I am using GNS3 to lab Mikrotik with failover network for a project I am working on. My goal is to make 192.168.66.1 the primary WAN and fail over to 192.168.77.1 if the primary WAN is down. My method of checking if the primary WAN is down is adding a static route to 8.8.8.8 and using a ping check (recursive, as described here: https://www.prinmath.com/ham/mikrotik-failover.htm)
The Problem: When I suspend the connection from ‘Mikrotik’ to ISP1 (192.168.66.1), I would expect the ping to 8.8.8.8 to stop working. However, it switches over and continues pinging on 192.168.77.1 gateway. I would expect the ping to timeout because I have it set to route over ISP1 exclusively, right? Anyone see anything wrong with this? Could it be a GNS3 issue or a mistake in my network topology outside of the Mikrotiks?
/ip route
add gateway=192.168.66.1
add comment="Validate Primary" dst-address=8.8.8.8/32 gateway=192.168.66.1 scope=10
add check-gateway=ping comment=Primary distance=1 gateway=8.8.8.8
add comment=Secondary distance=2 gateway=192.168.77.1
Packet Capture Proof:
7 1.549 ether1 192.168.66.2 8.8.8.8 icmp 70 0
8 1.567 ether1 8.8.8.8 192.168.66.2 icmp 70 0
9 1.746 ether1 0.0.0.0:68 (bootpc) 255.255.255.255:67 (bootps) udp 342 0
10 2.278 ether1 192.168.66.2 8.8.8.8 icmp 70 0
11 2.298 ether1 8.8.8.8 192.168.66.2 icmp 70 0
12 2.41 ether1 157 0
13 2.599 ether1 151 0
14 3.279 ether1 192.168.66.2 8.8.8.8 icmp 70 0
15 3.305 ether1 8.8.8.8 192.168.66.2 icmp 70 0
16 3.404 ether1 157 0
17 3.601 ether1 151 0
18 4.278 ether1 192.168.66.2 8.8.8.8 icmp 70 0
19 4.296 ether1 8.8.8.8 192.168.66.2 icmp 70 0
20 4.603 ether1 151 0
21 5.28 ether1 192.168.66.2 8.8.8.8 icmp 70 0
22 5.303 ether1 8.8.8.8 192.168.66.2 icmp 70 0
23 5.608 ether1 151 0
24 5.688 ether1 0.0.0.0:68 (bootpc) 255.255.255.255:67 (bootps) udp 342 0
25 6.278 ether1 192.168.66.2 8.8.8.8 icmp 70 0
26 6.298 ether1 8.8.8.8 192.168.66.2 icmp 70 0
27 7.28 ether2 192.168.77.2 8.8.8.8 icmp 70 0
28 7.298 ether2 8.8.8.8 192.168.77.2 icmp 70 0
29 8.275 ether2 192.168.77.2 8.8.8.8 icmp 70 0
30 8.292 ether2 8.8.8.8 192.168.77.2 icmp 70 0
31 9.278 ether2 192.168.77.2 8.8.8.8 icmp 70 0
32 9.294 ether2 8.8.8.8 192.168.77.2 icmp 70 0
33 9.448 ether2 192.168.77.2 8.8.8.8 icmp 70 0
34 9.467 ether2 8.8.8.8 192.168.77.2 icmp 70 0
35 10.278 ether2 192.168.77.2 8.8.8.8 icmp 70 0
36 10.295 ether2 8.8.8.8 192.168.77.2 icmp 70 0
37 10.963 ether2 192.168.77.1:5678 (discovery) 255.255.255.255:5678 (discovery) udp 196 0
38 10.963 ether2 128 0
39 10.964 ether2 157 0
40 11.281 ether2 192.168.77.2 8.8.8.8 icmp 70 0
Full Config of ‘Mikrotik’
/interface bridge
add name=local
/interface ethernet
set [ find default-name=ether1 ] disable-running-check=no
set [ find default-name=ether2 ] disable-running-check=no
set [ find default-name=ether3 ] disable-running-check=no
set [ find default-name=ether4 ] disable-running-check=no
set [ find default-name=ether5 ] disable-running-check=no
set [ find default-name=ether6 ] disable-running-check=no
set [ find default-name=ether7 ] disable-running-check=no
set [ find default-name=ether8 ] disable-running-check=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/port
set 0 name=serial0
/interface bridge port
add bridge=local interface=ether3
/ip address
add address=192.168.88.1/24 interface=local network=192.168.88.0
add address=192.168.66.2/24 interface=ether1 network=192.168.66.0
add address=192.168.77.2/24 interface=ether2 network=192.168.77.0
/ip dhcp-client
add interface=ether1
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/ip route
add gateway=192.168.66.1
add comment="Validate Primary" dst-address=8.8.8.8/32 gateway=192.168.66.1 scope=10
add check-gateway=ping comment=Primary distance=1 gateway=8.8.8.8
add comment=Secondary distance=2 gateway=192.168.77.1
Full Config of ISP1
/interface bridge
add name=local
/interface ethernet
set [ find default-name=ether1 ] disable-running-check=no
set [ find default-name=ether2 ] disable-running-check=no
set [ find default-name=ether3 ] disable-running-check=no
set [ find default-name=ether4 ] disable-running-check=no
set [ find default-name=ether5 ] disable-running-check=no
set [ find default-name=ether6 ] disable-running-check=no
set [ find default-name=ether7 ] disable-running-check=no
set [ find default-name=ether8 ] disable-running-check=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/port
set 0 name=serial0
/interface bridge port
add bridge=local interface=ether2
/ip address
add address=192.168.66.1/24 interface=local network=192.168.66.0
/ip dhcp-client
add interface=ether1
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
Full Config of ISP2
/interface bridge
add name=local
/interface ethernet
set [ find default-name=ether1 ] disable-running-check=no
set [ find default-name=ether2 ] disable-running-check=no
set [ find default-name=ether3 ] disable-running-check=no
set [ find default-name=ether4 ] disable-running-check=no
set [ find default-name=ether5 ] disable-running-check=no
set [ find default-name=ether6 ] disable-running-check=no
set [ find default-name=ether7 ] disable-running-check=no
set [ find default-name=ether8 ] disable-running-check=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/port
set 0 name=serial0
/interface bridge port
add bridge=local interface=ether2
/ip address
add address=192.168.77.1/24 interface=local network=192.168.77.0
/ip dhcp-client
add interface=ether1
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1