Hi All,
I have an RB751G running ROS 6.1 and I am trying to configure automatic failover. I have 2 gateways:
- Satellite internet connected to ether1 using DHCP client - primary
- 3G modem connected to the USB using PPP - backup
Both have a default route dynamically created by ROS with a Distance of 1 and the system seems to choose which one to make active arbitarially.
I’ve been looking at the Failover Routing script but as far as I can tell it requires that the backup route should have a Distance greater than the primary route and then the script increases the primary Distance to be greater than the backup Distance on failure. What I don’t see is how I can initially increase the backup route Distance to 2 in the first place as it is dynamic. I’ve tried using Route Filters but only seem to be able to affect both routes at the same time!
Any hints?
Thanks
CD
On the DHCP client you can set the default distance in the DHCP client window. For PPP I think the easiest approach is to make a manual routing entry.
Thanks. If I add a manual routing entry, will this prevent the dynamic one from being created?
You can disable the dynamic one in the PPP settings “Add Default Route” unchecked.
I’m now having a different issue. I’m using the Failover Script by Tomas Kirnak V1.0.7.
default rount “ether1-gateway” is primary with initial distance 1
default route “ppp-out1” is backup with initial distance 2
When initially set up the system marks ether1-gateway as active and ppp-out1 as inactive. I get ping responses from both interfaces. When I break the ether1-gateway internet access the system works fine, increases the distance of the ether1-gateway route to 3 and switches to the backup as I would expect. The system then marks the ether1-gateway route as inactive and ppp-out1 as active.
But then when I fix the ether1-gateway internet I don’t get ping response from it so it never swaps back. If I manually change the distance back to 1 I get ping response again without changing anything else.
CD
Hows your mangle and routing tables looking like?
So failover is working well, but just fallback is not?
Good morning Tomas. Thank you for getting back to me.
0 A S dst-address=0.0.0.0/0 gateway=l2tp-out1
gateway-status=l2tp-out1 reachable distance=1 scope=30
target-scope=10 routing-mark=to_tunnel
1 A S dst-address=0.0.0.0/0 gateway=ppp-out1
gateway-status=ppp-out1 reachable distance=2 scope=30 target-scope=10
2 S dst-address=0.0.0.0/0 gateway=192.168.4.1
gateway-status=192.168.4.1 reachable via ether1-gateway distance=3
scope=30 target-scope=10
3 ADC dst-address=10.112.112.127/32 pref-src=10.138.214.190 gateway=ppp-out1
gateway-status=ppp-out1 reachable distance=0 scope=10
4 ADC dst-address=192.168.4.0/24 pref-src=192.168.4.11 gateway=ether1-gatewa>
gateway-status=ether1-gateway reachable distance=0 scope=10
5 A S dst-address=192.168.44.0/24 gateway=l2tp-out1
gateway-status=l2tp-out1 reachable distance=1 scope=30
target-scope=10
6 ADC dst-address=192.168.88.0/24 pref-src=192.168.88.1 gateway=bridge-local
gateway-status=bridge-local reachable distance=0 scope=10
7 ADC dst-address=192.168.99.1/32 pref-src=192.168.99.2 gateway=l2tp-out1
gateway-status=l2tp-out1 reachable distance=0 scope=10
0 chain=prerouting action=mark-packet new-packet-mark=lan_pkt
passthrough=yes protocol=tcp src-address=192.168.88.13 src-port=80
1 chain=prerouting action=mark-routing new-routing-mark=to_tunnel
passthrough=yes packet-mark=lan_pkt
Note I have an L3TP tunnel set up to another Routerboard with a public IP to allow incomming HTTP requests to a local webserver as neither the satellite nor 3G connections have public IPs.
Correct. It appears that when the ether1-gateway route distance is set to 3 then I cannot ping from that interface so the count never decreases. I have checked this using tools-ping. Merely setting the distance from 1 to 3 with no other changes has this effect.
CD
Which version of ROS are you running?
