Community discussions

MUM Europe 2020
 
n4p
Member Candidate
Member Candidate
Topic Author
Posts: 110
Joined: Wed Nov 25, 2015 9:54 pm

Improvments for WAN-Backup Script

Wed Jul 19, 2017 3:03 pm

Hi,
we got a cloud core router with 2 wan connections. Connection type is LTE. As known there are sometimes troubles with the LTE connection so i made a backup for those connection (also LTE, but on a different location).
The script is currently working as expected, but it would be great if anybody can help me to improve the script.

The biggest problem is the flapping from netwatch. So if there any troubles on connection A netwatch detects that connection A is down and switch to B. But if connection A is back again in 1 minute it will imitiadly switch back.

My suggest is, that it only switch back if there are troubles with connection B. So i wouldn't prefer to use always connection A.

The lot of switches kills everytime my ipsec tunnels.
/tool netwatch
add down-script=WAN1_Down host=172.28.xxx.xxx interval=10s timeout=800ms up-script=WAN1_UP


WAN1_Down
interface ethernet enable WAN2
ip route set [/ip route find dst-address=0.0.0.0/0] gateway=192.168.20.1
:foreach i in [/ip firewall nat find] do={
  :if ("." . [:find [/ip firewall nat get $i comment] "WAN1"] . "."!="..") do={
    /ip firewall nat set $i disabled=yes
  }
}
:foreach i in [/ip firewall nat find] do={
  :if ("." . [:find [/ip firewall nat get $i comment] "WAN2"] . "."!="..") do={
    /ip firewall nat set $i disabled=no
  }
}
:foreach i in [/ip firewall filter find] do={
  :if ("." . [:find [/ip firewall filter get $i comment] "WAN1"] . "."!="..") do={
    /ip firewall filter set $i disabled=yes
  }
}
:foreach i in [/ip firewall filter find] do={
  :if ("." . [:find [/ip firewall filter get $i comment] "WAN2"] . "."!="..") do={
    /ip firewall filter set $i disabled=no
  }
}
:foreach i in [/ip ipsec policy find] do={
  :if ("." . [:find [/ip ipsec policy get $i comment] "normal"] . "."!="..") do={
    /ip ipsec policy set $i disabled=yes
  }
}
:foreach i in [/ip ipsec policy find] do={
  :if ("." . [:find [/ip ipsec policy get $i comment] "backup"] . "."!="..") do={
    /ip ipsec policy set $i disabled=no
  }
}
ip ipsec remote-peers kill-connections
And currently i have added a route that the ping to the check-host can only go trough wan1 and not wan2. So i can ping instead if WAN2 is the primary connection. To prefent that ping goes trough wan2 i also installed a firewall rule.

So thats it,
i hope anybody can help me.

Thanks!
 
n4p
Member Candidate
Member Candidate
Topic Author
Posts: 110
Joined: Wed Nov 25, 2015 9:54 pm

Re: Improvments for WAN-Backup Script

Sat Jul 22, 2017 12:20 pm

Nobody got an improvment?
 
n4p
Member Candidate
Member Candidate
Topic Author
Posts: 110
Joined: Wed Nov 25, 2015 9:54 pm

Re: Improvments for WAN-Backup Script

Sun Aug 06, 2017 8:16 pm

Push,
no one got an idea for improvment?
 
User avatar
aacable
Member
Member
Posts: 424
Joined: Wed Sep 17, 2008 11:58 am
Location: ISLAMIC Republic of PAKISTAN
Contact:

Re: Improvments for WAN-Backup Script

Tue Aug 08, 2017 1:38 pm

why not monitor at least 2 different hosts to get accurate result ? better to use some script with scheduler to get better & customized results. you can modify this scrtip/scheduler to suite your need. like once shifting is done to B, then it should not move back to A untill it detect no link with B.
_____________
Regard's

Syed Jahanzaib
Web: http://aacable.wordpress.com
Email: aacable [at] hotmail.com
 
cmaney
just joined
Posts: 18
Joined: Sat Aug 12, 2017 1:23 am

Re: Improvments for WAN-Backup Script

Sat Aug 12, 2017 4:19 pm

Here's something to think about, but please remember that I haven't tested it!

Instead of just disabling and enabling default routes, why not change their administrative distances when the gateway changes?

So: Connection A has a default gateway of 1.1.1.1 with an administrative distance of 1 and Connection B has a default gateway of 2.2.2.2 with an administrative distance of 10.

If A goes down, B takes over, but to prevent A from flipping back automatically, have the script change the administrative distance of A to 20 (or something higher than 10).

If and when B goes down, it will automatically flip back to A, and just reset the A administrative distance to 1 (default).

Note: Your NAT modification rules will remain the same as you currently have them.

Who is online

Users browsing this forum: No registered users and 14 guests