to the public internet, one connected to each router. One of these connections is much faster than the other, so by default I have the router attached to the slower public internet connection forward all its traffic to the router attached to the faster public internet connection. But if the faster connection goes down, I want to failover to the slower connection. The slower connection is so much slower that under normal conditions I do not want to use it at all.
I wonder how I might accomplish this.
A good amount of the discussion about automatic failover that I’ve seen on this forum involves two public internet connections attached to different ports of a single router, with some logic to switch the default routing logic from one to the other. But how might I do this if the two connections are attached to different physical routers?
Some context here is that the two routers are connected via a fiber line, and one of the connections to the public internet is a starlink device, and the other is an LTE modem. Due to the distance between these devices it’s not possible to connect both the LTE modem and the starlink device to a single router, and there are additional client devices at both ends of the fiber line, so I can’t treat the fiber line as a dedicated connection to just the LTE modem or just the starlink device.
Any advice or general pointers would be much appreciated.
Easy answer is VRRP.
Basically it creates a virtual WAN/Route to the internet,
One router is declared the master and the other the slave but all the users only see one WAN.
When the master fails, the traffic is shunted through the backup WAN connection.
A slicker alternative, which may not appy for you is two create two instances of VRRP,
in this case for one virtual WAN setup (call it VRRP1) router A is the master and all local users on router A use this path.
for the other virtual WAN setup ( call it VRRP2) , Router B is the master and all local users on router B use this path.
If either fails, the other WAN is automatically used as backup.
In your case where it would appear WANB maybe is not a good candidate to be a master for local B users…
One follow-up question is: when one of my egress connections fails, it usually happens that both the router and the egress device remain online and processing packets, but IP packets simply fail to get delivered. Do you have any tips on how I can make sure that my routers each move to the VRRP backup state when their respective egress connections stop delivering packets in this way? I’ve had difficulty with this before because the interface typically remains online, and the modem devices keep responding to pings, but pings to the public internet fail. So I’m wondering how to trigger a move to VRRP backup state based on pings to the public internet or similar.
Note: we intentionally place comments on the config lines with the gateway ISP, in case these are dynamic WANIPs and scripts are needed to point to these lines to update the gateway IP addresses.
Hi Jaclaz, yup I could be wrong BUT!!
My thinking was that the actual WAN connection of each router to the ISP was INDEPENDENT of the virtual wan created between the two routers.
The VRRP is not tied in anyway to the ISP itself, for example.
How does the Master Router know if its ISP connection is available… that has nothing to do with the VRRP process.
The floating IP (virtual gateway to internet) is live on one router at any given time.
The VRRP process simply checks which router is master and which is slave ( compare priorities). ( protocol 112 using multicast traffic again, nothing to do with actual ISP connections )
++++++++++++++++++++++++++++++++++++++++++++++++
Thus in everything Ive read its not clear if VRRP is simply for hardware failure only or if the unavailability of the ISP connection also comes into play.
Connie Mercier suggested to have the two routers at the same time “independent” and “crossed”, i.e.
Router A has ISP1 as Primary and ISP2 as failover
while
Router B has ISP2 as Primary and ISP1 as failover
In that particular configuration the two kinds of failures (hardware/local connection and external/ISP connection) are managed on two different levels, one by the VRRP setup and one by the recursive.
What should happen:
router A Master AND router B slave (both running) → ISP1 OR if connection failed → ISP2
router A failed → router B becomes master, so → ISP2 OR if connection failed → ISP1
router B failed → router A remains master, so → ISP1 OR if connection failed → ISP2
But nothing that I can see prevents from having the same recursive routes on both routers, so:
router A Master AND router B slave (both running) → ISP1 OR if connection failed → ISP2
router A failed → router B becomes master, so → ISP1 OR if connection failed → ISP2
router B failed → router A remains master, so → ISP1 OR if connection failed → ISP2
What has to be seen is if the ISP1 connection goes through router A and ISP2 connection goes through router B, in this case when both the routers are running everything works as it should, but when one of the two routers fails (and triggers the VRRP) there will be only one ISP connection available to the “surviving” (elected master) router
You are 100% correct.
VRRP is simply only for router failure and could care less about recursive or netwatch.
To combine the two however is still possible!
one needs to run a script that when the connection to the internet is not available, then lower the priority on the Master priority for vrrp
when the internet connection comes back, raise the priority on the Master priority for vrrp.
Yep, still, from what I understand from the OP physical layout:
Router A (normally Master in VRRP) has a direct connection ONLY to ISP1
Router B (normally Slave in VRRP) has a direct connection ONLY to ISP2
So when both the routers are working, everything goes through Router A that can well have a primary connection to ISP1 and a secondary to ISP2 (but this lattert has to go though Router B).
Router B can as well have a primary and secondary connection (one of these being through router A), but since it is is Slave it will sit there “idle”, with the only role to connect ISP2 to router A.
IF Router A fails then VRRP elects Master Router B, but only the (secondary) connection to ISP2 will be working (because the one towards ISP1 won’t be usable because router A is dead).
On the other hand Router B normally does almost nothing, but if it fails (and the VRRP keeps Router A as Master) also the connection to ISP2 will go down.
It has to be seen if it is possible to bring the ISP2 connection also to Router A and the ISP1 connection also to router B.