Community discussions

MikroTik App
 
User avatar
archerious
Member Candidate
Member Candidate
Topic Author
Posts: 155
Joined: Sun Aug 26, 2018 7:50 am
Location: USA
Contact:

WAN Failover guide didn't work

Sun Oct 31, 2021 10:07 am

I tried the WAN failover guide from the MikroTik wiki and it was not working for me and involved adding a lot of routes that were always unavailable/not working.

Thus I tried a different guide https://www.timigate.com/2021/04/mikrot ... ment-38739.

This one involved net watch and using static routes, but it seems like it's not working either. Basically even if the main ISP (71.146 etc) is up, it's keeping the connection from working and it's still pinging over my 5G Hotspot (ether2/ISP2).

Here's some screenshots:

Image
Image
Image
Image
Image
Image
Image
Image
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2983
Joined: Mon Apr 08, 2019 1:16 am

Re: WAN Failover guide didn't work

Sun Oct 31, 2021 11:23 am

see: viewtopic.php?t=157048

No need for Netwatch. The "recursive routing" needs some study to understand, but it works.
 
User avatar
archerious
Member Candidate
Member Candidate
Topic Author
Posts: 155
Joined: Sun Aug 26, 2018 7:50 am
Location: USA
Contact:

Re: WAN Failover guide didn't work

Sun Oct 31, 2021 11:27 am

see: viewtopic.php?t=157048

No need for Netwatch. The "recursive routing" needs some study to understand, but it works.
On that guide he mentions Host1 and GW1. I assume GW1 = 71.146.120.1 and then Host1 would be the static IPv4?
For my backup/ISP2 that would be Host2 being 192.168.12.188 and GW2 being 192.168.12.1?

Just trying to make sure I understand correctly.

I appreciate any help.

EDIT: Or is host1/host2 like 4.2.2.2/8.8.8.8?
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2983
Joined: Mon Apr 08, 2019 1:16 am

Re: WAN Failover guide didn't work

Sun Oct 31, 2021 11:34 am

Host1 and Host2 are the servers used for checking if the path through GW1 and GW2 works. Indeed typical 8.8.8.8 ,8.8.4.4 ,9.9.9.9 ,1.1.1.1 etc etc

"And we want to monitor Host1 via GW1, and Host2 via GW2 - those may be some popular Internet websites, like Google, Yahoo, etc."
 
User avatar
archerious
Member Candidate
Member Candidate
Topic Author
Posts: 155
Joined: Sun Aug 26, 2018 7:50 am
Location: USA
Contact:

Re: WAN Failover guide didn't work

Sun Oct 31, 2021 11:35 am

Host1 and Host2 are the servers used for checking if the path through GW1 and GW2 works. Indeed typical 8.8.8.8 ,8.8.4.4 ,9.9.9.9 ,1.1.1.1 etc etc

"And we want to monitor Host1 via GW1, and Host2 via GW2 - those may be some popular Internet websites, like Google, Yahoo, etc."
Thank you, do I need to add any Mangle rules as well to ensure all clients/devices on my LAN work when say ISP1 is out and we are now on ISP2?
 
User avatar
archerious
Member Candidate
Member Candidate
Topic Author
Posts: 155
Joined: Sun Aug 26, 2018 7:50 am
Location: USA
Contact:

Re: WAN Failover guide didn't work

Sun Oct 31, 2021 11:42 am

Host1 and Host2 are the servers used for checking if the path through GW1 and GW2 works. Indeed typical 8.8.8.8 ,8.8.4.4 ,9.9.9.9 ,1.1.1.1 etc etc

"And we want to monitor Host1 via GW1, and Host2 via GW2 - those may be some popular Internet websites, like Google, Yahoo, etc."
I followed that guide but I still am not seeing my RB switch back to ISP1 even though it should be able to ping 1.1.1.1. It is sticking to ISP2.
 
