failover ping on interfaces

samuellsk · December 10, 2013, 9:02am

Hellou

I think i have read a lot of posts about failovers, multiwans,… but have not found any relating my issue.

I have 2 ISPs , first (ISP1) is through dsl , there is modem tplink that is pingable from internet, he has local IP-A , and running dhcp server. Mikrotik has dhcp client, requests IP and everything is fine, route 0.0.0.0 has priority 0
However ISP2 needs to set Public IP-B directly on mikrotik. So Ether3 has this IP with prioroty 1. In case of failure of ISP1 , mikrotik switches to ISP2 and traffic goes on. When ISP1 is back online, mikrotik switches back to this provider.

My problem is that Public IP-B is not pingable from internet, until priority is lower than DHCP Client (switch script from netwatch will increase priority of dhcp client default route if ip address that it monitors becomes unavailable through ISP1)

Is there any workaround for this ? I think its bug, if I set an IP on eth i want it to be pingable regardless of the priority of the other ethernet ports and their ip addresses.

Thank you.

tomaskir · December 10, 2013, 9:35am

It is not a bug, it is how routing works.

You will need to configure correct mangle for multi-wan, to use a correct route for correct packets.
Here is a presentation that should tell you how. You can ignore the load-balancing part.
http://tiktube.com/video/DofH3iFnjDJomGEoIDFqnrquKlEoLqHq=

samuellsk · December 10, 2013, 10:57am

great example, and on another mikrotik with 2 and more static “wan” ip addresses on diff ethernets it works (this is mine for example (eth2_to_wlan1 is bridge which is bridging internal network with wifi) :

/ip firewall mangle
add chain=prerouting dst-address=10.20.30.0/23  action=accept in-interface=eth2_to_wlan1
add chain=prerouting dst-address=195.168.31.216/29  action=accept in-interface=eth2_to_wlan1
add chain=prerouting in-interface=ether1 connection-mark=no-mark action=mark-connection new-connection-mark=ether1_conn
add chain=prerouting in-interface=ether3 connection-mark=no-mark action=mark-connection new-connection-mark=ether3_conn
add chain=prerouting  in-interface=eth2_to_wlan1 connection-mark=no-mark dst-address-type=!local per-connection-classifier=both-addresses:2/0 action=mark-connection new-connection-mark=ether1_conn 
add chain=prerouting  in-interface=eth2_to_wlan1 connection-mark=no-mark dst-address-type=!local per-connection-classifier=both-addresses:2/1 action=mark-connection new-connection-mark=ether3_conn
add chain=prerouting connection-mark=ether1_conn in-interface=eth2_to_wlan1 action=mark-routing new-routing-mark=to_ether1
add chain=prerouting connection-mark=ether3_conn in-interface=eth2_to_wlan1 action=mark-routing new-routing-mark=to_ether3
add chain=output connection-mark=ether1_conn action=mark-routing new-routing-mark=to_ether1     
add chain=output connection-mark=ether3_conn action=mark-routing new-routing-mark=to_ether3

/ip route
add dst-address=0.0.0.0/0 gateway=10.20.0.1 routing-mark=to_ether1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=195.168.31.217 routing-mark=to_ether3 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.20.0.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=195.168.31.217 distance=1 check-gateway=ping

I have read the presentation and dont see the difference in my example and presentation
but the question still stays, why (slightly modified rules (ip addressed only)) do not work on connection where wan1 is private dhcp client address , and wan2 is static public address.

edit:
This is the setup that is not working (for example) i think there is everything set up right (of course there are few “disabled” things so dont mind them)