Simple Solution to smart Failover

RouterOS Scripting
1

hI

I checked the forum and wiki , i found examples to make a routing failover , but all of them was depending on the gateway failure ...
In fact the gateway successfull response doesnt mean that there is a public internet connection , cause for example in Vsat systems the gateway is a router located in the same vsat location , othere isp's gateways are located in the same city ( most of the cases ) , so we need to test an IP which is beyond the local IP's .. to make sure that the public internet connection is really exist or its dropped ..

thats why i made this , tested it successfully , i'll post it here cause i need to be sure of what i did , and to let friends improve it ..
gateway1 = 192.168.1.1
gateway2 = 192.168.2.1

/ip route
add comment=gw1 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=30 target-scope=10
add comment=gw2 disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=192.168.2.1 scope=30 target-scope=10
add comment="Testing gw1" disabled=no distance=1 dst-address=4.2.2.3/32 gateway=192.168.1.1 scope=30 target-scope=10

we have an enabled gateway gw1= 192.168.1.1 , gw2 is disabled , the last line is to testing gw1 , assuming gw1 is the prefered gateway , testing will depend on a public ip address which is not usually used by you or by any one of your clients , as you see i choose 4.2.2.3 , so this ip will not be reached but from gw1 ..

/tool netwatch
add comment="" disabled=no down-script="/ip route set [find comment="gw1"] disabled=yes\r
\n/ip route set [find comment="gw2"] disabled=no\r
\n" host=4.2.2.3 interval=15s timeout=480ms up-script=
"/ip route set [find comment="gw1"] disabled=no\r
\n/ip route set [find comment="gw2"] disabled=yes"

netwatch tool will ping to 4.2.23 every 15 second if reply then the gw1 is enabled and gw2 is disabled , if timeout gw1 will be disabled and gw2 will be enabled , after 15 second this will be repeated ...

this was tested in 3 systems and succeded , any suggestion or corrections ?

RB-450G performs auto Fail-Over with the same gate way.
2

maybe look at http://forum.mikrotik.com/t/best-method-to-load-balance-2-internet-line/37337/15 :slight_smile:

3

well i really didnt see it in search , maybe cause i was searching for failover !!!
anyway , it has similar idea , about pinging an internet public IP .. but its different in treatment ..

i tried your example , when i put
add gateway=213.180.204.3 routing-mark=ISP1 scope=30 target-scope=30 check-gateway=ping
i got ( unreachable ) !!!

4

post your full set of rules - I have nothing to say about that one rule =) that gateway should be resolved recursively via

add dst-address=213.180.204.3/32 gateway=192.168.1.1 scope=10 target-scope=10
5

hi forum, this is my first post, although I have been reading the forum on several topics for many months now…

I have been researching on the most effective way to implement a simple failover solution between 2 ISP connections and found this one the best… It’s simple (no routing marks, no scripts) AND it reverts back to the main connection as soon as it’s available!

so thank you samsoft08 :slight_smile:

6

I’ve set up my system the same way as samsoft08’s, but if I disconnect cable from prefered gateway port, netwatch starts switching gateways up and down every “interval” seconds (in my case it’s 30). When I connect the cable, it switches the prefered gateway back up and stays in this state until the next disconnect.

7

did you add this route?

8

RouterBoard is 450G.
My /ip address print detail:

 0   address=192.168.2.110/24 network=192.168.2.0 interface=ether4-local 
     actual-interface=LAN 
 1   address=109.68.189.68/29 network=109.68.189.64 interface=ether1-gateway 
     actual-interface=ether1-gateway 
 2   address=195.94.254.53/29 network=195.94.254.48 interface=ether2-gateway 
     actual-interface=ether2-gateway

My /ip route print detail when GW1 port is connected looks like:

