Community discussions

 
tricksol
newbie
Topic Author
Posts: 26
Joined: Thu Sep 03, 2015 3:55 pm

Problem with dual wan failover not moving back to primary.

Sat Dec 19, 2015 4:53 pm

Backgound: A remote site of mine has two connections

Connection 1: Att Uverse DSL
Connection 2: Verizon LTE service on cradlepoint in bridge mode.

IP's have been change for privacy reasons.

Because the uverse can't be put into bridge mode we had to configure it with the public statics on it's lan side and turn on cascading router. This option gives is our /29 to use but also breaks the check gateway because the gateway is always up even if we have a provider cut. The lte gateways is far off the device so it would work as expected but I don't want it to be a provider unless the primary has gone down.

I have setup mangle rules to tag traffic so the come in and out on the same provider and found a wan failover script on the wiki that sorta works.

If I am on the primary I can select ping and choose an interface and pings are normal times, if I select the secondary interface the pings are long like they should be on a lte connection.

Script runs every 10 seconds and will fail over to the secondary when it fails but will not bring up the primary once its restored. Once it's failed over I can no longer ping out the primary interface so the ping are not restored and the script doesn't return the distance on the gateways.

Can someone help me correct this issue?

/ip firewall mangle
add action=mark-connection chain=input in-interface=ether1-WAN \
new-connection-mark=isp1-in
add action=mark-routing chain=output connection-mark=isp1-in \
new-routing-mark=isp1-out passthrough=no
add action=mark-connection chain=input in-interface=ether2-WAN \
new-connection-mark=isp2-in
add action=mark-routing chain=output connection-mark=isp2-in \
new-routing-mark=isp2-out passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1-WAN
add action=masquerade chain=srcnat out-interface=ether2-WAN
/ip route
add distance=1 gateway=10.0.0.1 routing-mark=isp1-out
add distance=2 gateway=172.16.0.1 routing-mark=isp2-out
add distance=2 gateway=172.16.0.1
add distance=1 gateway=10.0.0.1

