Community discussions

MUM Europe 2020
 
ZETA992
just joined
Topic Author
Posts: 10
Joined: Wed Feb 24, 2016 6:01 pm

Netwatch...

Tue Aug 23, 2016 5:42 pm

Hi, Guys and Ledies... I got 1 trouble in netwatch working:
I have 2 links to web and type 2 scripts to change default route to first uplink or second
1.1.1.1- link one
2.2.2.2- two
netwatch every 10 seconds ping 8.8.8.8
i set default route to 8.8.8.8 gw 1.1.1.1
like here:
http://wiki.mikrotik.com/wiki/Manual:Tools/Netwatch

If i disable first link (8.8.8.8 is unreacheble)
netwatch: set default gw=2.2.2.2 and every 10 seconds say "UP", set gw=1.1.1.1(his still disabled). and down routes to web.

Sorry for bad language...

ROS v 6.36
 
User avatar
Deantwo
Member
Member
Posts: 311
Joined: Tue Sep 30, 2014 4:07 pm

Re: Netwatch...

Tue Sep 06, 2016 3:43 pm

Of course, the netwatch is able to reach 8.8.8.8 through the second ling, so it is "up" again.
You cannot specify an out-interface using netwatch.

It would be much easier to just make two default routes.
Like this:
/ip route
add distance=1 gateway=1.1.1.1%Wan1 check-gateway=ping
add distance=2 gateway=2.2.2.2%Wan2 check-gateway=ping
Since the second route has a higher distance, it will be ignored as long as the first route is valid.

Edit: Added check-gateway.
Last edited by Deantwo on Mon Sep 12, 2016 6:16 pm, edited 2 times in total.
I wish my FTP was FTL.
 
User avatar
che
Frequent Visitor
Frequent Visitor
Posts: 94
Joined: Fri Oct 07, 2005 1:04 pm

Re: Netwatch...

Tue Sep 06, 2016 4:40 pm

You could also prevent your router from reaching 8.8.8.8 via WAN2 interface, like this:
/ip firewall filter add action=drop chain=output comment="gateway control" disabled=yes dst-address=8.8.8.8 out-interface=WAN2
Just replace "WAN2" with your actual interface name.
 
marting
Member Candidate
Member Candidate
Posts: 169
Joined: Thu Aug 21, 2014 2:07 pm

Re: Netwatch...

Mon Sep 12, 2016 5:45 pm

Two default gateways with different distances do not always work as expected and has a few disadvantages:
- you have to know the address of the default gateway and it has to be always the same
- you have to use check-gateway, this often does not recognize lost connection to gw and will never recognize lost internet link
- check-gateway is not very flexible and comfortable

So netwatch has its justification in multi wan enivronments.
Solution of che is one possibility but has the little disadvantage that some kind of routing decision is done at different places (route and filter). So I would suggest this solution:
/ip route add distance=10 dst-address=8.8.8.8 gateway=ether-wan1
/ip route add distance=11 dst-address=8.8.8.8 type=prohibit
The consequence is that there is no routing to 8.8.8.8 than by ether-wan1 and you have your routing at one place. Disadvantage of this solution is: You won´t be able at all to use 8.8.8.8 by any other interface than ether-wan1 (e.g. no DNS by ether-wan2). If you need this, ches solution could be extended with protocol=icmp

Regards
Martin
 
User avatar
Deantwo
Member
Member
Posts: 311
Joined: Tue Sep 30, 2014 4:07 pm

Re: Netwatch...

Mon Sep 12, 2016 6:14 pm

Two default gateways with different distances do not always work as expected and has a few disadvantages:
- you have to know the address of the default gateway and it has to be always the same
If you are getting a default gateway via DHCP, you can specify the distance of it.
For example:
/ip dhcp-client
add interface="Wan1" add-default-route=yes default-route-distance=10
add interface="Wan2" add-default-route=yes default-route-distance=11
I don't think you can add check-gateway to it though, but depending on the lease time it may not be much of an issue.
- you have to use check-gateway, this often does not recognize lost connection to gw and will never recognize lost internet link
- check-gateway is not very flexible and comfortable
I forgot to add check-gateway to the previous post. (Fixed it now)

I actually haven't used check-gateway at all before, I am used to my routes only being affected by rather or not a interface exist or is running. So I don't know how reliable it is.
I wish my FTP was FTL.
 
marting
Member Candidate
Member Candidate
Posts: 169
Joined: Thu Aug 21, 2014 2:07 pm

Re: Netwatch...

Mon Sep 12, 2016 6:37 pm

I know distance in DHCP client. But there is no check-gateway.
Key of my previous post is type=prohibit for all other interfaces.

Different distances for default gateway work great if an interface is completely down (no link). But check-gateway did not have any noticable effect with my last test for about ten minutes. Dropped all traffic at my Gateway and watched the counter growing but route was still active.
Additionally check-gateway (while working) of course only can check the Gateway but no connection behind the Gateway.

Who is online

Users browsing this forum: No registered users and 15 guests