Community discussions

MikroTik App
 
User avatar
azurtem
Trainer
Trainer
Topic Author
Posts: 217
Joined: Mon May 16, 2011 5:35 pm
Location: Nice, France
Contact:

Inactive default gateway blocks traffic

Fri Oct 24, 2014 1:07 am

Hi

I'm not sure if this is standard behaviour for a router, even so I don't understand why it would be.

I have two default default routes, which are each attached to a separate interface on my RB951G

I have a distance differentiator so as to privilege one default route over the other; therefore while one is active the other isn't

The troubling thing is if I try to ping a remote host via the interface to which is attached the inactive default route my packets don't get through.

/ping 8.8.4.4 interface="ether2" count=5

I was hoping to use the result to determine whether a link was back in operation or not i.e. to check whether a remote router, on my path to the Internet, has been reactivated or not

Correct me if I'm wrong but the fact that a default route is inactive doesn't disable the actual interface

Any thoughts ?

thanks
yann
 
User avatar
azurtem
Trainer
Trainer
Topic Author
Posts: 217
Joined: Mon May 16, 2011 5:35 pm
Location: Nice, France
Contact:

Re: Inactive default gateway blocks traffic

Fri Oct 24, 2014 1:32 am

Apparently the 'Interface' parameter belongs to IPv6 realm, too bad
 
jarda
Forum Guru
Forum Guru
Posts: 7602
Joined: Mon Oct 22, 2012 4:46 pm

Re: Inactive default gateway blocks traffic

Fri Oct 24, 2014 8:31 am

If you want to check route by this, you need to add two additional static routes for the testing ip. One that point to the gw you are checking and second that points to blackhole. Otherwise the ping will find its backup way. Anyway you can check the traceroute to see where it goes...
 
User avatar
darkiesan
newbie
Posts: 42
Joined: Tue Nov 14, 2006 4:53 pm
Location: Stockholm, Sweden
Contact:

Re: Inactive default gateway blocks traffic

Fri Oct 24, 2014 10:55 am

Hi

I'm not sure if this is standard behaviour for a router, even so I don't understand why it would be.

I have two default default routes, which are each attached to a separate interface on my RB951G

I have a distance differentiator so as to privilege one default route over the other; therefore while one is active the other isn't

The troubling thing is if I try to ping a remote host via the interface to which is attached the inactive default route my packets don't get through.

/ping 8.8.4.4 interface="ether2" count=5

I was hoping to use the result to determine whether a link was back in operation or not i.e. to check whether a remote router, on my path to the Internet, has been reactivated or not

Correct me if I'm wrong but the fact that a default route is inactive doesn't disable the actual interface

Any thoughts ?

thanks
yann
Correct. A inactive route does not deactivate the interface.
But an inactive interface will deactivate the route.

Best wway to go about default route redundancy in RoutertOS is to use check gateway for the defaukl routes.
It will check next hop so see if it is reachable. Then adminstrative distance will be used to decide which route to use of the checked and active ones.

In a "normal" router no such thing as check gateway exists, so this is a smart RouterOS feature. Closest thing is to use BFD for static routes, something only so far exist in JUNOS (Juniper). Also Juniper scripting could create something like chekc gateway in manual manner. So good going with smart features in RouterOS!
Darkiesan
Network Shadow Warrior
 
User avatar
azurtem
Trainer
Trainer
Topic Author
Posts: 217
Joined: Mon May 16, 2011 5:35 pm
Location: Nice, France
Contact:

Re: Inactive default gateway blocks traffic

Fri Oct 24, 2014 11:32 am

Thanks you both for your replies

It's a little tricky to get the failover to work with netwatch: it would have been nice to have a netwatch over the interface aswell - I have three WAN links to handle in my failover scenario (belt & braces)

Orange doesn't allow us to ping their servers, therefore how to test if their link is back online ?

My objective was to be able to ping a specific server, per WAN link, that is only available when one is connected to the ISP's network; that way I could leave the netwatch rule 'alive' and it would automatically revert to the default routing when the link is back online

I'm also looking at the "Advanced Routing Failover without Scripting" solution:
http://wiki.mikrotik.com/wiki/Advanced_ ... _Scripting

I'm trying to wrap my head around it, especially the required mangling rules, since I'm
have a single subnet and no load balancing requirement, strictly failover

yann
 
User avatar
darkiesan
newbie
Posts: 42
Joined: Tue Nov 14, 2006 4:53 pm
Location: Stockholm, Sweden
Contact:

Re: Inactive default gateway blocks traffic

Fri Oct 24, 2014 11:49 am

Thanks you both for your replies

It's a little tricky to get the failover to work with netwatch: it would have been nice to have a netwatch over the interface aswell - I have three WAN links to handle in my failover scenario (belt & braces)

Orange doesn't allow us to ping their servers, therefore how to test if their link is back online ?

My objective was to be able to ping a specific server, per WAN link, that is only available when one is connected to the ISP's network; that way I could leave the netwatch rule 'alive' and it would automatically revert to the default routing when the link is back online

I'm also looking at the "Advanced Routing Failover without Scripting" solution:
http://wiki.mikrotik.com/wiki/Advanced_ ... _Scripting

I'm trying to wrap my head around it, especially the required mangling rules, since I'm
have a single subnet and no load balancing requirement, strictly failover

yann
The check gateway can use ARP check (ARP ping) instead of ICMP. That Orange needs to accept since otherwise nothing works (no ARP, no traffic). Perhaps that solves the issue with watching available paths trhough checking next hop with ARP ping?
Darkiesan
Network Shadow Warrior
 
User avatar
azurtem
Trainer
Trainer
Topic Author
Posts: 217
Joined: Mon May 16, 2011 5:35 pm
Location: Nice, France
Contact:

Re: Inactive default gateway blocks traffic

Fri Oct 24, 2014 12:39 pm

Interesting Darkiesan, thanks

The ping tool, ARP enabled, unfortuantely doesn't receive any responses (from Orange DNS servers)
will test check gateway option
 
User avatar
azurtem
Trainer
Trainer
Topic Author
Posts: 217
Joined: Mon May 16, 2011 5:35 pm
Location: Nice, France
Contact:

Re: Inactive default gateway blocks traffic

Mon Oct 27, 2014 10:59 am

The workaround was to add the sought host directly into the routing
table and to indicate the desired gateway to use to reach that host.

Works like a charm even though the gateway isn't the active default
one

This allowed me to use netwatch the way I wanted to, and to add
a second netwatched host that is enabled once the first one is
declared down - that way the downed link is double checked

yann
 
gotsprings
Forum Veteran
Forum Veteran
Posts: 884
Joined: Mon May 14, 2012 9:30 pm

Re: Inactive default gateway blocks traffic

Mon Oct 27, 2014 12:14 pm

The static routes is the right way to deal with that.

you should use mangle to mark packets as they come in from each interface. This will let you define routes that let you USE THE SECONDARY even when it is not primary.
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain

Who is online

Users browsing this forum: Bing [Bot], deejayzinho, G00dm4n, matthewkirby and 117 guests