Community discussions

 
auwudia
newbie
Topic Author
Posts: 35
Joined: Tue Apr 24, 2007 4:06 pm

SCRIPT FOR FAILOVER BETWEEN 2 WAN LINKS

Thu Mar 25, 2010 5:34 pm

Dear All,
I have 2WAN links (Fibre and VSAT). The fibre is the primary link while the vsat is the backup link. I want the link to failover to the backup link anything there is failure on the primary link. I have configured the mikrotik server and enabled gateway checking, but it did not solve the problem, basically because I am able to ping the gateway of the of the ISP all the time being a fibre cable.

Please i want anyone to kindly help me write a script that should be pinging the internet and be able to failover within few seconds of the link failure and also be able to revert back to the primary link as soon as it is restored. I will greatly appreciate.

Regards,

Austin
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: SCRIPT FOR FAILOVER BETWEEN 2 WAN LINKS

Thu Mar 25, 2010 5:51 pm

Can you please post the output of "/ip route" and explain which WAN route goes where? With that information you can write a script that disables the primary route, and another script that enables it again. You can then use '/tool netwatch' to implement a watcher on an IP address only reachable via the primary and run the scripts when conditions change.

You can't just watch some Internet IP address for this and have automatic fallback when the primary comes back up, though: let's say you monitor Google and disable your primary WAN circuit because it stops pinging. Now your failover link is active, so Google will ping again. So you enable the primary link again, but it's still down, so the ping fails, and you disable the primary link and go round in circles.

You can fail to a failover circuit by monitoring any Internet IP, but you must monitor an IP address only reachable via the primary link to automatically fail back to it when it comes back up. You may be able to fake this out by choosing an Internet IP and making it available only via the primary link by inserting a specific static route, but that route would become invalid should the actual interface ever go down and you'd be in the same situation as described above.
 
auwudia
newbie
Topic Author
Posts: 35
Joined: Tue Apr 24, 2007 4:06 pm

Re: SCRIPT FOR FAILOVER BETWEEN 2 WAN LINKS

Thu Mar 25, 2010 6:12 pm

Hi Fewi,
Thank you for the quick response. below is the output of the /ip route pr

[admin@SWTK BM] > /ip route pr
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 208.89.194.18 1
1 A S 0.0.0.0/0 82.128.125.84 1
2 A S 0.0.0.0/0 82.128.125.84 1
3 A S 0.0.0.0/0 82.128.125.84 1
4 A S 0.0.0.0/0 82.128.125.84 1
208.89.194.18
5 ADC 10.254.254.0/24 10.254.254.254 Swifttalk-LAN 0
6 ADC 82.128.125.80/29 82.128.125.83 MTLK_WAN 0
7 ADC 204.16.125.0/26 204.16.125.1 LAN 0
8 ADC 208.89.194.16/29 208.89.194.22 LCN_WAN 0

The MTLK_WAN is the primary link while the LCN_WAN is the backup link.

The swifttalk_LAN and LAN are two different LAN subnets. I hope this info is enough to enable help me.

Thanks
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: SCRIPT FOR FAILOVER BETWEEN 2 WAN LINKS

Thu Mar 25, 2010 6:27 pm

It's missing an IP address you can only reach through the fiber link. Like I said, you cannot just monitor google and have automatic failback when the fiber link comes back up.

You can either monitor 'the Internet' and fail to failover and manually monitor and fail back to the primary manually when you're satisfied it's back up, or you can monitor an IP only reachable through the primary link and have the failback done automatically.

