Community discussions

MikroTik App
 
dave12
newbie
Topic Author
Posts: 31
Joined: Sat Oct 09, 2021 2:35 pm

Seamless failover

Tue Oct 12, 2021 5:34 pm

Is it possible to configure Mikrotik HAPAC2 router to use seamless failover?

According to this video, it can be done. But how?
https://www.youtube.com/watch?v=QWPCMNMF-jI
 
ConnyMercier
Forum Veteran
Forum Veteran
Posts: 725
Joined: Tue Dec 17, 2019 1:08 pm

Re: Seamless failover

Wed Oct 13, 2021 9:28 pm

WAN-Failover isn't a new Feature in RouterOS
There's multiple different ways to implement this in Mikrotik.

Some Solution are more complicated then others.
Just look up "Failover" in the Forum for inspiration.

---------------------------------------------------------------
Answer to Q1 :
Any Mikrotik Devices with RouterOS can be configured with Failover, including the HAPAC2

Answer to Q2:
In the Video, both WAN-Interfaces uses the DHCP-Client function.
Via the DHCP-Client-Config "WAN1" gets a distance of 1 and "WAN2" a distance of 2
Because of this "WAN1" is the default Route for 0.0.0.0/0 and not "WAN2"

This can be changed automatically or manually in different ways.
In the Video a Firewall-Rule is used to block Traffic to the "WAN1" and in turn "WAN2" will be used to route traffic.
 
dave12
newbie
Topic Author
Posts: 31
Joined: Sat Oct 09, 2021 2:35 pm

Re: Seamless failover

Wed Oct 13, 2021 9:51 pm

Thanks ConnyMercier!

I have configured recursive failover (form ether1(cable modem) to lte1(Android phone)) according to this guide:
https://help.mikrotik.com/docs/pages/vi ... d=26476608

It is working, but it drops connection for a few seconds during failover. One or two pings are lost.

I need seamless failover for Skype video conferencing. Meaning without interruption.

According to that youtube video which I posted, seamless failover can be done. But I am unsure how, or is that it legit.
 
ConnyMercier
Forum Veteran
Forum Veteran
Posts: 725
Joined: Tue Dec 17, 2019 1:08 pm

Re: Seamless failover

Wed Oct 13, 2021 10:48 pm

I am not a Network-Engineer nor a Skype-Evangelist
So my knowledge is somewhat limited
But this is how I understand the "Seamless Failover" topic.

First of all, Skype doens't work like ICMP(Ping)
A lost Ping does't directly translate into an interrupted Skype-Call or bad voice quality
Latency, Network jitter, Packet loss and co. are usually more important

Back to the Failover topic,
A seamless Failover without any "Ping" loss isn't always easy or even possible...

If both WAN1 and WAN2 are functional and you manually activate the failover ...
it is possible, but not guaranteed, to "switch" without any PING loss..(just like in the Video)

In the other hand, an automaticaly failover during a fault to WAN1 is more complicated
Because the Router itself needs to check if WAN1 is still "online and running" and failover to WAN2
During this time, some Ping-Packets are still routed to the faulty WAN and lost !
Last edited by ConnyMercier on Wed Oct 13, 2021 11:06 pm, edited 1 time in total.
 
dave12
newbie
Topic Author
Posts: 31
Joined: Sat Oct 09, 2021 2:35 pm

Re: Seamless failover

Wed Oct 13, 2021 11:04 pm

Thanks ConnyMercier!

I understand.
I understand that seamless failover is not an easy task. I am not a Skype-Evangelist, but I use it because it suits me, for my small startup for now.
I was interested if seamless failover is possible, before I buy the configuration.

This is why I came here.
I guess I should buy the configuration, but then I perhaps won't be allowed to share it here.

My guess was that if my dynamic IP is changing, and does not cause connection to be interrupted, then this should be possible with Mikrotik.
 
