Does anyone have a list of reliable addresses one can use to monitor an internet connection?
I want to use that for a fail-over solution with recursive routing and ping-check of a sort of remote destination.
(the first level pings the next hop ISP router, but I have a second level that checks if the internet is functional)
For now I use dns.google and one.one.one.one but I would prefer to have some independent system that is as reliable as these, but “allows” the pinging.
Also, it is better to have some other address as these two can be used by users on the local network for their DNS resolver and would get unreachable when one of the internet connections is down…
2600::
Re: … ping … monitor an internet connection …
If I was going to try this , I think I would write up a Netwatch script.
Have it ping multiple IPs out on the internet and then have the script detect if all the the remote IPs being pinged were down , then take an action to reboot or use an alternate uplink connection.
Not an answer to your question, but pinging may be only part of a thorough “is internet working?” check, you may have ping OK but (for whatever reasons) DNS not working, the router will provide connection, but your browser won’t go anywhere.
For a second (or third) check, I would rather use one of the pages that the various OS’s/broiwsers use to determine internet connectivity (and to trigger hotspot as they are http). like the Microsoft ones::
http://www.msftncsi.com/ncsi.txt
http://www.msftconnecttest.com/ncsi.txt
or the Apple one:
http://captive.apple.com/
or the Google/Chrome/Android one:
http://connectivitycheck.gstatic.com/generate_204
(this works slightly differently, it should return a code 204)
or Firefox:
http://detectportal.firefox.com/success.txt
Third party:
http://fixwifi.it/
http://example.com/
http://example.org/
(these last two are IANA, so they should be rather stable)
You can use mine, only 5c per ping.
Is that a flat rate or do you make discounts for quantities? 
Yearly rate of $20,000, that an over 50% markdown sale!! Get it while its hot!
Indeed it works, but how reliable is that? Is there a description somewhere?
That is your decision to try to invent the wheel, but RouterOS provides all the mechanisms to make this working without any netwatch and without any script!
Only thing you need is a couple of recursive routes, and of course a couple of reliable ping targets. That is what I am after.
That does not matter. We have two independent fiber connections at two different providers, and we only need to switch the routing so that when one does not work, all traffic is going to the other. During normal times they are load-balanced.
DNS addresses are configured for both providers (8 in total, 4xIPv4 and 4xIPv6) so when it does not work at one provider the other one is automatically used.
The whole setup basically works, but using addresses for google and cloudflare, and those addresses are also commonly used public DNS addresses. I want to use other addresses so these services can be used by the users with equal reliability as for any other service.
maybe is redundant to recall the obvious, internet is not a specific thing, is a global system of interconnected networks, when you monitor if you can reach some host you only monitor that host and the path between you and that host, only that, additionally some hosts are available from multiple locations.
because of this, depends on the particular context of each network, yes of course monitoring a specific host can indirectly reflect your hability to reach some or most of the internet, but in other contexts it will not, because of that i think there is not an universal host for every situation
the challenge is to be able to precisely differentiate a full blackout from a partial one and its relevance for each specific situation, and again, on each network this situation can be very different
For example, Nowadays most volume of content are available locally without accessing foreign networks, so if you monitor a host on another continent you will consider “internet down” when you still have access to most content hosted locally
many scenarios can arise where the same strategy may not be the most successful while in others the same strategy it will be successful enough
That is why I want to have a “reliable address to ping”. Maybe I should have also specified that I prefer it to be an anycast address, like the ones I mentioned already to be using.
I need addresses that are sufficiently nearby to not be affected by some random failure on the other side of the planet, yet sufficiently far away to still test the routing at the ISP.
For example, the reason why this came back to my attention is that one ISP managed to break the routing to 2001:4860:4860::8888 while 2606:4700:4700::1111 is still fine. So my solution with recursive routing at two levels still works and did not make an unintended fail-over.
If youre ok with anycast addresses, any of the gtld servers should suit you. They are all set up anycast (or at least multicast) at this point, are highly reliable and handle huge amount of Icmp and dns requests. On the other hand 8.8.8.8 might be the most reliable address on the internet. I was recently amazed when the old favorite 4.2.2.2 was unreachable from my house for a couple of weeks so anything can go down.
