Primary WAN Unreachable

terminal205 · July 18, 2017, 2:11pm

My Primary WAN link becomes unreachable when I have a secondary WAN link configured. Not entirely sure why.

pukkita · July 18, 2017, 2:52pm

Have a look at IP > Routes. Most probably because the default route changes to WAN2 when you add it.

You need to resort to mangle in order to setup routing with multiple WANs, see Tomas Kirnak presentation on load balance Video (presentation slides)

terminal205 · July 18, 2017, 5:58pm

I’ll take a look at the slides (Video streams are blocked at work =/ ). My concern (which I should have added in my original post) is that even when I manually set the first WAN link to priority, it says unreachable and defaults back to the second wan link, which in an ideal situation would be great as it means the failover is working… except there’s no reason to failover at this time.

pukkita · July 18, 2017, 7:02pm

post the outputs of

/ip route print
/ip route export

Unless your ISP enables ECMP with you (99% of home ISPs) you cannot have more than one default route with the same distance, as ROS will consider ECMP is enabled on those connections, while it isn’t.

Try setting the distance higher for the default route of WAN2 or the WAN with less priority. It will be set as not active by ROS (blue in Winbox IP > Routes).

That default route will be automatically enabled if the more priority one becomes unactive (by means of a netwatch script, check gateway parameter, etc).

If you’re using DHCP to get WAN2 IP, you can specify distance on the Advanced Tab (set it to 5 for example). If using PPPoE, look in the Dial Out tab, near the bottom.

Take your time to watch the video and review the slides to get a good grasp on the subject.

terminal205 · July 18, 2017, 8:20pm

We have 2 ISPs with a public /29 WAN block each.

Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 
 #         DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 S      0.0.0.0/0                                             (ISP1)                 1
 1 AS    0.0.0.0/0                                             (ISP2)                 2
 2 ADC 10.10.1.0/24            10.10.1.1             local                   0
 3  DC  (ISP1)                       (ISP1)                 ether1                255
 4 ADC (ISP2)                       (ISP2)                 ether2                0
[admin@tnLAB] /ip route> export   
# jul/18/2017 16:05:13 by RouterOS 6.39.1
# software id = U1IS-089Y
#
/ip route
add check-gateway=ping distance=1 gateway=(ISP1)
add check-gateway=ping distance=2 gateway=(ISP2)
/ip route rule
add interface=ether2 routing-mark=WIFI src-address=192.168.1.0/24 table=main
add dst-address=10.10.1.0/24 interface=local src-address=192.168.1.0/24 table=main
add dst-address=192.168.1.0/24 interface=local src-address=10.10.1.0/24 table=main

terminal205 · July 19, 2017, 6:37pm

So given the above output, why is the default route with a distance of 1 being flagged as unreachable ? I have tested this connection while directly connected to my laptop and it works fine.

terminal205 · July 19, 2017, 10:12pm

So I think I resolved this issue.
Apparently the WISP carrier doesn’t have their equipment to respond to PING, so when I have PING check enabled, it gets no response and says it’s down. However, when I switch it to ARP, it keeps the connection alive.

Now it’s time to dive into some failover and load balance scripting.