gotsprings I think your initial setup is questionable.
If comcast is your primary WAN, you shouldnt need to mangle anything for comcast, all traffic is going in that direction.
If you have some traffic that you need to go to the fail-over, that makes sense to me as a case for mangle.
Also I am assuming you want these users to go out cellular regardless so distance=1 is fine.
Dont need ping on second gateway it is implied that if the primary returns traffic will go back to primary.
NOW…
You do not want to rely on the ISP gateway for providing the indication of whats up or down as the ISP gateway can in some circumstances be flaky.
Sindy is quite correct, I will give him 10 points for Gryffindor, and if you want to see it with an associated route mark with mangling, you simply need to look at the configuration I provided.
Sindy, besides being really cool, what is the advantage or disadvantage of recursive routing??
I’m not an expert here, but BGP seems to need it to work at all.
With static routing, the use of recursive next-hop search is to check that not only the last mile link works but that you can also get somewhere further via that link. That’s why you declare rock stable addresses like 8.8.8.8 as recursive gateways. So you physically send your packets to the MAC address of the gateway on the other end of the WAN link, but you determine whether the route can be used or not by pinging the rock stable address, assuming that if the ping fails, the reason is not a failure of the rock stable address but of something between you and that address. As even rocks can sometimes fall, using two rock stable addresses, each operated by another large name, per each link is considered even more reliable.
The page sindy points to… scopes needing to be changed from 30 to 10 made it work.
I had just finished making scripts that pinged some hosts then changed the primary to 3 and cleared the connections. Then when it got 5 pings again… Flipped 3 to 1 and cleared connections. I had to set address rules that dropped the traffic when an assigned IP couldn’t use its ASSIGNED gateway. (Busy morning before sindy pointed to the page.)
The clearing connections makes things go a lot better whether I am using recursive or flipping gateways.
However…
"NB! You CANNOT test failover with continious #pinggoogle.com from your PC - because when jumping from ISP1 to ISP2 the packet flow needs to be restarted. For testing just open different webpages OR check Interface traffic from MikroTik. Good idea is to watch Interface traffic on Mikrotik while you are doing speedtest on internet. "
/////\ This part right here /////\
If you clear connections using netwatch… you loose 1 ping on a continuous ping from google ROLLING BACK TO PRIMARY by clearing connections in the firewall.
If you disable an interface… it is instant.
Hmm, can you script that for whenever the primary WANIP changes?
Like over to the failover IP and then back to the primary? Each time?
(would be useful to clear my VOIP stuck on old IP issues)
Even easier…
Set a static route to a host on your primary.
Write an output rule to drop the packet if it goes out any interface other than the primary.
Now make a netwatch to check that host.
Include in up or down the line to clear firewall connections.
Host is unreachable because it’s down… Clear connections. This speeds up any connection being held open on the primary and makes it open a new one over the secondary.
When the host pings as up… Clear connections. This makes anything stuck on failover connection, make a new connection using the primary route.
Depending on how you have failover set…
You can flip the default gateway using that same netwatch.
Ha, okay, no idea about setting a static route to a host on my network. I dont have any such hosts?
Also never used netwatch.
In another thread I am losing the bubble on mangling,
I recently found out my entire conception of how bridges work was shattered.
I seem to be getting less able to work on this unit every day.
