Hello,
Since routerOS 7, it is paintful and a PITA to perform WAN failover with two circuits. In ROS 6, we could rely on ip route gateway weights and or blackhole address, along with ICMP ping to gateway.
Has anyone or MikroTik tried WAN failover by using ARP? If not ARP reply from destination gateway IP, it can fail over? Other Firewall appliances will do this.
Your post is rambling nonsense, Wan and failover works just fine in RoS7.
I think that rather the problem is in his configuration
I have no idea how easy It was in v6, but It can be fairly easy in v7.
JFYI:
http://forum.mikrotik.com/t/simpler-failover-for-two-gateways-i-found-working/169108/1
Recursive routing under early RoS 7.x required some changes in “scope” and “target scope” settings compared to 6.x. And some inconsistency meaning a bit of trial and error. But once past that it works just the same.
There’s no need for trial and error. You set it like this:
0.0.0.0/0 via 8.8.8.8/32 scope=30 target-scope=20 check-gateway=ping
8.8.8.8/32 via whatever-gw-you-want scope=20 target-scope=10
so default route targets scope that a real route has. After that, you can check immediate gateway on default route. It should be whatever you set in second route
When I tested extensively in 2022 the behaviour was inconsistent. In some cases default route’s target scope needed to be 10 to find the gateway (scope 10), in other cases it needed to be 11. And some other inconsistencies. Hence trial and error to find the rule actually in effect for any specific configuration.
http://forum.mikrotik.com/t/recursive-routes-in-ros-7-x/154802/1
And ..
http://forum.mikrotik.com/t/dual-wan-recursive-failover-rosv7/154949/29
This is correct for early versions of ROS7, now it’s consistent as described above
Recursive has been the same for every sub version of version7, to my knowledge anyway.
In early versions, IIRC, there was a bug where scope was auto-decrementeded, so you had to specify target-scope 21 instead of 20 or something to hit scope 20 (maybe I’m wrong in exact terms but the description will be similar anyway). This was fixed and works as it is.
There was also a 6.x to 7.x change if you used what is referred to as “virtual hops”, effectively placeholders between the 0.0.0.0/0 default route and the actual remote gateways. For example 10.1.1.1 in this presentation slide 25 on …
https://mum.mikrotik.com/presentations/TH18/presentation_5725_1534743837.pdf
In early 7.x those “virtual hops” needed be be actual reachable addresses which respond to ICMP ping. In 6.x they didn’t.
I don’t know if that’s the case still, although personally I wouldn’t use them any way.
Quickly jumping back to the original question ..
Gateway detection using ARP would only work with a local gateway, reachable over Ethernet at Layer 2. For a remote gateway, even if the Internet router supports Proxy ARP, it will reply if it has a route to the remote gateway whether or not the remote gateway is alive (or even exists).
So the use case is narrow. Applicable if your L2 adjacent next hop gateway doesn’t reply to ping, and where an ARP response is a true test of whether the Internet is reachable or not.
And referring back to the last few posts the real conclusion is that recursive failover works perfectly well in 7.x, even if a few settings need to be changed from 6.x.