Dual FailOver Script takes too long to switch over!
Posted: Thu Dec 15, 2016 9:30 pm
Hello, I am going to explain the scenario and what is happening. I have dual wan set up with static routes, Wan#1 and Wan#2. By default Wan#1 is the main Wan and Wan#2 is the failover Wan.
Basically there is also a L2TP tunnel that is going from the Mikrotik to the Server side and is restarted when Wan#1 fails over to Wan#2. The problem that I am having is that, sometimes when the Wan#1 fails and switches over to Wan#2 the Tunnel, after being restarted, does not build instantly and takes about 10-15 seconds but sometimes it is instant. It is the same principle of being able to browse the internet via a browser, Wan#1 Fails fails over to Wan#2 ----> Sometimes takes 10-15 seconds before being able to browse and sometime it is instant. When the Wan#1 fails over to Wan#2 I am always able to instantly ping from the Mikrotik or from my computer using the cmd to ping, but I still won't be able to browse or make the tunnel connect instantly.
When Wan#2 fails back over to Wan#1 , the tunnel will always be able to rebuild itself right away and you'll be also be able to browse straight away.
Why, when the Wan#1 fails over to Wan#2 that sometimes the tunnel won't rebuild instantly and take 10-15 seconds and sometime will rebuild instantly. (Same thing with the browsing) But you're always able to ping a target.
Any help is appreciated.
Thanks,
Bumbaa
This is the script:
My Mikrotik cfg:
Basically there is also a L2TP tunnel that is going from the Mikrotik to the Server side and is restarted when Wan#1 fails over to Wan#2. The problem that I am having is that, sometimes when the Wan#1 fails and switches over to Wan#2 the Tunnel, after being restarted, does not build instantly and takes about 10-15 seconds but sometimes it is instant. It is the same principle of being able to browse the internet via a browser, Wan#1 Fails fails over to Wan#2 ----> Sometimes takes 10-15 seconds before being able to browse and sometime it is instant. When the Wan#1 fails over to Wan#2 I am always able to instantly ping from the Mikrotik or from my computer using the cmd to ping, but I still won't be able to browse or make the tunnel connect instantly.
When Wan#2 fails back over to Wan#1 , the tunnel will always be able to rebuild itself right away and you'll be also be able to browse straight away.
Why, when the Wan#1 fails over to Wan#2 that sometimes the tunnel won't rebuild instantly and take 10-15 seconds and sometime will rebuild instantly. (Same thing with the browsing) But you're always able to ping a target.
Any help is appreciated.
Thanks,
Bumbaa
This is the script:
Code: Select all
#########################################################
#########################################################
## Dual Wan FailOver For Telephony V0.3 ##
## ##
## ##
## Creator:Dimension10 ##
## Date: 14/12/16 ##
## ##
## ##
## ##
## ##
## ##
## ##
#########################################################
#########################################################
#Wan interface name
:local InterfaceISP1 Wan#1
:local InterfaceISP2 Wan#2
#Routing Marks
:local Route1 Wan#1
:local Route2 Wan#2
# Gateway of ISP1 and ISP2
:local GatewayISP1 192.168.15.5
:local GatewayISP2 192.168.2.1
#Target to test gateway
:local PingTarget 8.8.8.8
#Store value of PingResut default:1
:local PingResult
#L2TP Tunnel name
:local Tunnel Julien
#Up/down
:local Up 10
#Variable
:local Test1
#Global Variable to see if the script is running
:global Running
#Count of Checkping
:local Counter 0
########DO NOT MODIFY ANYTHING BELOW THIS COMMENT#########
#Check Status of main Wan#1
:log warning "test"
:set PingResult [ping $PingTarget interface=$InterfaceISP1 routing-table=$Route1 count=5 ]
:if (($PingResult = 5) || ($PingResult = 4)) do={
:if ($PingResult = 4) do={ :set PingResult [ping $PingTarget interface=$InterfaceISP1 routing-table=$Route1 count=5]
:log warning "$PingResult"
:if ($PingResult = 5) do={} else={
:log warning "Increasing the route of interface $InterfaceISP1 the main Wan will be $InterfaceISP2"
:foreach i in=[ip route find gateway=$GatewayISP1] do={:put [ip route set numbers=$i distance=5] }
:foreach i in=[ip route find gateway=$GatewayISP2] do={:put [ip route set numbers=$i distance=1] }
:put [interface disable $Tunnel]
:delay 500ms
:put [interface enable $Tunnel]
:log warning "Distance of route $InterfaceISP1 as been increased to 5 and tunnel restarted"