/system scheduler
add interval=10s name=DualWanFailover on-event=DualWanFailover policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
nov/18/2015 start-time=21:51:02
/system script
add name=DualWanFailover owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive source="# ----\
--------------- header -------------------\
\n# Script by Tomas Kirnak, version 1.0.7\
\n# If you use this script, or edit and\
\n# re-use it, please keep the header intact.\
\n#\
\n# For more information and details about\
\n# this script please visit the wiki page at\
\n# http://wiki.mikrotik.com/wiki/Failover_Scripting\
\n# ------------------- header -------------------\
\n\
\n\
\n\
\n# ------------- start editing here -------------\
\n# Edit the variables below to suit your needs\
\n\
\n# Please fill the WAN interface names\
\n:local InterfaceISP1 ether1-WAN\
\n:local InterfaceISP2 ether2-WAN\
\n\
\n# Please fill the gateway IPs (or interface names in case of PPP)\
\n:local GatewayISP1 10.0.0.1\
\n:local GatewayISP2 172.16.0.1\
\n\
\n# Please fill the ping check host - currently: resolver1.opendns.com\
\n:local PingTarget 208.67.222.222\
\n\
\n# Please fill how many ping failures are allowed before fail-over happe\
nds\
\n:local FailTreshold 20\
\n\
\n# Define the distance increase of a route when it fails\
\n:local DistanceIncrease 2\
\n\
\n# Editing the script after this point may break it\
\n# -------------- stop editing here --------------\
\n\
\n\
\n\
\n# Declare the global variables\
\n:global PingFailCountISP1\
\n:global PingFailCountISP2\
\n\
\n# This inicializes the PingFailCount variables, in case this is the 1st\
\_time the script has ran\
\n:if ([:typeof \$PingFailCountISP1] = \"nothing\") do={:set PingFailCoun\
tISP1 0}\
\n:if ([:typeof \$PingFailCountISP2] = \"nothing\") do={:set PingFailCoun\
tISP2 0}\
\n\
\n# This variable will be used to keep results of individual ping attempt\
s\
\n:local PingResult\
\n\
\n\
\n\
\n# Check ISP1\
\n:set PingResult [ping \$PingTarget count=1 interface=\$InterfaceISP1]\
\n:put \$PingResult\
\n\
\n:if (\$PingResult = 0) do={\
\n\t:if (\$PingFailCountISP1 < (\$FailTreshold+2)) do={\
\n\t\t:set PingFailCountISP1 (\$PingFailCountISP1 + 1)\
\n\t\t\
\n\t\t:if (\$PingFailCountISP1 = \$FailTreshold) do={\
\n\t\t\t:log warning \"ISP1 has a problem en route to \$PingTarget - incr\
easing distance of routes.\"\
\n\t\t\t:foreach i in=[/ip route find gateway=\$GatewayISP1 && static] do\
=\\\
\n\t\t\t\t{/ip route set \$i distance=([/ip route get \$i distance] + \$D\
istanceIncrease)}\
\n\t\t\t:log warning \"Route distance increase finished.\"\
\n\t\t}\
\n\t}\
\n}\
\n:if (\$PingResult = 1) do={\
\n\t:if (\$PingFailCountISP1 > 0) do={\
\n\t\t:set PingFailCountISP1 (\$PingFailCountISP1 - 1)\
\n\t\t\
\n\t\t:if (\$PingFailCountISP1 = (\$FailTreshold -1)) do={\
\n\t\t\t:log warning \"ISP1 can reach \$PingTarget again - bringing back \
original distance of routes.\"\
\n\t\t\t:foreach i in=[/ip route find gateway=\$GatewayISP1 && static] do\
=\\\
\n\t\t\t\t{/ip route set \$i distance=([/ip route get \$i distance] - \$D\
istanceIncrease)}\
\n\t\t\t:log warning \"Route distance decrease finished.\"\
\n\t\t}\
\n\t}\
\n}\
\n\
\n\
\n\
\n# Check ISP2\
\n:set PingResult [ping \$PingTarget count=1 interface=\$InterfaceISP2]\
\n:put \$PingResult\
\n\
\n:if (\$PingResult = 0) do={\
\n\t:if (\$PingFailCountISP2 < (\$FailTreshold+2)) do={\
\n\t\t:set PingFailCountISP2 (\$PingFailCountISP2 + 1)\
\n\t\t\
\n\t\t:if (\$PingFailCountISP2 = \$FailTreshold) do={\
\n\t\t\t:log warning \"ISP2 has a problem en route to \$PingTarget - incr\
easing distance of routes.\"\
\n\t\t\t:foreach i in=[/ip route find gateway=\$GatewayISP2 && static] do\
=\\\
\n\t\t\t\t{/ip route set \$i distance=([/ip route get \$i distance] + \$D\
istanceIncrease)}\
\n\t\t\t:log warning \"Route distance increase finished.\"\
\n\t\t}\
\n\t}\
\n}\
\n:if (\$PingResult = 1) do={\
\n\t:if (\$PingFailCountISP2 > 0) do={\
\n\t\t:set PingFailCountISP2 (\$PingFailCountISP2 - 1)\
\n\t\t\
\n\t\t:if (\$PingFailCountISP2 = (\$FailTreshold -1)) do={\
\n\t\t\t:log warning \"ISP2 can reach \$PingTarget again - bringing back \
original distance of routes.\"\
\n\t\t\t:foreach i in=[/ip route find gateway=\$GatewayISP2 && static] do\
=\\\
\n\t\t\t\t{/ip route set \$i distance=([/ip route get \$i distance] - \$D\
istanceIncrease)}\
\n\t\t\t:log warning \"Route distance decrease finished.\"\
\n\t\t}\
\n\t}\
\n}"
 
dareru
newbie
Posts: 29
Joined: Wed Dec 16, 2015 6:43 pm

Re: Problem with dual wan failover not moving back to primary.

Fri Jan 01, 2016 4:05 pm

Remove all your mangle and only use this routing. The distance 1 will be your primary.

/ip route
add gateway=10.0.0.1 scope=10
add gateway=172.16.0.1 scope=10

add distance=1 gateway=10.0.0.1 check-gateway=ping
add distance=2 gateway=172.16.0.1 check-gateway=ping
 
plisken
Forum Guru
Forum Guru
Posts: 2421
Joined: Sun May 15, 2011 12:24 am
Location: Belgium
Contact:

Re: Problem with dual wan failover not moving back to primary.

Fri Jan 08, 2016 10:31 pm

See on my website

Failover and load balancing configuration.

See configuration5

You can edit the IP-addresses and use this code.

Made for RB2011 UAS-RM and RB951G 2HnD

http://www.wirelessinfo.be/index.php/mi ... es/confige
 
tricksol
newbie
Topic Author
Posts: 26
Joined: Thu Sep 03, 2015 3:55 pm

Re: Problem with dual wan failover not moving back to primary.

Wed Jan 27, 2016 6:26 pm

Do i still need the scrip to move them or just dump it all and use your example?
Remove all your mangle and only use this routing. The distance 1 will be your primary.