User avatar
archerious
Member Candidate
Member Candidate
Topic Author
Posts: 155
Joined: Sun Aug 26, 2018 7:50 am
Location: USA
Contact:

Re: WAN Failover guide didn't work

Sun Oct 31, 2021 11:43 am

Image
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2983
Joined: Mon Apr 08, 2019 1:16 am

Re: WAN Failover guide didn't work  [SOLVED]

Sun Oct 31, 2021 11:44 am

My "simple" implementation .... (distance 10,11 is failover if checks don't work, distance 20,21 are DHCP routes used with 'other' ISP connections )
"Failover" requires different distances. (Not like "load balancing")
.
/ip route
add check-gateway=ping distance=1 gateway=8.8.8.8
add check-gateway=ping comment="dynamische default route" distance=2 gateway=8.8.4.4
add comment="fallback dynamische default route" distance=10 gateway=192.168.90.1
add distance=11 gateway=192.168.95.1
add comment="check 4G recursive for default route (BGP scope = target scope)" distance=1 dst-address=8.8.4.4/32 gateway=192.168.95.1 scope=10
add comment="check SkyDSL recursive for default route (BGP scope = target scope)" distance=1 dst-address=8.8.8.8/32 gateway=192.168.90.1 scope=10
.
.
Klembord-2.jpg
You do not have the required permissions to view the files attached to this post.
 
User avatar
archerious
Member Candidate
Member Candidate
Topic Author
Posts: 155
Joined: Sun Aug 26, 2018 7:50 am
Location: USA
Contact:

Re: WAN Failover guide didn't work

Sun Oct 31, 2021 11:53 am

My "simple" implementation .... (distance 10,11 is failover if checks don't work, distance 20,21 are DHCP routes used with 'other' ISP connections )
"Failover" requires different distances. (Not like "load balancing")
.
/ip route
add check-gateway=ping distance=1 gateway=8.8.8.8
add check-gateway=ping comment="dynamische default route" distance=2 gateway=8.8.4.4
add comment="fallback dynamische default route" distance=10 gateway=192.168.90.1
add distance=11 gateway=192.168.95.1
add comment="check 4G recursive for default route (BGP scope = target scope)" distance=1 dst-address=8.8.4.4/32 gateway=192.168.95.1 scope=10
add comment="check SkyDSL recursive for default route (BGP scope = target scope)" distance=1 dst-address=8.8.8.8/32 gateway=192.168.90.1 scope=10
.
.
Klembord-2.jpg

Thank you so much, I copy pasted it, modifying 192.168.90.1 to 71.146.120.1, then 192.168.95.1 to 192.168.12.1.

That was it, it immediately worked when I tested. Yanked the fiber out of the ONT to simulate the ethernet still being powered from ONT to RB, but the internet is suffering an "outage" on ISP1. Within 1 minute it switched to my ISP2, then after I reconnected, it took about 1 minute then it switched back to ISP1/fiber ONT.

No need for complex mangle or anything. You are amazing, thank you for your time. Do you accept donations via crypto?
 
User avatar
archerious
Member Candidate
Member Candidate
Topic Author
Posts: 155
Joined: Sun Aug 26, 2018 7:50 am
Location: USA
Contact:

Re: WAN Failover guide didn't work

Fri Apr 15, 2022 7:20 pm

My "simple" implementation .... (distance 10,11 is failover if checks don't work, distance 20,21 are DHCP routes used with 'other' ISP connections )
"Failover" requires different distances. (Not like "load balancing")
.
/ip route
add check-gateway=ping distance=1 gateway=8.8.8.8
add check-gateway=ping comment="dynamische default route" distance=2 gateway=8.8.4.4
add comment="fallback dynamische default route" distance=10 gateway=192.168.90.1
add distance=11 gateway=192.168.95.1
add comment="check 4G recursive for default route (BGP scope = target scope)" distance=1 dst-address=8.8.4.4/32 gateway=192.168.95.1 scope=10
add comment="check SkyDSL recursive for default route (BGP scope = target scope)" distance=1 dst-address=8.8.8.8/32 gateway=192.168.90.1 scope=10
.
.
Klembord-2.jpg
After going to ROS 7, it seems this is not working for me. If my main ISP goes out, it isn't switching to the WAN2 automatically. I think it's not successfully pinging google.

Screenshot below:

Image
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: WAN Failover guide didn't work

Fri Apr 15, 2022 7:37 pm

Please check out Para I . here for some ideas....... viewtopic.php?t=182373
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2983
Joined: Mon Apr 08, 2019 1:16 am

Re: WAN Failover guide didn't work

Fri Apr 15, 2022 11:41 pm

After going to ROS 7, it seems this is not working for me.
Scope /target scope rules are different for ROS 7 . Where in ROS6 they can be equal , in ROS7 they must obey extra rules and being "less than".
Target scope < Scope < Target scope .... confusing. It's some combination of this requirement, but unclear what exactly must be "less than".