Ah that is a great idea! Thanks.
Well, except of course that “they” could block ping at such servers at any time, just as they could do on 8.8.8.8 etc.
I think I still have to extend my search for services that are publicly offering ping support, like 8.8.8.8 offers DNS support, and are similarly reliable.
(note that I need at least 4 IPv4 and 4 IPv6 addresses, preferably from two completely unrelated suppliers. the gtld servers offer that)
Not sure that I’ve ever heard of a site offering supported ping. Those DNS servers have been responding to pings since the beginning of the modern internet, and it would be big news if they stopped. Only thing I would wonder about is if the ever changed address. At this point a good portion of internet devices use pinging 8.8.8.8 to decide whether they have “Internet Access”, including Mikrotik if youre silly enough to turn that on.
Yeah, but as I wrote they are also often used by users on the local network (behind the router) so using them for the recursive route check is not optimal (when the ISP associated with the particular address is down, the service becomes unavailable).
I notice that I can ping 1.1.1.2, 1.1.1.3, 1.1.1.4 etc so that maybe provides some alternatives but not for 8.8.8.9 etc.
Not sure I follow you completely, but it sounds like you are looking for ISP diversity in the addresses you ping. Anything anycast should do that. The simplest way to assure pretty good diversity in both networks and organizations would be pick one Cloudflare address (1.1.1.1, 1.1.1.2, 1.1.1.3, 1.0.0.1 etc) and one google address (8.8.8.8, 8.8.4.4). If both those orgs are unreachable at the same time the internet is having a really bad day.
That is what I am doing now. But you need to know the context:
https://help.mikrotik.com/docs/spaces/ROS/pages/26476608/Failover+WAN+Backup
(in reality it is slightly more complicated than that, because we also do load balancing using multiple route tables)
With this solution you necessarily have /32 routes for each of the probe addresses that each point to one of our connection ISPs.
When that ISP is down, that specific destination is unreachable.
The solution switches all traffic to the other ISP, but that single route needs to remain in place to probe the down ISP to see if it comes back up.
That means that when I use 8.8.8.8 and 8.8.4.4 for detecting the availability of each of our ISPs (which I do), those addresses which are commonly used by users of the network are less reliable than all others.
I also use 1.1.1.1 and 1.0.0.1 and it looks like that could be changed to a “nearby” address to solve that problem.
That is why I am looking for reliable addresses to ping that are NOT the ones that everyone uses for their DNS.
Ok, got it. So you could “sacrifice” one google and one cloudflare server to this scheme and be pretty safe knowing that most people use 1.1.1.1 or 8.8.8.8. Usually admins assign at least 2 servers and clients will fail over if one doesnt respond. If you use 1.0.0.3 from Cloudflares server addresses and 8.8.4.4 from Googles DNS servers you should be fine, odds are low they are the only 2 assigned servers. Or try to use the IPv6 addresses. Or use gtld servers.
Good luck!
There is no “or use IPv6 servers”, I need to use both of them independently to make it work for IPv4 and IPv6.
Which of course is required as well because an ISP may e.g. be defective for IPv6 but working for IPv4 (currently one of ours is).
So the failover procedure is independent for IPv4 and IPv6.
I need two addresses from each “service” for checking our 2 alternative links, and for redundancy another 2 (so we will not switchover when the service is down rather than the ISP.
So now I use all these addresses:
$ host one.one.one.one
one.one.one.one has address 1.0.0.1
one.one.one.one has address 1.1.1.1
one.one.one.one has IPv6 address 2606:4700:4700::1001
one.one.one.one has IPv6 address 2606:4700:4700::1111
$ host dns.google
dns.google has address 8.8.4.4
dns.google has address 8.8.8.8
dns.google has IPv6 address 2001:4860:4860::8888
dns.google has IPv6 address 2001:4860:4860::8844
To fully replace them I need 8 new addresses, but I will start with the Cloudflare ones as the seem to have alternatives.