ConnyMercier
Forum Veteran
Forum Veteran
Posts: 725
Joined: Tue Dec 17, 2019 1:08 pm

Re: Seamless failover

Wed Oct 13, 2021 11:31 pm

Do you really need a Seamless Failover?
I, on the other hand don't think you really need to worry about it!

Let's Rationalize....
How often does your Internet-Connection (WAN1) fail in a Year?
In my experience at most 20 outages a year , and most of them outside working hours...

This would mean over a year at most 20 Skype-Call, that could be affected.
 
dave12
newbie
Topic Author
Posts: 31
Joined: Sat Oct 09, 2021 2:35 pm

Re: Seamless failover

Wed Oct 13, 2021 11:43 pm

I think I need seamless failover.

I live in south-eastern Europe, in the past 3 weeks I had 3 interruptions in internet connectivity, mainly from power outage.
Once it was raining, and I got offline, the second time the electrical company cut my power because they were fixing the neighbor's power line.
Thirdly there were some upgrades in the fiber optic lines, so again no connectivity.

I approximate that 1 power outage can be expected per week. That is why I run my Mikrotik router from a 12V battery. And this is why I configured the failover to the LTE1 Android USB modem.

I need stable connection minimum 2 Mbps without interruptions. The mobile provider allows at least 10 Mbps. The cable provider has at least 80 Mbps.

(I am sorry if I am too rash, but I am interested.)
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 20903
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Seamless failover

Thu Oct 14, 2021 12:26 am

You will lose your session regardless of how seamless or quick it may seem.
What your are asking is impossible from what I understand.
 
dave12
newbie
Topic Author
Posts: 31
Joined: Sat Oct 09, 2021 2:35 pm

Re: Seamless failover

Thu Oct 14, 2021 10:59 pm

Anav, I spoke with an IT expert, and he said, that seamless failover can be configured, but the price is high for me, a few hundred dollars.
 
afuchs
Frequent Visitor
Frequent Visitor
Posts: 81
Joined: Wed Jul 03, 2019 11:10 am

Re: Seamless failover

Fri Oct 15, 2021 11:44 am

I am not sure how the it expert would do this.

The First point is, to detected, that WAN1 is down, than you need to Switch to WAN2.
So your Public IP-address must be migrated from WAN1 to WAN2 by your Provider or Skype must detect the change of your public IP and update your running session.
I don't know if Skype is capable of this and I am sure your ISP would rake some money for live migrating of your IP (Same ISP for WAN1 and WAN2 implied).

Did the it expert say how he would do it? I would be very interested, because I don't even get a seamless failover by means of load balancing.
 
djdrastic
Member
Member
Posts: 368
Joined: Wed Aug 01, 2012 2:14 pm

Re: Seamless failover

Fri Oct 15, 2021 2:10 pm

You would need something like a Fortinet or something with SD-WAN to achieve nano/millisecond failover to cloud services.And even then it's not perfect.
I have a business at home with 2 WANs with Mikrotik WAN failover and honestly I just wait the 60 seconds or so it takes for link failover script to kick on and just go on with business.
If 60 seconds lost causes you to lose a lot of money you should look into business class sla circuits with your ISP and ups+backup generator at home as well as SD-WAN
 
dave12
newbie
Topic Author
Posts: 31
Joined: Sat Oct 09, 2021 2:35 pm

Re: Seamless failover

Fri Oct 15, 2021 3:02 pm

Afuchs I have dynamic IP address both on ether1 and lte1. I guess that the seamless failover should work like when my ISP changes the dynamic IP and the connection stability is not affected. So I guess the failover could be done under 1 sec.

The IT expert to whom I wrote (that guy in the youtube video / first post) said that recursive routing is not enough, some scripts should be added. Maybe he thought of some Netwatch scripts? I don't know.
 
afuchs
Frequent Visitor
Frequent Visitor
Posts: 81
Joined: Wed Jul 03, 2019 11:10 am

Re: Seamless failover

Fri Oct 15, 2021 4:59 pm

In most cases I know the dynamic IP address only change, if you restart your router or you or your ISP reset the connection (most at night e.g. 1 am or so) and this result in a temporary loss of connections.

