Community discussions

 
markoz
just joined
Topic Author
Posts: 8
Joined: Wed Apr 18, 2012 11:12 pm

3 WAN failover

Mon Jun 24, 2019 10:43 am

Hello,

I have three types of WAN - LTE, Satellite and and WiFi (ethernet). I would like to create an automatic WAN failover. Primary connection should be WiFi, secondary LTE and the third Satellite internet. I was trying to do this using this guide - https://wiki.mikrotik.com/wiki/Advanced ... _Scripting. But I just can figure it out how to configure this.

WAN-WiFi: 192.168.1.2/24
WAN-LTE: 192.168.2.2/24
WAN-Sat: 192.168.3.2/24
LAN network: 10.0.0.1/24

So, how should I configure routing? How should I also configure NAT and Mangle?

Which IP addresses should I use for checking the link status? Can I use IP addresses of root DNS servers?

Can you maybe provide a configuration example for my scenario?

Thank you!

Best wishes
Marko
 
User avatar
mohannad
Frequent Visitor
Frequent Visitor
Posts: 56
Joined: Wed May 02, 2012 2:39 am
Location: Lebanon
Contact:

Re: 3 WAN failover

Thu Jun 27, 2019 10:22 am

add each route normally and with static route so the three of them are working and mark them and make three mangles route mark
then because now u have them working the gateway of each source is pingable so use netwatch and script in it if one is down the enable mangle that will route u to different source and u choose to prefer which is first and which is last
Your Future Dreams Start With Us
IT For Better Life
 
User avatar
ingdaka
Member Candidate
Member Candidate
Posts: 134
Joined: Thu Aug 30, 2012 3:06 pm
Location: Albania
Contact:

Re: 3 WAN failover

Fri Jun 28, 2019 10:39 pm

Better to use PCC if you want loadbalancing https://www.youtube.com/watch?v=qDJ16kLe2hI&t=9s
Video shows just 2 wan but can me used for 3 wan too!
Ilir Daka
Electronic & Network Engineer
E-mail: ilirdaka@live.com
Mob: +355692982151
WhatsApp: +355692982151
Mikrotik Official Consultant
CCNA | Fortinet NSE3 | MTCRE | MTCSE
 
stoser
Member Candidate
Member Candidate
Posts: 107
Joined: Sun Aug 21, 2016 12:04 am

Re: 3 WAN failover

Mon Jul 01, 2019 4:34 am

Which IP addresses should I use for checking the link status? Can I use IP addresses of root DNS servers?
I use Google DNS (8.8.8.8 or 8.8.4.4) and Level3 (4.2.2.1, 4.2.2.2, 4.2.2.3, 4.2.2.4), or your can use any other reliable icmp responder that can be reached from that WAN
So, how should I configure routing? How should I also configure NAT and Mangle?
Routing: As far as routing is concerned, the example in the "Advanced Routing Failover Without Scripting" wiki post works pretty well. You can use static routes, as in the wiki. Remember to use an IP address for the gateway. Do not specify a gateway interface name. Recursive routing requires numerical IP addresses. See this topic for more info
viewtopic.php?f=2&t=139762

NAT: Use srcnat=masquerade, do not use srcnat=src-nat
See this topic for a little more info
viewtopic.php?f=2&t=139750

Mangle: You would need to mark the connections or packets and set routing marks that correspond to the routing marks on your routing rules, but this really depends your setup and requirements, and you have not provided those details.
 
markoz
just joined
Topic Author
Posts: 8
Joined: Wed Apr 18, 2012 11:12 pm

Re: 3 WAN failover

Thu Aug 01, 2019 11:49 am

Hello,

thank you for the replies. I have put this on hold, but now I'm working on this again.

If I understand thing correctly, this is the way routing should be configured:

/ip route
add dst-address=8.8.8.8 gateway=10.1.2.1 scope=10
add dst-address=8.8.4.4 gateway=10.1.2.1 scope=10
add dst-address=4.2.2.1 gateway=10.1.3.1 scope=10
add dst-address=4.2.2.2 gateway=10.1.3.1 scope=10
add dst-address=4.2.2.3 gateway=10.1.4.1 scope=10
add dst-address=4.2.2.4 gateway=10.1.4.1 scope=10

/ip route
add dst-address=10.1.1.1 gateway=8.8.8.8 scope=10 target-scope=10 check-gateway=ping
add dst-address=10.1.1.1 gateway=8.8.4.4 scope=10 target-scope=10 check-gateway=ping
add dst-address=10.2.2.2 gateway=4.2.2.1 scope=10 target-scope=10 check-gateway=ping
add dst-address=10.2.2.2 gateway=4.2.2.2 scope=10 target-scope=10 check-gateway=ping
add dst-address=10.3.3.3 gateway=4.2.2.3 scope=10 target-scope=10 check-gateway=ping
add dst-address=10.3.3.3 gateway=4.2.2.4 scope=10 target-scope=10 check-gateway=ping

/ip route
add distance=1 gateway=10.1.1.1 routing-mark=ISP1
add distance=2 gateway=10.2.2.2 routing-mark=ISP1
add distance=3 gateway=10.3.3.3 routing-mark=ISP1
add distance=1 gateway=10.2.2.2 routing-mark=ISP2
add distance=2 gateway=10.1.1.1 routing-mark=ISP2
add distance=3 gateway=10.3.3.3 routing-mark=ISP2
add distance=1 gateway=10.3.3.3 routing-mark=ISP3
add distance=2 gateway=10.1.1.1 routing-mark=ISP3
add distance=3 gateway=10.2.2.2 routing-mark=ISP3

For checking I'm using these IP addresses: 8.8.8.8, 8.8.4.4, 4.2.2.1, 4.2.2.2, 4.2.2.3, 4.2.2.4.
My gateways are now: ISP1: 10.1.2.1, ISP2: 10.1.3.1, ISP3: 10.1.4.1
Virtual hops are just some unused IP addresses, that are not used anywhere? I have left those that are in tutorial (is this ok?): 10.1.1.1, 10.2.2.2, 10.3.3.3
Will these virtual hop addresses interfere with other addresses (I'm using the same subnets)?
ISP1 should be primary, ISP2 should be secondary and ISP3 should be the third. There should be no load balancing.

What should be the mangle rules?

Thank you!

Best wishes
Marko
 
stoser
Member Candidate
Member Candidate
Posts: 107
Joined: Sun Aug 21, 2016 12:04 am

Re: 3 WAN failover

Sun Aug 18, 2019 9:11 pm

As far as I can see you have implemented the "Multiple host checking per Uplink". You should use your real gateway IP addresses for each WAN. You do not need to change your gateways to the gateways mentioned in the WiKi as they are just examples. This allows more than 1 ICMP responder to be used for checking to see if the uplink is available. I suggest that when possible, use ICMP responders from different companies for each WAN. For example, use 1 google ICMP responder and 1 Level3 ICMP responder for WAN1, a mixed pair for WAN2, etc

You also implemented a double recursive lookup for each WAN. The main objective that this "virtual hop" accomplishes is that instead of putting the ICMP responder address that corresponds to an internal address in your subsequent routes. This makes thins simpler and clearer.

Your last group of route rules reference routing marks. If am uncertain if you did that on purpose, or if you simply copied the WiKi. If you only objective is 100% pure serial failover of all packets, you do not need to route-mark the packets. In this case you should remove all references to routing marks in your last group of route rules. If you do need to force some connections or packets through specific WANs, don't forget that you need to use IP/MANGLE to mark your routing marks if you have not already done so.

Who is online

Users browsing this forum: No registered users and 28 guests