Community discussions

MikroTik App
 
jo2jo
Forum Veteran
Forum Veteran
Topic Author
Posts: 971
Joined: Fri May 26, 2006 1:25 am

UP script / Down Script

Sun Aug 13, 2006 7:23 pm

I have a cable line and a dsl line at an install. We need failover and have been using the gateway watch up script and down script.

The problem is this:

If i set the up script to check a location on the internet, and that interface fails, it will execute the down script. However once executed and on the new script the location will be cheked again and register as UP so the interface rolls back over to the non functing interface until it then execfutes the down script.

its an endless loop that does not stop until the main line is back up (defeating the purpose of this tool, for the most part).

What can i do? I know i can ping a gateway one hop away from my modem, but i've seen the circuit go out and my dsl is down, yet the gatway is still pingable from the cable modem.


any ideas?? i really need this working

thanks
 
Stryker777
Frequent Visitor
Frequent Visitor
Posts: 71
Joined: Fri Jul 07, 2006 11:40 pm
Contact:

Sun Aug 13, 2006 11:27 pm

Just set a firewall rule that ping to destination ip (gateway) goes out the correct interface. Then you will only be able to ping the gateways from the correct interface.

Example:
Mangle table- set routing mark in prerouting for ping to xx.xx.xx.xx
Then make your rule based on the mark.

Do that for both gateways.
 
jo2jo
Forum Veteran
Forum Veteran
Topic Author
Posts: 971
Joined: Fri May 26, 2006 1:25 am

Mon Aug 14, 2006 1:43 am

that is NOT the issue, but thanks for your response.


my problme is that once the down script is executed, the gateway is switched, than the script goes back to checking...it sees that the ip is UP, so its executes the UP script......only to back to the down gateway and see it as down thus executing that script.

its an endless loop unitil the main "up" interface comes back on line.

since i have the interval set to 20 sec, it will go to the backup, working link for 20sec, then execute the UP script, only to go back to the Primary, non working link for 20sec until it again executes the down script.
 
changeip
Forum Guru
Forum Guru
Posts: 3806
Joined: Fri May 28, 2004 5:22 pm

Mon Aug 14, 2006 1:54 am

Are you pinging the same IP from both netwatches?

You need to probably add routes to send the pings out the correct gateway like stryker777 said - route marking/policy routing does not seem to work when the router is the one generating the icmp traffic.

Doesn't your routing table just have check-gateway=ping/arp for each one, and when the lower cost route goes inactive the higher cost route takes over? This is the preferred failover method. Sometimes the check-gateway isn't what you want, ie your gateway is pingable but the Isp is having issues, etc - a little more work in that case.

Sam
 
Stryker777
Frequent Visitor
Frequent Visitor
Posts: 71
Joined: Fri Jul 07, 2006 11:40 pm
Contact:

Mon Aug 14, 2006 4:39 am

if you do what I said above, then when your server changes routes, the ping can not go out because it is bound to the dead interface. That keeps a ping from going out until the connection is active again. When the connection is active again, the ping will pass to the gateway, you will get a reply and your script will execute to reset your route gateway. You can use routing mark or packet mark. You just want to mark it because it looks prettier.
 
jo2jo
Forum Veteran
Forum Veteran
Topic Author
Posts: 971
Joined: Fri May 26, 2006 1:25 am

Mon Aug 14, 2006 5:52 am

maybe i'm just dense but it seems that change ip and striker's posts are contradicting themselves.
like stryker777 said - route marking/policy routing does not seem to work when the router is the one generating the icmp traffic.
I thought Stryker was saying TO use route marking. changeip is saying no?

let me lay it out like this:

2 ISPs:

eth1 : PPPoE, DSL GW 68.45.15.1
eth2 : DHCP Cable GW 62.22.12.1


so do i need to route all traffic to A "stable IP" via eth1? then netwatch the "stable IP". the down script turns 0.0.0.0/0 over to cable as the netwatch will keep trying the route and not getting through....once the modem is up the ping will go through


am i missing something?

thanks for all the quick help

joe
 
Stryker777
Frequent Visitor
Frequent Visitor
Posts: 71
Joined: Fri Jul 07, 2006 11:40 pm
Contact:

Tue Aug 15, 2006 2:18 pm

You can use a routing mark and add a route for that routing mark.
What changeip is probably saying is that you have to control where the ping is coming out from because if you do not, the router will pick and it may not be the right one.

You have 2 routes for gateways and you mark your routes based on IP to go out the one you want. Ping on the other hand is internal so it may go out either unless you specify where you want to to go. Also, when your routes make the switch, your routing mark would have everything going out the other gateway. You do not want that ping going there so you have to have another route for that ping only, that way it will not change.
 
changeip
Forum Guru
Forum Guru
Posts: 3806
Joined: Fri May 28, 2004 5:22 pm

Tue Aug 15, 2006 5:02 pm

stryker777 is right - however we have had no luck whatsoever trying to policy route traffic on the output of the router ... seems it doesn't work to try to route mark icmps or tunnels out a specific interface.

why do i have to click forum links/buttons twice the past day? Something broken with the phpbb proxy? All the emoticons and images are also half missing.

Sam
 
Stryker777
Frequent Visitor
Frequent Visitor
Posts: 71
Joined: Fri Jul 07, 2006 11:40 pm
Contact:

Tue Aug 15, 2006 5:38 pm

Same issue with the forum here also changeip.

About the policy routing, were you marking your route in the pre-routing table? If not, it will not work right.

I have several set up like this and not an issue.

Make sure your marks are being set in the prerouting table and you have route rules.
 
changeip
Forum Guru
Forum Guru
Posts: 3806
Joined: Fri May 28, 2004 5:22 pm

Tue Aug 15, 2006 5:47 pm

I'll have to test this again ... previously we tried sending icmp's out a specific port (dual wan) using prerouting and it would never affect the path it took. Maybe the version we tested on was the problem. I will try again on .28 and see what happens. I thought we also were unable to policy route l2tp tunnel traffic when the router is the server - I will try this again and post the config if its not working still.

Sam
 
jo2jo
Forum Veteran
Forum Veteran
Topic Author
Posts: 971
Joined: Fri May 26, 2006 1:25 am

Mon Aug 28, 2006 8:45 am

any word changeip? I will test and post my results as soon as i can physically be AT the site (400 miles away...prob going there with-in 3 mo.).

I may get risky (stupid) one night and mess with the configs since i do have a 2nd RB there on a 24/7 dial-up modem...i can just mac-telnet to the main router...either way i will post..

btw; teh backup router w/ serial dialup modem is SO nice/handy...i have a 532 but you can use a 112 obviously...i just disable /enable the ether int. as i need to access the network...and if ever the main router goes i can route the ppl over the modem (eekk :( )

Who is online

Users browsing this forum: linguax and 197 guests