There is one point in the video that I can't get. He uses a rule that block all traffic in the output chain of the firewall.
That's a bit odd, because the output chain regulates only the traffic that originate from the router not the traffic that goes over the router.
If he used gateway check in his routes, the firewall route will block this check on one interface (ping in this example is forward traffic an continue). The time the ping-check runs next (I think once a minute) it fails and the default failover starts immediately.His 2 default routes go to private IP-addresse (10.something), so it's very likely that he have a other router between the shown one and the Internet and that uses masqurade to NAT the traffic (exchange private address with public of this router). Or in other word, the internet part of the connection never chainges and the internal traffic seams to be a simple internal routing failover.

Perhaps there is much more that is not shown in the video an I am wrong.
 
dave12
newbie
Topic Author
Posts: 31
Joined: Sat Oct 09, 2021 2:35 pm

Re: Seamless failover

Fri Oct 15, 2021 6:05 pm

Thanks djdrastic.
 
User avatar
jspool
Member
Member
Posts: 472
Joined: Sun Oct 04, 2009 4:06 am
Location: Oregon

Re: Seamless failover

Fri Oct 15, 2021 8:37 pm

As stated you would typically need to have a colo or cloud location that has tunnels back you your office location (One tunnel per ISP) Essentially just using the office WANs as conduits to the colo. Doing it like this you can deliver an IP address that will float between the tunnels using OSPF and BFD. I utilize this for several customers and since their gateway IP never changes the session stay up and it works at the speed of BFD which can be set pretty aggressively. Done correctly a VoIP call can float and the end user cannot even notice when failover occurs. This is not a true SDWAN but for those on super tight budgets it does work.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 20903
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Seamless failover

Fri Oct 15, 2021 9:00 pm

So are you saying the cloud location houses the two ISP connections, and the office router only has one connection to the cloud location subnet?
If so what would be the difference between colo and physically putting another router in front of the current router with the same setup??
 
User avatar
jspool
Member
Member
Posts: 472
Joined: Sun Oct 04, 2009 4:06 am
Location: Oregon

Re: Seamless failover

Fri Oct 15, 2021 9:13 pm

Typically most customers issues are with their own providers and rarely with a colo. Not impossible but generally quite rare. Back to your question. Let's say the customer has VoIP phones that register to a provider. This would use their WAN IP to register. So if the customer has a failover situation then the WAN IP will change to the failover connection and break connections until they the connections are cleared or in the case of VoIP until the phones reregister or are rebooted. Doing it the way I described the customer router is handed off a public IP that can float between tunnels so even in the event of a failover at the customer location the public IP stays the same and their NAT is intact.
 
dave12
newbie
Topic Author
Posts: 31
Joined: Sat Oct 09, 2021 2:35 pm

Re: Seamless failover

Mon Oct 18, 2021 6:34 pm

Thanks Jspool.

So if I understand correctly, I should setup an OVPN connection, configure two tunnels, then configure OSPF.

Then if it works (I need to research the details), then I should buy a CHR license, e.g. P1, so I am not confined to 1 Mbps.

But this requires 128 MB disk space, I have only 16 MB. Maybe I could store the CHR image on the connected Android phone.
Although the router came preconfigured, the license nlevel is 4. But I guess this is not a CHR license.

EDIT: It seems that level 4 license includes P1 license. But this is not clear in Mikrotik documentation, nor on the RouterBoard.
 
dave12
newbie
Topic Author
Posts: 31
Joined: Sat Oct 09, 2021 2:35 pm

Re: Seamless failover  [SOLVED]

Wed Oct 20, 2021 4:09 pm

I think that I solved the problem of seamless failover.

Mikrotik router is configured for Recursive failover. Ether1 is ISP1 (cable modem), LTE1 is ISP2 (Android phone / 4G USB modem). The router runs of off a 12V battery.

Then I went to the OpenVPN website, registered for their Cloud (location) service and created two tunnels, same locale (the service is free up to 3 tunnels).

