Netwatch...

ZETA992 · August 23, 2016, 2:42pm

Hi, Guys and Ledies… I got 1 trouble in netwatch working:
I have 2 links to web and type 2 scripts to change default route to first uplink or second
1.1.1.1- link one
2.2.2.2- two
netwatch every 10 seconds ping 8.8.8.8
i set default route to 8.8.8.8 gw 1.1.1.1
like here:
http://wiki.mikrotik.com/wiki/Manual:Tools/Netwatch

If i disable first link (8.8.8.8 is unreacheble)
netwatch: set default gw=2.2.2.2 and every 10 seconds say “UP”, set gw=1.1.1.1(his still disabled). and down routes to web.

Sorry for bad language…

ROS v 6.36

Deantwo · September 6, 2016, 12:43pm

Of course, the netwatch is able to reach 8.8.8.8 through the second ling, so it is “up” again.
You cannot specify an out-interface using netwatch.

It would be much easier to just make two default routes.
Like this:

/ip route
add distance=1 gateway=1.1.1.1%Wan1 check-gateway=ping
add distance=2 gateway=2.2.2.2%Wan2 check-gateway=ping

Since the second route has a higher distance, it will be ignored as long as the first route is valid.

Edit: Added check-gateway.

che · September 6, 2016, 1:40pm

You could also prevent your router from reaching 8.8.8.8 via WAN2 interface, like this:

/ip firewall filter add action=drop chain=output comment="gateway control" disabled=yes dst-address=8.8.8.8 out-interface=WAN2

Just replace “WAN2” with your actual interface name.

marting · September 12, 2016, 2:45pm

Two default gateways with different distances do not always work as expected and has a few disadvantages:

you have to know the address of the default gateway and it has to be always the same
you have to use check-gateway, this often does not recognize lost connection to gw and will never recognize lost internet link
check-gateway is not very flexible and comfortable

So netwatch has its justification in multi wan enivronments.
Solution of che is one possibility but has the little disadvantage that some kind of routing decision is done at different places (route and filter). So I would suggest this solution:

/ip route add distance=10 dst-address=8.8.8.8 gateway=ether-wan1
/ip route add distance=11 dst-address=8.8.8.8 type=prohibit

The consequence is that there is no routing to 8.8.8.8 than by ether-wan1 and you have your routing at one place. Disadvantage of this solution is: You won´t be able at all to use 8.8.8.8 by any other interface than ether-wan1 (e.g. no DNS by ether-wan2). If you need this, ches solution could be extended with protocol=icmp

Regards
Martin

Deantwo · September 12, 2016, 3:14pm

If you are getting a default gateway via DHCP, you can specify the distance of it.
For example:

/ip dhcp-client
add interface="Wan1" add-default-route=yes default-route-distance=10
add interface="Wan2" add-default-route=yes default-route-distance=11

I don’t think you can add check-gateway to it though, but depending on the lease time it may not be much of an issue.

I forgot to add check-gateway to the previous post. (Fixed it now)

I actually haven’t used check-gateway at all before, I am used to my routes only being affected by rather or not a interface exist or is running. So I don’t know how reliable it is.

marting · September 12, 2016, 3:37pm

I know distance in DHCP client. But there is no check-gateway.
Key of my previous post is type=prohibit for all other interfaces.

Different distances for default gateway work great if an interface is completely down (no link). But check-gateway did not have any noticable effect with my last test for about ten minutes. Dropped all traffic at my Gateway and watched the counter growing but route was still active.
Additionally check-gateway (while working) of course only can check the Gateway but no connection behind the Gateway.