See discussion: viewtopic.php?t=182047
Or is it this ? viewtopic.php?t=173227
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: WAN Failover guide didn't work

Sat Apr 16, 2022 12:44 am

@bpwl- check out para I. -..... viewtopic.php?t=182373
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2983
Joined: Mon Apr 08, 2019 1:16 am

Re: WAN Failover guide didn't work

Sat Apr 16, 2022 12:57 am

Ok about Target Scope, but what is the Scope field then used for in ROS7 ?????
I define the resolving routes by the low enough Scope field in ROS 6. (In ROS6 Scope is lower or equal than the Target Scope of the recursive route. Scope=10 comes from the BGP routing default)

Your "I" para makes it all Scope=10, so I get lost in the selection rules used by ROS. (Extra Target Scope check for the resolving route is new by ROS7 ... to avoid resolving loops MT says)
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: WAN Failover guide didn't work

Sat Apr 16, 2022 4:41 am

Hi BPWL according to my information scope has no play in Recursive Routing.
The only thing one has to do is respect the general rule which is the same for RoS6 or RoS7 which is for individual routes the scope must be equal to or less than the target scope.
Hence you will note that is true in all the routes I have put there.
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2983
Joined: Mon Apr 08, 2019 1:16 am

Re: WAN Failover guide didn't work

Mon Apr 18, 2022 11:48 am

scope must be equal to or less than the target scope.
That' the part I didn't see in para I. Default static routes come with a scope =30. (At least in ROS6). So not only rhe target-scope must be set but also the scope for the resolving routes

So now I see 2 rules:
- scope resolving route <= target-scope recursive route (to be selected as potential resolver)
- target scope resolving route < target scope recursive route (new in ROS 7)

If this is correct, then also this should work. ("Nexthops" not cleaned up after removing these in ROS7 ???)
/ip route
add check-gateway=ping distance=3 dst-address=0.0.0.0/0 gateway=1.0.0.1 scope=30 target-scope=13
add check-gateway=ping distance=3 dst-address=1.0.0.1/32 gateway=9.9.9.9 scope=13 target-scope=12
add distance=3 dst-address=9.9.9.9/32 gateway=PrimaryISP-gatewayIP scope=12 target-scope=11
add comment=SecondaryISP distance=10 dst-address=0.0.0.0/0 gateway=SecondaryISP-gatewayIP       (... default...scope=30 target-scope=10)

 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: WAN Failover guide didn't work

Mon Apr 18, 2022 2:23 pm

hi bpwl......... I think the logic is as follows.......


FARTHEST ROUTE: SCOPE= (doesnt matter) / TARGET SCOPE=Y+2
CLOSER ROUTE: SCOPE= Y+2 or less / TARGET SCOPE=Y+1
CLOSEST ROUTE: SCOPE=Y+1 or less / TARGET SCOPE=Y (gateway=ISP)
INTERNAL ROUTE: ( within router, scope is not used, no recursive action at all )

Where the farthest route has the highest Target Scope and it decreases by one for each step as you move closer to the router.
Similarly as one gets closer to the direct route on the router (ISP gateway) the scope on the closer route must be equal to or less than the previous route's target scope.
Thus we have two relationships to consider for routes that flow into each other.

Flat approach ---> Recursive Route to Resolving Route. (DNS gateway to ISP gateway).
Nested approach --> Recursive Route to Recursive Route to Resolving Route (BOGUS address to DNS Gateway to ISP Gateway).

BASIC: (via one DNS site)
.....................
/ip route
add check-gateway=ping distance=3 dst-address=0.0.0.0/0 gateway=1.0.0.1 scope=10 target-scope=12
add distance=3 dst-address=1.0.0.1/32 gateway=PrimaryISP-gatewayIP scope=10 target-scope=11
add comment=SecondaryISP distance=10 dst-address=0.0.0.0/0 gateway=SecondaryISP-gatewayIP scope=10 target-scope=30
..................................................
{As you can see TS as you get closer to the router decreases by 1, (twelve to eleven) and the scope of the next route is equal to or less than the TS of the previous route (twelve compared to ten).}
{Its also very easy to avoid confusion, simply set all scopes to 10, and ensure the final TS (at the ISP gateway is no less than 10) }