I downloaded the config files: tunnel1.ovpn, tunnel2.ovpn (choose OS: Windows).

I installed the OpenVPN client in Windows on my laptop and imported tunnel1.ovpn (because Mikrotik doesn't support UDP and TLS in OVPN client config).

Then I installed on my Android phone the OpenVPN client app from the Playstore and imported tunnel2.ovpn. I activated both VPN connections.

After that I made a Skype video call, and simulated power outage by unplugging Ether1 cable and after a few minutes I plugged it back in.
---------------------
IT WORKS! Seamless failover works, Skype does not drop the connection, small stuttering was observed under one second during failover. This also should work with other video conferencing software.

EDIT: The ether1 connection and LTE1 have to have the same TTL. Set ether1 to lte1 TTL:
/ip firewall mangle add chain=postrouting action=change-ttl new-ttl=set:117 ttl=greater-than:200 out-interface=ether1
 
akeeltaj
just joined
Posts: 23
Joined: Fri Oct 16, 2020 9:23 pm
Location: Srinagar, India
Contact:

Re: Seamless failover

Tue Jan 18, 2022 10:02 am

Hello dave12
I'm trying to setup almost exactly what you have mentioned here. WAN1 is a PPPoE connection (Public IP- Dynamic) that works over ethernet and WAN2 is an android USB hotspot (Private IP - NAT )
My preferred WAN is WAN1 and I want to failover when the PPPoE interface is down and also in situations when there is a specific packet loss detected for an address on the internet (e.g. >3% loss to 8.8.8.8 )
After WAN1 has no more packet loss/ is up, I want it to switch back to WAN1
Could you please help me with the configuration that you've done on your device to understand how I need to achieve this?

Thanks ConnyMercier!

I have configured recursive failover (form ether1(cable modem) to lte1(Android phone)) according to this guide:
https://help.mikrotik.com/docs/pages/vi ... d=26476608

It is working, but it drops connection for a few seconds during failover. One or two pings are lost.

I need seamless failover for Skype video conferencing. Meaning without interruption.

According to that youtube video which I posted, seamless failover can be done. But I am unsure how, or is that it legit.
 
etranger
just joined
Posts: 1
Joined: Sun Jun 09, 2024 12:39 pm

Re: Seamless failover

Thu Jun 27, 2024 1:31 am

I think that I solved the problem of seamless failover.

Mikrotik router is configured for Recursive failover. Ether1 is ISP1 (cable modem), LTE1 is ISP2 (Android phone / 4G USB modem). The router runs of off a 12V battery.

Then I went to the OpenVPN website, registered for their Cloud (location) service and created two tunnels, same locale (the service is free up to 3 tunnels).

I downloaded the config files: tunnel1.ovpn, tunnel2.ovpn (choose OS: Windows).

I installed the OpenVPN client in Windows on my laptop and imported tunnel1.ovpn (because Mikrotik doesn't support UDP and TLS in OVPN client config).

Then I installed on my Android phone the OpenVPN client app from the Playstore and imported tunnel2.ovpn. I activated both VPN connections.

After that I made a Skype video call, and simulated power outage by unplugging Ether1 cable and after a few minutes I plugged it back in.
---------------------
IT WORKS! Seamless failover works, Skype does not drop the connection, small stuttering was observed under one second during failover. This also should work with other video conferencing software.

EDIT: The ether1 connection and LTE1 have to have the same TTL. Set ether1 to lte1 TTL:
/ip firewall mangle add chain=postrouting action=change-ttl new-ttl=set:117 ttl=greater-than:200 out-interface=ether1
I know this is an old thread, but I'm curious if OpenVPN changed their products over the years, as they don't seem to be offering three free VPN connections with internet access anymore, although you can use their CloudConnexa to create a WPC with three free secure connections, but that WPC has to be connected to your own ingress internet network, meaning you still have to have a separate reliable link with public IP for seamless failover to work, or am I missing something?

Who is online

Users browsing this forum: Majestic-12 [Bot] and 16 guests