Failover RouterOS v7

nayrgton · April 17, 2025, 5:17pm

A simple question, what is the best way to failover in RouterOS v7, recursive route or netwatch with script? Why?

sindy · April 17, 2025, 6:24pm

A simple answer, it depends.

A complicated answer - you may prefer speed of failover to anything else, then scripting can be faster than even netwatch; you may be really bad with scripting so recursive routing allows much less space for a mistake but it takes low tens of seconds to detect the failure. You may or may not care of false positives; you currently cannot monitor multiple canary addresses using a single netwatch instance so you are back at scripting if you want more than one canary.

nayrgton · April 17, 2025, 6:50pm

I’m not good with scripts yet, in RouterOS v6 I used to use the recursive route and it worked fine. In this case, it would be better to keep using the recursive route, right?

If you have any links with examples of scripts that do failover by checking more than one destination address to report the failure, I would like to see them.

jaclaz · April 17, 2025, 6:52pm

I would add, if i may, that the choice may be also influenced about the kind of connection(s) you have and how they behave, recursive is more “strict” and “fixed”, if gateway doesn’t reply to ping (check every 10 seconds, no replies two times), it switches, netwatch can be tweaked/adjusted adapting it to the characteristics of the connection (but on the other hand if you misconfigure the parameters may be ineffective or "overzealous

And it all depends on the internet use.
If your e-mail is not sent, you can probably wait some tens of seconds for the switch to happen, if you are watching a match or making a video call, every second may matter.

.

sindy · April 17, 2025, 7:02pm

Unless your requirements or expectations have changed, I would indeed recommend to stick with what you were satisfied with before. But even this simple recommendation is subjective, as I have enough other sources of excitement to try other approaches to failover just because they are different (I do try them when none of the already field-tested ones fulfils the requirements, though). Testing something new just for the fun of it is good if it helps you improve your skills.

The problem with any script is that copy-pasting without understanding may bite your back quite badly, so you should first get more familiar with scripting on different kind of tasks before using it for failover control.

nayrgton · April 17, 2025, 7:51pm

Thanks gentlemen, then I will continue using the recursive route while I start studying scripts until I have confidence to use them in failover.

anav · April 17, 2025, 8:20pm

VERSION7 instituted some changes mostly to the way of using scope and target scope…

Nested using a faux address for two canary selections.

/ip route
add dst-address=0.0.0.0/0 gateway=10.10.10.10 scope=10 target-scope=14
add distance=2 check-gateway=ping dst-address=10.10.10.10/32 gateway=9.9.9.9 scope=10 target-scope=13
add distance=2 dst-address=9.9.9.9/32 gateway=PrimaryISP-gatewayIP scope=10 target-scope=12 comment=WAN1-TEXT-IF-DYNAMIC
add distance=4 check-gateway=ping dst-address=10.10.10.10/32 gateway=1.0.0.1 scope=10 target-scope=13
add distance=4 dst-address=1.0.0.1/32 gateway=PrimaryISP-gatewayIP scope=10 target-scope=12 comment=WAN1-TEXT-IF-DYNAMIC
+++++++++++++++
add distance=6 dst-address=0.0.0.0/0 gateway=SecondaryISP-gatewayIP comment=WAN2-TEXT-IF-DYNAMIC

Standard single flat approach, one canary

/ip route
add check-gateway=ping dst-address=0.0.0.0/0 gateway=9.9.9.9 scope=10 target-scope=12
add dst-address=9.9.9.9/32 gateway=PrimaryISP-gatewayIP scope=10 target-scope=11 comment=WAN1-TEXT-IF-DYNAMIC
+++++++++++++++++
add distance=6 dst-address=0.0.0.0/0 gateway=SecondaryISP-gatewayIP comment=WAN2-TEXT-IF-DYNAMIC

++++++++++++++++++++++++++++++

If You do have some needs for WAN2 and thus it needs to be able to get back on line if it goes off line, then

/ip route
add check-gateway=ping dst-address=0.0.0.0/0 gateway=9.9.9.9 scope=10 target-scope=12
add dst-address=9.9.9.9/32 gateway=PrimaryISP-gatewayIP scope=10 target-scope=11 comment=WAN1-TEXT-IF-DYNAMIC
+++++++++++++++++
add distance=2 check-gateway=ping dst-address=0.0.0.0/0 gateway=8.8.4.4 scope=10 target-scope=12
add distance=2 dst-address=8.8.4.4/32 gateway=SecondaryISP-gatewayIP scope=10 target-scope=11 comment=comment=WAN2-TEXT-IF-DYNAMIC

\

Example IP DHCP script for dynamic WANIP.

from EXPORT
/ip dhcp-client
add comment=MyFibre default-route-distance=255 interface=vlanfibre script=“:if ($bound=1) do={\r
\n:local gw $"gateway-address"\r
\n/ip route set [ find comment="WAN1-TEXT-IF-DYNAMIC" gateway!=$gw ] gateway=$gw\r
\n/tool e-mail send to="youremail@gmail.com" subject=([/system identity\r
\nget name]) body=" This is your new gateway IP: $gw";\r
\n” use-peer-dns=no use-peer-ntp=no

FROM IP DHCP CLIENT SETTINGS.
DHCP Interface=vlanfibre ( or could be ether1 depending on your scenario )
Add Default Route=YES ( Use Peer DNS and Use Peer NTP not checked )

ADVANCED Default Route Distance= 255

SCRIPT TEXT:
:if ($bound=1) do={
:local gw $“gateway-address”
/ip route set [ find comment=“WAN1-TEXT-IF-DYNAMIC” gateway!=$gw ] gateway=$gw
/tool e-mail send to=“youremail@gmail.com” subject=([/system identity
get name]) body=" This is your new gateway IP: $gw";
}

jaclaz · April 19, 2025, 8:38am

@anav
Posts like yours are simply gold, it should IMHO be re-posted in a self-standing thread in “Useful user articles”:
https://forum.mikrotik.com/viewforum.php?f=23

There is seemingly a little slip of the finger, though, there should be an “add” at the beginning of this line:

dst-address=0.0.0.0/0 gateway=10.10.10.10 scope=10 target-scope=14

I believe it should be :

add > dst-address=0.0.0.0/0 gateway=10.10.10.10 scope=10 target-scope=14

anav · April 19, 2025, 2:32pm

Fixed, thanks!

nayrgton · April 22, 2025, 1:22pm

Thanks @anav