Also, why do you have those routes entered multiple times, and why do both routes have the same administrative distance?
 
auwudia
newbie
Topic Author
Posts: 35
Joined: Tue Apr 24, 2007 4:06 pm

Re: SCRIPT FOR FAILOVER BETWEEN 2 WAN LINKS

Fri Mar 26, 2010 9:58 am

Thank you again for your response. This is my present scenerio and I am not know how best to get it work;that's that reason i am making this request. Based on my input, can you please give me a workable script/solution to this problem?
 
auwudia
newbie
Topic Author
Posts: 35
Joined: Tue Apr 24, 2007 4:06 pm

Re: SCRIPT FOR FAILOVER BETWEEN 2 WAN LINKS

Fri Mar 26, 2010 12:02 pm

Fewi/All,
I have made a little modification on the route table and here is the /ip router print result:

[admin@SWTK BM] > /ip route pr
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 82.128.125.84 1
1 S 0.0.0.0/0 208.89.194.18 1
2 ADC 10.254.254.0/24 10.254.254.254 Swifttalk-LAN 0
3 ADC 82.128.125.80/29 82.128.125.83 MTLK_WAN 0
4 ADC 204.16.125.0/26 204.16.125.1 LAN 0
5 ADC 208.89.194.16/29 208.89.194.22 LCN_WAN 0

I have also tried scribbling the script below

:if ([/ping 72.14.209.104 count=5] =5) do= {interface enable MTLK_WAN} \
else= {interface disable MTLK_WAN}

Please kindly advise if this will do the magic. If not please kindly add the missing link.

Thanks

Austin
 
auwudia
newbie
Topic Author
Posts: 35
Joined: Tue Apr 24, 2007 4:06 pm

Re: SCRIPT FOR FAILOVER BETWEEN 2 WAN LINKS

Fri Mar 26, 2010 5:16 pm

The last changes and the script has solved my problem. Thanks to Fewi for his input.
 
User avatar
dunga
Member Candidate
Member Candidate
Posts: 254
Joined: Fri Jan 23, 2009 9:51 am
Location: Nigeria

Re: SCRIPT FOR FAILOVER BETWEEN 2 WAN LINKS

Sat Jan 10, 2015 5:01 pm

Hello Guys,
I have a similar situation just like others complained.

I want to setup a failover/bonding (Fibre is my primary link while Vsat-dynamic ip) is my backup. My lan is hotspot. I want a complete setup that will enable me achieve such in no distant time, because the Vsat is running while we are only using the Fibre cus of configuration issues.

Here is my setup so far;
/ip address
add address=208.122.244.10/30 interface=WAN1 network=208.122.244.8
add address=178.30.20.1/21 interface=LOCAL network=178.30.16.0
add address=192.168.1.2/24 interface=WAN2 network=192.168.1.0
add address=192.168.100.1/24 interface=ether5 network=192.168.100.0


/ip firewall mangle
add action=mark-connection chain=input in-interface=WAN1 new-connection-mark=\
WAN1_conn
add action=mark-connection chain=input in-interface=WAN2 new-connection-mark=\
WAN2_conn
add action=mark-routing chain=output connection-mark=WAN1_conn \
new-routing-mark=to_WAN1
add action=mark-routing chain=output connection-mark=WAN2_conn \
new-routing-mark=to_WAN2
add chain=prerouting dst-address=208.122.244.8/30 in-interface=LOCAL
add chain=prerouting dst-address=192.168.1.0/24 in-interface=LOCAL
add action=mark-connection chain=prerouting dst-address-type=!local \
in-interface=LOCAL new-connection-mark=WAN1_conn per-connection-classifier=\
both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting dst-address-type=!local \
in-interface=LOCAL new-connection-mark=WAN2_conn per-connection-classifier=\
both-addresses-and-ports:2/1
add action=mark-routing chain=prerouting connection-mark=WAN1_conn \
in-interface=LOCAL new-routing-mark=to_WAN1
add action=mark-routing chain=prerouting connection-mark=WAN2_conn \
in-interface=LOCAL new-routing-mark=to_WAN2

/ip route
add check-gateway=ping distance=1 gateway=208.122.244.9 routing-mark=to_WAN1
add check-gateway=ping distance=1 gateway=192.168.1.1 routing-mark=to_WAN2
add check-gateway=ping distance=1 gateway=208.122.244.9
add check-gateway=ping distance=2 gateway=192.168.1.1

#
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" \
disabled=yes
add action=masquerade chain=srcnat out-interface=WAN1
add action=masquerade chain=srcnat out-interface=WAN2
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
src-address=178.30.16.0/21

Who is online

Users browsing this forum: No registered users and 10 guests