/ip route
add gateway=10.0.0.1 scope=10
add gateway=172.16.0.1 scope=10

add distance=1 gateway=10.0.0.1 check-gateway=ping
add distance=2 gateway=172.16.0.1 check-gateway=ping
 
tricksol
newbie
Topic Author
Posts: 26
Joined: Thu Sep 03, 2015 3:55 pm

Re: Problem with dual wan failover not moving back to primary.

Wed Jan 27, 2016 6:30 pm

I don't want load balancing only failover jut FYI.
 
scampbell
Trainer
Trainer
Posts: 457
Joined: Thu Jun 22, 2006 5:20 am
Location: Wellington, NZ
Contact:

Re: Problem with dual wan failover not moving back to primary.

Wed Feb 03, 2016 12:51 am

dareru's excellent answer is for failover only and will work well.

If you use a dynamic protocol on your WAN such as DHCP or PPPoE you will need to ensure you set the default-route-distance to something other than 0 on your backup wan for this to work


If you want to be able to manage your router via either wan for whatever reason then you would need your mangle rules to mark new-connections from both wan interface's and then add a routing mark to the output chains to ensure the reply packet goes out the correct wan.

This would allow you to send all outbound through WAN1, connect to your router from the world via either WAN.

/ip route add gateway=1.1.1.1 distance=1 check-gateway=ping
/ip route add gateway=2.2.2.2 distance=30 check-gateway=ping
/ip route add gateway=1.1.1.1 routing-mark=wan1
/ip route add gateway=2.2.2.2 routing-mark=wan2

/ip firewall mangle
add chain=prerouting in-interface=wan1 connection-state=new action=mark-connection new-connection-mark=wan1
add chain=prerouting in-interface=wan2 connection-state=new action=mark-connection new-connection-mark=wan2
add chain=output connection-mark=wan1 action=mark-routing new-routing-mark=wan1
add chain=output connection-mark=wan2 action=mark-routing new-routing-mark=wan2

and if required for inboubd dst-nat rules ....

add chain=prerouting in-interface=bridge-lan connection-mark=wan1 action=mark-routing new-routing-mark=wan1
add chain=prerouting in-interface=bridge-lan connection-mark=wan2 action=mark-routing new-routing-mark=wan2

Hope this helps :-)
Last edited by scampbell on Fri Feb 05, 2016 9:31 pm, edited 1 time in total.
MTCNA, MTCWE, MTCRE, MTCTCE, MTCSE, MTCINE, Trainer
___________________
Mikrotik Distributor - New Zealand
http://www.campbell.co.nz
 
tricksol
newbie
Topic Author
Posts: 26
Joined: Thu Sep 03, 2015 3:55 pm

Re: Problem with dual wan failover not moving back to primary.

Wed Feb 03, 2016 3:28 am

Thanks I will try it tonight.
 
brwainer
newbie
Posts: 47
Joined: Tue Feb 02, 2016 2:55 am

Re: Problem with dual wan failover not moving back to primary.

Fri Feb 05, 2016 4:52 am

the problem I see with both of these posted replies is that both use "check-gateway = ping" but OP stated that the Uverse (primary gateway) is always up because it can't be bridged.
 
tricksol
newbie
Topic Author
Posts: 26
Joined: Thu Sep 03, 2015 3:55 pm

Re: Problem with dual wan failover not moving back to primary.

Fri Feb 05, 2016 5:01 am

the problem I see with both of these posted replies is that both use "check-gateway = ping" but OP stated that the Uverse (primary gateway) is always up because it can't be bridged.
Thanks your the first one to notice that... The check gateway work correctly in GNS3 with CHR images so what they are saying works. If only I had bridge mode we'd be good.

I just want someone to tell me why the config can ping out both interfaces when it's on 1 and 2 default routes but when 1 moves to 3 it can't send a ping out its interface. If this would happen it would fail back over and all would be good.
 
keithy
newbie
Posts: 25
Joined: Sat Aug 07, 2010 7:00 pm

Re: Problem with dual wan failover not moving back to primary.

Fri Feb 05, 2016 9:04 pm

Try this method. Works well when you cant bridge devices

http://blog.ispsupplies.com/mikrotik-au ... -gateways/

HTH
 
tricksol
newbie
Topic Author
Posts: 26
Joined: Thu Sep 03, 2015 3:55 pm

Re: Problem with dual wan failover not moving back to primary.

Sat Feb 06, 2016 6:59 am

Try this method. Works well when you cant bridge devices

http://blog.ispsupplies.com/mikrotik-au ... -gateways/

HTH
Oh snap where have you been....I've been fighting with this for a month now. Thank you very much for stopping by and helping me with my issue. Works perfect, just tested in gns3 with CHR images.

Who is online

Users browsing this forum: No registered users and 29 guests