Hello forum,
I’m playing with multi WAN loadbalancing and Failover
Both WAN connections are behind own routers. I used this tutorial. https://www.youtube.com/watch?v=nlb7XAv57tw
Everything works well even tho my balancing ended in 20 rules because the primary conn is 1 Gbit and the secondary only 50 MBit.
/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-list=192.168.1.1 in-interface-list=LAN new-connection-mark=ISP1_conn
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-list=192.168.2.1 in-interface-list=LAN new-connection-mark=ISP2_conn
add action=mark-connection chain=prerouting connection-mark=no-mark connection-state=new in-interface="Inet VF VLAN50" new-connection-mark=ISP1_conn
add action=mark-connection chain=prerouting connection-mark=no-mark connection-state=new in-interface="Inet 1und1 VLAN 51" new-connection-mark=ISP2_conn
add action=mark-routing chain=output connection-mark=ISP1_conn new-routing-mark=ISP1-VF
add action=mark-routing chain=output connection-mark=ISP2_conn new-routing-mark=ISP2-1und1
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface-list=LAN new-connection-mark=ISP1_conn per-connection-classifier=\
src-address-and-port:20/1
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface-list=LAN new-connection-mark=ISP1_conn per-connection-classifier=\
src-address-and-port:20/2
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface-list=LAN new-connection-mark=ISP1_conn per-connection-classifier=\
src-address-and-port:20/3
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface-list=LAN new-connection-mark=ISP1_conn per-connection-classifier=\
src-address-and-port:20/4
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface-list=LAN new-connection-mark=ISP1_conn per-connection-classifier=\
src-address-and-port:20/5
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface-list=LAN new-connection-mark=ISP1_conn per-connection-classifier=\
src-address-and-port:20/6
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface-list=LAN new-connection-mark=ISP1_conn per-connection-classifier=\
src-address-and-port:20/9
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface-list=LAN new-connection-mark=ISP1_conn per-connection-classifier=\
src-address-and-port:20/10
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface-list=LAN new-connection-mark=ISP1_conn per-connection-classifier=\
src-address-and-port:20/11
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface-list=LAN new-connection-mark=ISP1_conn per-connection-classifier=\
src-address-and-port:20/12
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface-list=LAN new-connection-mark=ISP1_conn per-connection-classifier=\
src-address-and-port:20/13
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface-list=LAN new-connection-mark=ISP1_conn per-connection-classifier=\
src-address-and-port:20/14
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface-list=LAN new-connection-mark=ISP1_conn per-connection-classifier=\
src-address-and-port:20/15
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface-list=LAN new-connection-mark=ISP1_conn per-connection-classifier=\
src-address-and-port:20/16
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface-list=LAN new-connection-mark=ISP1_conn per-connection-classifier=\
src-address-and-port:20/17
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface-list=LAN new-connection-mark=ISP1_conn per-connection-classifier=\
src-address-and-port:20/18
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface-list=LAN new-connection-mark=ISP2_conn per-connection-classifier=\
src-address-and-port:20/19
add action=mark-routing chain=prerouting connection-mark=ISP1_conn in-interface-list=LAN new-routing-mark=ISP1-VF
add action=mark-routing chain=prerouting connection-mark=ISP2_conn in-interface-list=LAN new-routing-mark=ISP2-1und1
These are the coresponding routes.
/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.1.1 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=192.168.2.1 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=100
add check-gateway=ping disabled=no dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-table=ISP1-VF suppress-hw-offload=no
add check-gateway=ping disabled=no dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-table=ISP2-1und1 suppress-hw-offload=no
add check-gateway=ping disabled=no dst-address=8.8.8.8/32 gateway=192.168.1.1 routing-table=main suppress-hw-offload=no
add check-gateway=ping disabled=no dst-address=8.8.4.4/32 gateway=192.168.2.1 routing-table=main scope=30 suppress-hw-offload=no target-scope=1
I was plannig to use netwatch an a script for the failover.
Something like this:
#pseudocode down-script
if
8.8.8.8 via ISP1 is down
then
change all marks in mangle to ISP2
Is this a good way? Ist there a more efficient way?
Thanks for advice.