:while ($Counter < 10) do={
:if ( [ping $PingTarget interface=$InterfaceISP1 routing-table=$Route1 count=5] = 5) do={ :set Counter ($Counter + 1)
} else={ :if ($Counter = 0) do={} else={ :set Counter ($Counter - 1) } }
:log warning "$Counter" }
:log warning "Increasing route distance of $InterfaceISP1"
:foreach i in=[ip route find gateway=$GatewayISP1] do={:put [ip route set numbers=$i distance=1] }
:foreach i in=[ip route find gateway=$GatewayISP2] do={:put [ip route set numbers=$i distance=5] }
:delay 1
:put [interface disable $Tunnel]
:delay 1
:put [interface enable $Tunnel]
} } } else={
:log warning "Increasing the route of interface $InterfaceISP1 the main Wan will be $InterfaceISP2"
:foreach i in=[ip route find gateway=$GatewayISP1] do={:put [ip route set numbers=$i distance=5] }
:foreach i in=[ip route find gateway=$GatewayISP2] do={:put [ip route set numbers=$i distance=1] }
:put [interface disable $Tunnel]
:delay 500ms
:put [interface enable $Tunnel]
:log warning "Distance of route $InterfaceISP1 as been increased to 5 and tunnel restarted"
:while ($Counter < 10) do={
:if ( [ping $PingTarget interface=$InterfaceISP1 routing-table=$Route1 count=5] = 5) do={ :set Counter ($Counter + 1)
} else={ :if ($Counter = 0) do={} else={ :set Counter ($Counter - 1) } }
:log warning "$Counter" }
:log warning "Increasing route distance of $InterfaceISP1"
:foreach i in=[ip route find gateway=$GatewayISP1] do={:put [ip route set numbers=$i distance=1] }
:foreach i in=[ip route find gateway=$GatewayISP2] do={:put [ip route set numbers=$i distance=5] }
:delay 1
:put [interface disable $Tunnel]
:delay 1
:put [interface enable $Tunnel]
}My Mikrotik cfg:
Code: Select all
# software id = LYZE-IR97
#
/interface ethernet
set [ find default-name=ether2 ] name=Phone-Port
set [ find default-name=ether1 ] name=Wan#1
set [ find default-name=ether3 ] name=Wan#2
set [ find default-name=ether4 ] master-port=Phone-Port name=ether4-slave-local
set [ find default-name=ether5 ] master-port=Phone-Port name=ether5-slave-local
/interface l2tp-client
add connect-to=184.107.96.115 max-mru=1410 max-mtu=1410 name=Luminet password=\
user=Julien
set [ find default=yes ] supplicant-identity=MikroTik
/ip dhcp-server option
add code=66 name=Polycom value="'tftp://172.24.0.1'"
add code=42 name=DHCP value="'172.24.0.1'"
/ip dhcp-server option sets
add name=set1 options=Polycom,DHCP
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=172.16.
/ip dhcp-server
add address-pool=dhcp disabled=no interface=Phone-Port name=default
/snmp community
add addresses=67/32 name="$"
/ip address
add address=172.16.156.1/24 comment="default configuration" interface=\
Phone-Port network=172.16.156.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add add-default-route=no comment="default configuration" dhcp-options=\
hostname,clientid disabled=no interface=Wan#1
add add-default-route=no dhcp-options=hostname,clientid disabled=no interface=\
Wan#2
/ip dhcp-server network
add address=172.16.156.0/24 comment="default configuration" dhcp-option=Polycom \
gateway=172.16.156.1 netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=172.16.156.1 name=router
/ip firewall address-list
add address=66. list=access
add address=66.1 list=access
add address=172.16.200.0/24 list=access
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=all-ethernet
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
/ip route
add distance=1 gateway=192.168.15.5 routing-mark=Wan#1
add distance=1 gateway=192.168.2.1 routing-mark=Wan#2
add distance=1 gateway=192.168.2.1
add distance=1 gateway=192.168.15.5
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=0.0.0.0/0,190/32,7.30/32
set ssh disabled=yes
set api disabled=yes
set winbox address=172.16.200.0/24,30/32,66.158.190/32
set api-ssl disabled=yes
/system clock
set time-zone-name=America/Toronto
/system identity
set name=Labo
/system logging
add topics=script
/system routerboard settings
set cpu-frequency=850MHz protected-routerboot=disabled
/system scheduler
add interval=1s name=schedule1 on-event=script1 policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive start-time=\
startup
. To add more information: It will automatically switch over is the tunnel is closed before the Wan#1 is lost. If it isn't closed before Wan#1 loses connection then Mikrotik waits for a timeout or something and keeps trying to send a request to the server side of the tunnel from the dead wan port.