Community discussions

MUM Europe 2020
 
Krusty
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 71
Joined: Fri May 02, 2008 11:14 pm

Backup line and netwatch script

Wed Sep 02, 2009 9:41 pm

Hello good people :)


If somebody be so kind and make me script, Im not so good in this :)
here is situation we have


We got RouterBoard as router, I got configured two default gateways in route list, one to xxx.xxx.xxx.1, this one in main and second with IP xxx.xxx.xxx.2 - this is backup gateway.

I got netwatch configured to ping some of our servers outside, in the internet, and if the "line" is UP, that its ok, when netwatch goes to "DOWN", it runs script, that disable the main gateway, so the second goes active and we are switched to backup internet connection.

BUT this is the weak point. If we are swithed to backup gateway, than the ping is awalaible again, and netwatch enables the main gateway - there ins no internet connection, no ping to server, so netwatch disable the main gateway - - - etc etc etc now its in circle :)

can somebody help me to solve this? I think that I need script, that runs when netwatch goes down and then the script must periodicaly enable the main gateway, wait a few seconds, test ping if there is no ping, than disable the main gateway :)

I dont know if you can understand this, but please try :)

thanks lot
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: Backup line and netwatch script

Wed Sep 02, 2009 10:16 pm

Don't monitor some random server out on the net, monitor the first hop on the route. Make sure (possibly with firewall drop rules) that you can't reach that hop via the backup gateway.
Specific answers require specific questions. When in doubt, post the output of "/ip address print detail", "/ip route print detail", "/interface print detail", "/ip firewall export", and an accurate network diagram.
 
Krusty
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 71
Joined: Fri May 02, 2008 11:14 pm

Re: Backup line and netwatch script

Wed Sep 02, 2009 10:39 pm

Don't monitor some random server out on the net, monitor the first hop on the route. Make sure (possibly with firewall drop rules) that you can't reach that hop via the backup gateway.
I think abou this option, we can setup this, but than we will have another problem....

If I monitor some hop/server, that can be reached only from main gateway and canot be reached from backup gateway, than the netwatch newer goes UP if switchet to backup, cause canot reach the monitored machine ---- cause that monitored machane can be reached only from main gateway....
 
Krusty
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 71
Joined: Fri May 02, 2008 11:14 pm

Re: Backup line and netwatch script

Wed Sep 02, 2009 11:05 pm

yes I got it
:)

for those who are interested with this, there is no need of complicated scripting, here is one of many solutions :)


you will need two internet connections, one wich gateway xxx.xxx.xxx.1 distance 1 and second xxx.xxx.xxx.2 distance 2. If first GW is disabled than comes second and you are switched to backup net connection. To automaticate this, and periodicaly check for the main connection do this :)

you need this scripts
/system script
add name=route_1_disable policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="/ip route disable 0"
add name=route_1_enable policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="/ip route enable 0"
add name=net_1_disable policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="/tool netwatch disable 0"
add name=net_1_enable policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="/tool netwatch enable 0"
this is netwatch config
/tool netwatch
add comment="" disabled=no down-script="/system script run route_1_disable\r\
    \n/system scheduler enable link_down\r\
    \n/system script run net_1_disable" host=YOUR_MONITORED_HOST interval=10s timeout=5s up-script=\
    "/system script run route_1_enable\r\
    \n/system scheduler disable link_down"

and this schedule config
/system scheduler
add comment="" disabled=yes interval=5m name=link_down on-event=\
    "/system script run route_1_enable\r\
    \n/system script run net_1_enable\r\
    \n/system scheduler disable link_down" policy=reboot,read,write,policy,test,password,sniff,sensitive start-date=jan/01/1970 start-time=00:00:00
you can set delay to 5min too.

Basicaly this do this.

If link on main GW is down, than netwatch after 10 sec disable main route, that will switch you to backup connection, enable schedule and disable itself. Schedule wait for 5 minutes than enable main route, enable netwatch and disable itself, if there is connection, than netwatch, disable schedule and enable main route, only for sure :) if there isnt connection, than netwatch disable main route, enable schedule and disable itself again ----- and this goes in time interval you can set :)

dont need to thanks :D
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: Backup line and netwatch script

Wed Sep 02, 2009 11:11 pm

Don't monitor some random server out on the net, monitor the first hop on the route. Make sure (possibly with firewall drop rules) that you can't reach that hop via the backup gateway.
I think abou this option, we can setup this, but than we will have another problem....

If I monitor some hop/server, that can be reached only from main gateway and canot be reached from backup gateway, than the netwatch newer goes UP if switchet to backup, cause canot reach the monitored machine ---- cause that monitored machane can be reached only from main gateway....
That's why you're monitoring directly connected networks instead of random servers way out in the cloud...they're reachable without a default route. When gw1 comes back up, even if a default route points out gw2 you can reach gw1's gateway.
Specific answers require specific questions. When in doubt, post the output of "/ip address print detail", "/ip route print detail", "/interface print detail", "/ip firewall export", and an accurate network diagram.
 
Krusty
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 71
Joined: Fri May 02, 2008 11:14 pm

Re: Backup line and netwatch script

Wed Sep 02, 2009 11:14 pm

Don't monitor some random server out on the net, monitor the first hop on the route. Make sure (possibly with firewall drop rules) that you can't reach that hop via the backup gateway.
I think abou this option, we can setup this, but than we will have another problem....

If I monitor some hop/server, that can be reached only from main gateway and canot be reached from backup gateway, than the netwatch newer goes UP if switchet to backup, cause canot reach the monitored machine ---- cause that monitored machane can be reached only from main gateway....
That's why you're monitoring directly connected networks instead of random servers way out in the cloud...they're reachable without a default route. When gw1 comes back up, even if a default route points out gw2 you can reach gw1's gateway.
but, if this DC network is reacheble, but provider got problems, than the connection wont work. Thats why I need to monitor something outside this all and if this main connection goes down I need to switch to second provider/connection....
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: Backup line and netwatch script

Wed Sep 02, 2009 11:31 pm

True. In that case you'd manually go into the router via the second interface and change the default route.

I'm glad you found a solution that works for you. Use it if it's right for you. But your solution means that all users behind the router are down for a while every x minutes when your script flips back to a router that is probably still down.
Specific answers require specific questions. When in doubt, post the output of "/ip address print detail", "/ip route print detail", "/interface print detail", "/ip firewall export", and an accurate network diagram.
 
Krusty
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 71
Joined: Fri May 02, 2008 11:14 pm

Re: Backup line and netwatch script

Wed Sep 02, 2009 11:36 pm

True. In that case you'd manually go into the router via the second interface and change the default route.

I'm glad you found a solution that works for you. Use it if it's right for you. But your solution means that all users behind the router are down for a while every x minutes when your script flips back to a router that is probably still down.
yes, but this is small sacrifice for working internet connection :)
 
triac
Frequent Visitor
Frequent Visitor
Posts: 91
Joined: Mon Feb 07, 2005 7:35 pm
Location: Italy

Re: Backup line and netwatch script

Mon Nov 02, 2009 2:57 pm

Hi Krusty,

Your script are very good for me, I have two GW (the first ADSL and the second UMTS) and work fine with Your script...

I'm not a genius with scripts, I don't know it but I try to explain You my idea (my english it's orrible...):

When the first GW is down and I work with UMTS GW the IP of my ADSL is unreachable... It's possible to make a script that ping the IP of my ADSL only when the backup GW is active and when it goes on resume first GW and reset all script status?

...ok I have understood.... I call the lunatic asylum!

Paolo
Paolo Torri

Who is online

Users browsing this forum: No registered users and 7 guests