 0 A S  ;;; GW1
        dst-address=0.0.0.0/0 gateway=109.68.189.65 
        gateway-status=109.68.189.65 reachable ether1-gateway distance=1 
        scope=30 target-scope=10 
 1 X S  ;;; GW2
        dst-address=0.0.0.0/0 gateway=ether2-gateway 
        gateway-status=ether2-gateway inactive distance=1 scope=30 
        target-scope=10 
 2 ADC  dst-address=109.68.189.64/29 pref-src=109.68.189.68 
        gateway=ether1-gateway gateway-status=ether1-gateway reachable 
        distance=0 scope=10 
 3 A S  ;;; Test Google
        dst-address=173.194.35.216/32 pref-src=109.68.189.68 
        gateway=ether1-gateway gateway-status=ether1-gateway reachable 
        distance=1 scope=30 target-scope=10 
 4 ADC  dst-address=192.168.2.0/24 pref-src=192.168.2.110 gateway=LAN 
        gateway-status=LAN reachable distance=0 scope=10 
 5 ADC  dst-address=195.94.254.48/29 pref-src=195.94.254.53 
        gateway=ether2-gateway gateway-status=ether2-gateway reachable

/tool netwatch print detail:

 0   host=173.194.35.216 timeout=500ms interval=1m since=jan/24/2012 08:08:00 
     status=up up-script=/ip route set [find comment="GW1"] disabled=no\r\n/ip 
          route set [find comment="GW2"] disabled=yes 
     down-script=/ip route set [find comment="GW1"] disabled=yes\r\n/ip route 
            set [find comment="GW2"] disabled=no

When I disconnect GW1 port, /route print detail shows:

 0 A S  ;;; GW2
        dst-address=0.0.0.0/0 gateway=ether2-gateway 
        gateway-status=ether2-gateway reachable distance=1 scope=30 
        target-scope=10 
 1 X S  ;;; GW1
        dst-address=0.0.0.0/0 gateway=109.68.189.65 
        gateway-status=109.68.189.65 inactive distance=1 scope=30 
        target-scope=10 
 2 ADC  dst-address=109.68.189.64/29 pref-src=109.68.189.68 
        gateway=ether1-gateway gateway-status=ether1-gateway unreachable 
        distance=0 scope=200 
 3   S  ;;; Test Google
        dst-address=173.194.35.216/32 pref-src=109.68.189.68 
        gateway=ether1-gateway gateway-status=ether1-gateway unreachable 
        distance=1 scope=30 target-scope=10 
 4 ADC  dst-address=192.168.2.0/24 pref-src=192.168.2.110 gateway=LAN 
        gateway-status=LAN reachable distance=0 scope=10 
 5 ADC  dst-address=195.94.254.48/29 pref-src=195.94.254.53 
        gateway=ether2-gateway gateway-status=ether2-gateway reachable

And then starts switching every 1 minute between above and:

 0   S  ;;; GW1
        dst-address=0.0.0.0/0 gateway=109.68.189.65 
        gateway-status=109.68.189.65 unreachable distance=1 scope=30 
        target-scope=10 
 1 X S  ;;; GW2
        dst-address=0.0.0.0/0 gateway=ether2-gateway 
        gateway-status=ether2-gateway inactive distance=1 scope=30 
        target-scope=10 
 2 ADC  dst-address=109.68.189.64/29 pref-src=109.68.189.68 
        gateway=ether1-gateway gateway-status=ether1-gateway unreachable 
        distance=0 scope=200 
 3   S  ;;; Test Google
        dst-address=173.194.35.216/32 pref-src=109.68.189.68 
        gateway=ether1-gateway gateway-status=ether1-gateway unreachable 
        distance=1 scope=30 target-scope=10 
 4 ADC  dst-address=192.168.2.0/24 pref-src=192.168.2.110 gateway=LAN 
        gateway-status=LAN reachable distance=0 scope=10 
 5 ADC  dst-address=195.94.254.48/29 pref-src=195.94.254.53 
        gateway=ether2-gateway gateway-status=ether2-gateway reachable
9

instead of

3 A S  ;;; Test Google
        dst-address=173.194.35.216/32 pref-src=109.68.189.68
        gateway=ether1-gateway gateway-status=ether1-gateway reachable
        distance=1 scope=30 target-scope=10

try

3 A S  ;;; Test Google
        dst-address=173.194.35.216/32 pref-src=109.68.189.68
        gateway=109.68.189.65 gateway-status=109.68.189.65 reachable
        distance=1 scope=30 target-scope=10
10

Changing test gateway settings didn’t help. It didn’t block pinging Google from ether2-gateway, that was the problem. As soon as I recognized this, I just added the firewall rule:

 4   chain=output action=drop protocol=icmp dst-address=173.194.35.216 
     out-interface=ether2-gateway

and now everything is working.
Those test gateway is necessary to bypass firewall rule as soon as GW1 comes back up.