PCC, failover and routing issue

RouterOS Beginner Basics
1

Hi,

I’ve implemented PCC, using the noted manuals. All works well, it splits equally and also got hotspot working with it.
Now I’m trying to check failover, this also works if the whole connection goes down (aka disconnect ethernet cable).

I got 2 issues:
routing:
Getting not all routes marked as active. (missing knowledge on scope/target scope, expecting a solution there).
(cannot enable ping on line 0, as that marks route inactive. it says unreachable then).

my routes (remove disabled routes):

0 A S  ;;; PCC route WAN1
        dst-address=0.0.0.0/0 gateway=192.168.2.254 gateway-status=192.168.2.254 reachable via  WAN1 distance=1 scope=30 target-scope=10 routing-mark=to_WAN1 

 3 A S  ;;; PCC route WAN2
        dst-address=0.0.0.0/0 gateway=192.168.0.1 gateway-status=192.168.0.1 reachable via  WAN2 distance=2 scope=30 target-scope=10 routing-mark=to_WAN2 

 6 A S  ;;; non-PCC route WAN1
        dst-address=0.0.0.0/0 gateway=192.168.2.254 gateway-status=192.168.2.254 reachable via  WAN1 distance=1 scope=30 target-scope=10 

 7   S  ;;; non-PCC route WAN2
        dst-address=0.0.0.0/0 gateway=192.168.0.1 gateway-status=192.168.0.1 reachable via  WAN2 distance=2 scope=30 target-scope=10 

10 ADC  dst-address=192.168.0.0/24 pref-src=192.168.0.100 gateway=WAN2 gateway-status=WAN2 reachable distance=0 scope=10 

11 ADC  dst-address=192.168.2.0/24 pref-src=192.168.2.253 gateway=WAN1 gateway-status=WAN1 reachable distance=0 scope=10 

12 ADC  dst-address=192.168.4.0/23 pref-src=192.168.4.1 gateway=LAN5 gateway-status=LAN5 reachable distance=0 scope=10 

13 ADC  dst-address=192.168.88.0/24 pref-src=192.168.88.1 gateway=LAN3 gateway-status=LAN3 reachable distance=0 scope=10

Other issue (related to routes);
I tried implementing failover without scripting as in the wiki. But somehow that also fails.


I got the feeling it’s something ‘simple’. Please advise me what to do next.

Thank you!

Remon

2

What are the rules in IP - Firewall - Mangle?

3

Hi,

thank you already for taking the fimte to reply.

Here are all my firewall rules :slight_smile:

Thanks!

/ip firewall filter
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=drop chain=hs-input comment="Drop Winbox connection for hotspot users." dst-port=8291 protocol=tcp
add chain=input comment="Allow pinging the router itself on ALL interfaces" protocol=icmp
add chain=input comment="Accept all already established or related connections" connection-state=established,related
add chain=input comment="Allow PPTP connections from ALL interfaces" dst-port=1723 protocol=tcp
add chain=input comment="Allow PPTP connections from ALL interfaces" protocol=gre
add chain=input comment="Allow management from PPTP VPN Pool" src-address=192.168.134.0/24
add action=drop chain=input comment="Drop all incoming package on WAN1" in-interface=WAN1
add action=drop chain=input comment="Drop all incoming package on WAN2" in-interface=WAN2
add chain=forward comment="Accept all traffic types passing the router" connection-state=established,related
add action=drop chain=forward comment="Drop invalid packages" connection-state=invalid
add action=drop chain=forward comment="Drop all non-NAT packages passing on WAN1" connection-nat-state=!dstnat connection-state=new in-interface=WAN1
add action=drop chain=forward comment="Drop all non-NAT packages passing on WAN2" connection-nat-state=!dstnat connection-state=new in-interface=WAN2
add action=drop chain=forward comment="Drop traffic between Hotspot and Open network" dst-address=192.168.88.0/24 src-address=192.168.4.0/23
add action=drop chain=forward comment="Drop traffic between Hotspot and Open network" dst-address=192.168.4.0/23 src-address=192.168.88.0/24
/ip firewall mangle
add action=mark-connection chain=input comment="LB: Mark incoming connection" in-interface=WAN1 new-connection-mark=WAN1_conn
add action=mark-connection chain=input comment="LB: Mark incoming connection" in-interface=WAN2 new-connection-mark=WAN2_conn
add action=mark-routing chain=output comment="LB: Mark routing" connection-mark=WAN1_conn new-routing-mark=to_WAN1
add action=mark-routing chain=output comment="LB: Mark routing" connection-mark=WAN2_conn new-routing-mark=to_WAN2
add chain=prerouting comment="DISABLED - not needed\?" disabled=yes dst-address=192.168.0.0/24 in-interface=LAN3
add chain=prerouting comment="DISABLED - not needed\?" disabled=yes dst-address=192.168.0.0/24 in-interface=LAN5
add chain=prerouting comment="DISABLED - not needed\?" disabled=yes dst-address=192.168.2.0/24 in-interface=LAN3
add chain=prerouting comment="DISABLED - not needed\?" disabled=yes dst-address=192.168.2.0/24 in-interface=LAN5
add action=mark-connection chain=prerouting comment="LB: (open) PCC mark connection" dst-address-type=!local in-interface=LAN3 new-connection-mark=WAN1_conn per-connection-classifier=both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting comment="LB: (hotspot) PCC mark connection" dst-address-type=!local hotspot=auth in-interface=LAN5 new-connection-mark=WAN1_conn per-connection-classifier=both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting comment="LB: (open) PCC mark connection" dst-address-type=!local in-interface=LAN3 new-connection-mark=WAN2_conn per-connection-classifier=both-addresses-and-ports:2/1
add action=mark-connection chain=prerouting comment="LB: (hotspot) PCC mark connection" dst-address-type=!local hotspot=auth in-interface=LAN5 new-connection-mark=WAN2_conn per-connection-classifier=both-addresses-and-ports:2/1
add action=mark-routing chain=prerouting comment="LB: Mark routing to WAN1" connection-mark=WAN1_conn in-interface=LAN3 new-routing-mark=to_WAN1
add action=mark-routing chain=prerouting comment="LB: Mark routing to WAN1" connection-mark=WAN1_conn in-interface=LAN5 new-routing-mark=to_WAN1
add action=mark-routing chain=prerouting comment="LB: Mark routing to WAN2" connection-mark=WAN2_conn in-interface=LAN3 new-routing-mark=to_WAN2
add action=mark-routing chain=prerouting comment="LB: Mark routing to WAN2" connection-mark=WAN2_conn in-interface=LAN5 new-routing-mark=to_WAN2
/ip firewall nat
add chain=pre-hotspot disabled=yes dst-address-type=!local hotspot=auth
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="DISABLED - masquerade hotspot network" disabled=yes src-address=192.168.4.0/23
add action=masquerade chain=srcnat comment="NAT: traffic flowing out via WAN1" out-interface=WAN1
add action=masquerade chain=srcnat comment="NAT: traffic flowing out via WAN2" out-interface=WAN2