That would become a single point of failure - takes out both WAN connections. Engineering redundancy solutions which does not make your setup less reliable is not straightforward.Hmm what about a managed switch in between?
its not clear I didn't get you fully, lets say master router connected to WAN 1 and backup router connected to WAN 2 so as per link provided I set up routes one toward WAN 1 other toward Backup router? If this is what you offer then if WAN 1 is down and alternative route points to WAN2 via router 2 and VRRP master is UP then backup router will direct data back to master router and master router back to backup router: LOOPAs suggested by @tdw, you actually don't need any script if the primary default route of each router goes via its own WAN and the secondary one goes via the second router, and you use the script-free monitoring of transparency of both WANs, as described here.
Or you can even use any of those fancy load distribution methods, allowing the active router to distribute traffic between both WANs. The only thing is that you'll have to use either policy routing and connection marking to make sure that the response packets received at standby router's WAN get forwarded via the active router, as otherwise they would take the short path to the LAN host and the TCP connection tracking would fail, and to prevent the looping (to exempt packets coming from the primary router from the load distribution).
The check-gateway process pings the monitored address once every 10 seconds, so this is roughly the fault detection delay. If it is not sufficient for you, you have to use scripting, but it will only shorten the fault detection delay to something like 2-3 seconds, so it is usually not worth the effort.
And the looping will only occur until the router detects the failure of the WAN path via the other router.
I just want to clarify some things I'm happy than someone with great expertise is willing to help. As per my scenario on LAN side I have VRRP for multiple VLAN's so packets suppose to flow only via master router not via a backup router. Backup router kick in only if the master is down. A no-load balance between them. So all the time until the master router is up but WAN1 is down policy-based routing will route it to the backup router but at this point, the backup router knows the master is up and master should handle all the job so packets are sent back to mater router. To be routed via WAN1 to the Internet. It is so complicated. The second way you have advised a link between a router with different network and route via this link is more understandable ill give a try to it.The key here is the "policy routing" as mentioned above, which is a shortcut for "routing which takes into account not only the destination address but also other properties of the packet being routed".
In particular, you have to distinguish from where a packet came in. If it came in directly from the LAN host, it is free to take either of the two default routes (via the local WAN or via the other router's WAN); if it came in via the other router, it must not use the route back to that router. Similarly, a packet which came in via WAN must not be delivered directly to the IP of the LAN host if it is a response to a packet which previously came in via the other router, as otherwise the firewall at the other router would only see packets in one direction of the respective connection.
There are two ways to achieve this:
- you can use src-nat when routing via the other router; this will make the other router see that the packet as coming from the local router's own address, so it can use e.g. an /ip route rule row matching on a particular src-address to choose a routing table that only contains a default route via its own WAN, and it will automatically deliver the response back to that address. The address used for the src-nat must not be from the LAN subnet to avoid ICMP redirect to be sent to the sender, but you can use the same link which the LAN subnet is using for the interconnection of the routers
- you can use a dedicated VLAN (or a physical cable, whatever you prefer) to interconnect the routers for this purpose; in this case, the /ip route rule could match on interface, but you'll have to use /ip firewall mangle and connection-mark anyway as you'll have to use a dedicated routing table also for the responses (instead of the address at the local end, the connection-mark value will distinguish responses to packets which came in via that dedicated interconnection (V)LAN.
The above is quite in contrast with what you've stated earlier:Maybe I'm wrong but using a script it still looks much more easy way to handle it. ... Why this simple method is not good?
So my understanding was you suffer from scriptophobia, like many other forum members :)Only I wouldn't be able to script this in Mikrotik environment so need to find out if something similar is already coded and I may edit it to my scenario.