Run these commands from console, whats the result:
ping 8.8.8.8 interface=l2tp-out1
ping 8.8.8.8 interface=ppp-out1
ping 8.8.8.8 interface=ether1-gateway
With the system configured as it would be in normal operation I get:
[admin@MikroTik] > ip route print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 l2tp-out1 1
1 A S 0.0.0.0/0 192.168.4.1 1
2 S 0.0.0.0/0 ppp-out1 2
3 ADC 10.112.112.125/32 10.180.196.132 ppp-out1 0
4 ADC 192.168.4.0/24 192.168.4.10 ether1-gateway 0
5 A S 192.168.44.0/24 l2tp-out1 1
6 ADC 192.168.88.0/24 192.168.88.1 bridge-local 0
7 ADC 192.168.99.1/32 192.168.99.2 l2tp-out1 0
[admin@MikroTik] > ping 8.8.8.8 interface=l2tp-out1
HOST SIZE TTL TIME STATUS
8.8.8.8 56 47 133ms
8.8.8.8 56 47 136ms
8.8.8.8 56 47 136ms
sent=3 received=3 packet-loss=0% min-rtt=133ms avg-rtt=135ms max-rtt=136ms
[admin@MikroTik] > ping 8.8.8.8 interface=ppp-out1
HOST SIZE TTL TIME STATUS
8.8.8.8 56 45 590ms
8.8.8.8 56 45 246ms
8.8.8.8 56 45 246ms
8.8.8.8 56 45 236ms
sent=4 received=4 packet-loss=0% min-rtt=236ms avg-rtt=329ms max-rtt=590m
[admin@MikroTik] > ping 8.8.8.8 interface=ether1-gateway
HOST SIZE TTL TIME STATUS
8.8.8.8 56 45 61ms
8.8.8.8 56 45 64ms
8.8.8.8 56 45 52ms
8.8.8.8 56 45 60ms
sent=4 received=4 packet-loss=0% min-rtt=52ms avg-rtt=59ms max-rtt=64ms
If I then increase the distance on the ether1-gateway default route to 3 (as the script would do on failover) with no other changes, I get:
[admin@MikroTik] > ip route print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 l2tp-out1 1
1 A S 0.0.0.0/0 ppp-out1 2
2 S 0.0.0.0/0 192.168.4.1 3
3 ADC 10.112.112.125/32 10.180.196.132 ppp-out1 0
4 ADC 192.168.4.0/24 192.168.4.10 ether1-gateway 0
5 A S 192.168.44.0/24 l2tp-out1 1
6 ADC 192.168.88.0/24 192.168.88.1 bridge-local 0
7 ADC 192.168.99.1/32 192.168.99.2 l2tp-out1 0
[admin@MikroTik] > ping 8.8.8.8 interface=ppp-out1
HOST SIZE TTL TIME STATUS
8.8.8.8 56 45 164ms
8.8.8.8 56 45 136ms
8.8.8.8 56 45 116ms
sent=3 received=3 packet-loss=0% min-rtt=116ms avg-rtt=138ms max-rtt=164ms
[admin@MikroTik] > ping 8.8.8.8 interface=l2tp-out1
HOST SIZE TTL TIME STATUS
8.8.8.8 56 47 122ms
8.8.8.8 56 47 306ms
8.8.8.8 56 47 126ms
sent=3 received=3 packet-loss=0% min-rtt=122ms avg-rtt=184ms max-rtt=306ms
[admin@MikroTik] > ping 8.8.8.8 interface=ether1-gateway
HOST SIZE TTL TIME STATUS
8.8.8.8 timeout
8.8.8.8 timeout
8.8.8.8 timeout
8.8.8.8 timeout
sent=4 received=0 packet-loss=100%
I was originally using ROS 6.1 but have downgraded to 5.25 and the results are the same.
CD
I think I know whats happening, but I dont have time to test currently. Could you please test it like this:
Setup a separate routing table for each ISP. In that routing table, have only a default route for that ISP.
Mangle on output, based on interface. So in mangle, if out-interface=ISP2, new-routing-mark=ISP2.
Do this for all ISPs.
What is currently happening for you I think is that you send traffic out a certain interface, but it goes to a wrong gateway.
Gateway gets chosen based on the main routing table, but interface is implicitely set in ping, so it doesnt work.
The method above should fix that.
I’ve not had time to test it again yet.
CD