Community discussions

 
Walento
just joined
Topic Author
Posts: 3
Joined: Mon Jun 26, 2017 9:31 am

Failover

Mon Jun 26, 2017 9:47 am

Hi
i have made a failover at my mikrotik RB750Gr3. It works well but i want to improve it. After i plug the main connection its up in few seconds. I want to do a script which will ping for example 8.8.8.8 for 10 minutes and if packet send are same like received then ip/route should change for main connection. Any idea how to do that?
 
gustavomam
Trainer
Trainer
Posts: 289
Joined: Tue Jul 23, 2013 6:29 pm
Location: Spain
Contact:

Re: Failover

Mon Jun 26, 2017 6:52 pm

You can simplify using netwatch instead scripting

/tool netwatch add down-script="/ip rou ... ent=wan1]"

Here the router will be pinging 8.8.8.8 and when it fail will shutdown the route with comment=wan1

Play a little bit and tell me
-
Eng. Gustavo Angulo
Academy Xperts Spain
Mikrotik Certified Trainer
https://www.youtube.com/watch?v=Cbt2HVYwjYU
 
Walento
just joined
Topic Author
Posts: 3
Joined: Mon Jun 26, 2017 9:31 am

Re: Failover

Tue Jun 27, 2017 9:23 am

Actually i have working failover but when 8.8.8.8 is UP through main gateway its up in few seconds. I need to be sure that main connection is stable thats why i want to ping it for 10 mins before main connection gets all of traffic
 
User avatar
nano
just joined
Posts: 8
Joined: Fri Jul 04, 2014 9:40 am

Re: Failover

Tue Jun 27, 2017 9:59 am

Actually i have working failover but when 8.8.8.8 is UP through main gateway its up in few seconds. I need to be sure that main connection is stable thats why i want to ping it for 10 mins before main connection gets all of traffic
How ? You play with distance in /ip/route ?
 
Walento
just joined
Topic Author
Posts: 3
Joined: Mon Jun 26, 2017 9:31 am

Re: Failover

Tue Jun 27, 2017 10:11 am

theres my configuration
netwatch
add down-script="/system script run e-down\r\
\ndelay 10\r\
\n/ip firewall nat disable 0\r\
\ndelay 1\r\
\n/ip firewall nat enable 1\r\
\ndelay 1" host=8.8.8.8 interval=20s timeout=300ms up-script="/system script\
\_run e-up\r\
\ndelay 10\r\
\n/ip firewall nat disable 1\r\
\ndelay 1\r\
\n/ip firewall nat enable 0\r\
\ndelay 0\r\
\n"
firewall
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept established,related" \
connection-state=established,related
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related" \
connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
invalid
add action=drop chain=output dst-address=8.8.8.8 log=yes protocol=icmp \
src-address=!85.14.96.94
add action=accept chain=output
/ip firewall nat
add action=masquerade chain=srcnat out-interface=InterfaceISP2
add action=masquerade chain=srcnat disabled=yes out-interface=InterfaceISP1
system script
add name=e-up owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/ip\
\_route set [find dst-address=\"0.0.0.0/0\"] gateway=85.14.96.93\r\
\n/ ip firewall connection {remove [find]}"
add name=e-down owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/ip\
\_route set [find dst-address=\"0.0.0.0/0\"] gateway=192.168.20.1\r\
\n/ ip firewall connection {remove [find]}"
add name=remove owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
"/ ip firewall connection {remove [find]}"
 
NetWorker
Frequent Visitor
Frequent Visitor
Posts: 61
Joined: Sun Jan 31, 2010 6:55 pm

Re: Failover

Fri Jul 21, 2017 11:55 pm

Holy cow, that looks incredibly complex to me.

First of all, I'm assuming (you failed to clarify) you have a main connection and a backup and that you run ALL traffic through your main unless it fails.

If this is the case: add two default routes 0.0.0.0/0 with distance 1 and 2. Set gateway of your main and backup connections respectively and enable check gateway. If ping fails, failover will be automatic. No need to enable or disable firewall rules at all!

Now, if you want additional insurance, schedule a script that invokes the netwatch tool. On down, just disable the interface for your main connection and again, failover will be automatic.
 
gjp1000
just joined
Posts: 10
Joined: Mon Nov 24, 2008 10:27 pm

Re: Failover

Mon Jul 31, 2017 10:26 pm

Hi

i have made a failover pppoe and 3g with distance
I am using the 3G USB Dongle (PPP) as a backup line, in the event the main ADSL (PPPOE) fails.

add dst-address=0.0.0.0/0 gateway=PPPOE distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=PPP distance=2

i appreciate if someone can publicate a script that send a mail to "mail@example" when the ppoe goes down

Who is online

Users browsing this forum: No registered users and 8 guests