FLAT: (via two DNS sites)
.......................
/ip route
add check-gateway=ping distance=3 dst-address=0.0.0.0/0 gateway=1.0.0.1 scope=10 target-scope=12
add distance=3 dst-address=1.0.0.1/32 gateway=PrimaryISP-gatewayIP scope=12 target-scope=11
+++++++++++++++++++
add check-gateway=ping distance=4 dst-address=0.0.0.0/0 gateway=9.9.9.9 scope=10 target-scope=12
add distance=4 dst-address=9.9.9.9/32 gateway=PrimaryISP-gatewayIP scope=12 target-scope=11
+++++++++++++++++++
add comment=SecondaryISP distance=10 dst-address=0.0.0.0/0 gateway=SecondaryISP-gatewayIP scope=10 target-scope=30
...............................................

NESTED: (via two DNS sites)
.......................
/ip route
dst-address=0.0.0.0/0 gateway=10.10.10.10 scope=10 target-scope=14
++++++++++++++++
dst-address=10.10.10.10/32 gateway=9.9.9.9 scope=14 target-scope=13 check-gateway=ping
add dst-address=9.9.9.9/32 gateway=PrimaryISP-gatewayIP scope=13 target-scope=12
+++++++++++++++
dst-address=10.10.10.10/32 gateway=1.0.0.1 scope=14 target-scope=13 check-gateway=ping
add dst-address=1.0.0.1/32 gateway=PrimaryISP-gatewayIP scope=13 target-scope=12
+++++++++++++++
add comment=SecondaryISP distance=10 dst-address=0.0.0.0/0 gateway=SecondaryISP-gatewayIP scope=10 target-scope=30
Last edited by anav on Mon Apr 18, 2022 7:25 pm, edited 5 times in total.
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2983
Joined: Mon Apr 08, 2019 1:16 am

Re: WAN Failover guide didn't work

Mon Apr 18, 2022 7:13 pm

+1 (confused)

.... They document like Pythia, the Oracle of Delphi .
Klembord-3.jpg
.
If the target-scope is now an attribute of the gateway, not of the route, what is then the "target-scope" of gateway "10.0.0.1" in the above exemple. Is it 20 or 30 ????
And what is it now "scope" or "target-scope" that is now attached to the gateway?
You do not have the required permissions to view the files attached to this post.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: WAN Failover guide didn't work

Mon Apr 18, 2022 7:26 pm

Check out my post above, I think it answers all your questions!!! At least how to apply scope and target scope.
As to your latest doc v7 query. EFF NOSE??
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2983
Joined: Mon Apr 08, 2019 1:16 am

Re: WAN Failover guide didn't work

Mon Apr 18, 2022 8:29 pm

I have the standalone (non-recursive) SecondaryISP route different (using a default static route with scope=30 and target-scope=10, so it uses local attached networks (which have default scope=10 and target-scope=5)).
Target-scope=30 is also working for local network connections as it is greater than the scope 10.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: WAN Failover guide didn't work

Mon Apr 18, 2022 9:32 pm

Yeah the rules I was talking about refer to Recursive Routes, not stand alone routes.
I separate my second ISP stand alone route via distance from the recursive related routes for Primary ISP.

I wouldnt worry about scope or target scope for stand alone routes........
The router doesnt care and the defaults should be fine.
 
dad2312
Frequent Visitor
Frequent Visitor
Posts: 73
Joined: Sun Nov 17, 2019 12:55 pm

Re: WAN Failover guide didn't work

Sun Apr 02, 2023 2:16 pm


FLAT: (via two DNS sites)
.......................
/ip route
add check-gateway=ping distance=3 dst-address=0.0.0.0/0 gateway=1.0.0.1 scope=10 target-scope=12
add distance=3 dst-address=1.0.0.1/32 gateway=PrimaryISP-gatewayIP scope=12 target-scope=11
+++++++++++++++++++
add check-gateway=ping distance=4 dst-address=0.0.0.0/0 gateway=9.9.9.9 scope=10 target-scope=12
add distance=4 dst-address=9.9.9.9/32 gateway=PrimaryISP-gatewayIP scope=12 target-scope=11
+++++++++++++++++++
add comment=SecondaryISP distance=10 dst-address=0.0.0.0/0 gateway=SecondaryISP-gatewayIP scope=10 target-scope=30
...............................................
Thank you Anav ! it's the only one failover i have tested who works !!

Who is online

Users browsing this forum: Bing [Bot], GoogleOther [Bot] and 45 guests