Community discussions

MikroTik App
 
draid
Member Candidate
Member Candidate
Topic Author
Posts: 106
Joined: Wed Aug 22, 2018 5:42 pm

Dual WAN Recursive Failover ROSv7

Thu Jan 13, 2022 1:37 pm

Hello guys,

Recently I decided to upgrade also my main router to v7 and as a lot others it seems I found that my configuration wasn't working properly. All recursive routes were invalid and so on. I've found two topics in the forum in which this was discussed, tried multiple configuration with different scopes but it seems that I could not understand what changes exactly were made to this in v7 and I still could not make my configuration work so I was for a third time forced to downgrade.

At the moment the configuration is the following:

Main - ISP1 (PPoE),
Backup - ISP2 (ADSL)
/ip route
add distance=1 gateway=10.10.10.1
add distance=2 gateway=10.20.20.2
add distance=1 dst-address=8.8.8.8/32 gateway=ISP1 scope=10
add distance=1 dst-address=8.8.4.4/32 gateway=ISP2 scope=10
add distance=1 dst-address=208.67.220.220/32 gateway=ISP1 scope=10
add distance=1 dst-address=208.67.222.222/32 gateway=ISP2 scope=10
add check-gateway=ping distance=1 dst-address=10.10.10.1/32 gateway=8.8.8.8 scope=10
add check-gateway=ping distance=1 dst-address=10.10.10.1/32 gateway=208.67.220.220 scope=10
add check-gateway=ping distance=1 dst-address=10.20.20.2/32 gateway=208.67.222.222 scope=10
add check-gateway=ping distance=1 dst-address=10.20.20.2/32 gateway=8.8.4.4 scope=10
This configuration was working for years under v6 and now due to the changes to how the recursive routes are handled in v7 it is not valid. Anyone can help with it being modified to serve the same purpose in v7? Unfortunately there isn't much information on how this is handled in v7 and I think I won't be the first to have such a problem.
 
aesmith
Member Candidate
Member Candidate
Posts: 264
Joined: Wed Mar 27, 2019 6:43 pm

Re: Dual WAN Recursive Failover ROSv7

Thu Jan 13, 2022 3:10 pm

I've just been modelling this with a CHR in GNS3, and as far as I can see for a three layer configuration there are two changes from RoS 6.
(1) Your logical gateways 10.10.10.1 and 10.20.20.2 need to be actual addresses that will respond to ping
(2) Target scope for the routes to these gateways needs to be some value higher than 10 but less than 30

As I said on the other thread, I can't see what this hierarchy is actually achieving for the extra complication of this additional layer. If I understand it correctly your configuration is intended to work as follows ..
  • Your distance 1 default route, first in your list, will be up as long as 10.10.10.1 is reachable
  • You have two alternative routes for 10.10.10.1/32, one via 8.8.8.8 and one via 208.67.220.220
  • So the overall function is that your ISP1 route stays up as long as either 8.8.8.8 or 208.67.220.220 are reachable
Why not cut out the middle man and have the routes as follows ..
/ip route
add check-gateway=ping add distance=1 gateway=8.8.8.8
add check-gateway=ping add distance=1 gateway=208.67.220.220
add check-gateway=ping add distance=2 gateway=8.8.4.4
add check-gateway=ping add distance=2 gateway=208.67.222.222
add distance=1 dst-address=8.8.8.8/32 gateway=ISP1 scope=10
add distance=1 dst-address=8.8.4.4/32 gateway=ISP2 scope=10
add distance=1 dst-address=208.67.220.220/32 gateway=ISP1 scope=10
add distance=1 dst-address=208.67.222.222/32 gateway=ISP2 scope=10
 
aesmith
Member Candidate
Member Candidate
Posts: 264
Joined: Wed Mar 27, 2019 6:43 pm

Re: Dual WAN Recursive Failover ROSv7

Thu Jan 13, 2022 3:21 pm

Could you post up the live view of your routes, including gateway, scope and target scope?
For comparison here's the view from my CHR, configured functionally as follows ..
  • Two Internet paths, one via ether3 192.168.123.1, ignore the second for the moment
  • Remote gateways 8.8.8.8 and 8.8.4.4 configured via 192.168.123.1
  • Logical gateway 10.0.0.1 via each of those two remote gateways
  • Default route via logical gateway 10.0.0.1
The final default route will go down if 10.0.0.1 becomes unreachable, or if both 8.8.8.8 and 8.8.4.4 go down.
You do not have the required permissions to view the files attached to this post.
 
aesmith
Member Candidate
Member Candidate
Posts: 264
Joined: Wed Mar 27, 2019 6:43 pm

Re: Dual WAN Recursive Failover ROSv7

Thu Jan 13, 2022 3:31 pm

In my configuration the logical gateway 10.0.0.1 is a loopback configured on the Internet router 192.168.123.1. If I shutdown that loopback so that 10.0.0.1 stops responding to ping, then the routes fail as follows, even though both 8.8.8.8 and 8.8.4.4 are still reachable ...
You do not have the required permissions to view the files attached to this post.
 
draid
Member Candidate
Member Candidate
Topic Author
Posts: 106
Joined: Wed Aug 22, 2018 5:42 pm

Re: Dual WAN Recursive Failover ROSv7

Thu Jan 13, 2022 4:34 pm

I've just been modelling this with a CHR in GNS3, and as far as I can see for a three layer configuration there are two changes from RoS 6.
(1) Your logical gateways 10.10.10.1 and 10.20.20.2 need to be actual addresses that will respond to ping
(2) Target scope for the routes to these gateways needs to be some value higher than 10 but less than 30

As I said on the other thread, I can't see what this hierarchy is actually achieving for the extra complication of this additional layer. If I understand it correctly your configuration is intended to work as follows ..
  • Your distance 1 default route, first in your list, will be up as long as 10.10.10.1 is reachable
  • You have two alternative routes for 10.10.10.1/32, one via 8.8.8.8 and one via 208.67.220.220
  • So the overall function is that your ISP1 route stays up as long as either 8.8.8.8 or 208.67.220.220 are reachable
Yes, this is exactly how it's working. As long as one of 8.8.8.8 or 208.67.220.220 is active, the default route with distance 1 (the main link) is alive. If both are cut it's switching to the backup. To be honest I didn't thought about cutting the length as this was the configuration I did based on MT documentation years ago and just forgot about till v7 as it just worked.
Could you post up the live view of your routes, including gateway, scope and target scope?
For comparison here's the view from my CHR, configured functionally as follows ..
  • Two Internet paths, one via ether3 192.168.123.1, ignore the second for the moment
  • Remote gateways 8.8.8.8 and 8.8.4.4 configured via 192.168.123.1
  • Logical gateway 10.0.0.1 via each of those two remote gateways
  • Default route via logical gateway 10.0.0.1
The final default route will go down if 10.0.0.1 becomes unreachable, or if both 8.8.8.8 and 8.8.4.4 go down.
Unfortunately at the moment I cannot as I was forced to downgrade back to v6 for a second or third time as I wasn't able to make it work as intended. I hoped that there is an easy way to make it work as intended but it's not so easy. I cannot find out a lot of information how the scope/target scope are supposed to work at the moment. On top of this they've removed the text which pointed out that the current route is recursive.
In my configuration the logical gateway 10.0.0.1 is a loopback configured on the Internet router 192.168.123.1. If I shutdown that loopback so that 10.0.0.1 stops responding to ping, then the routes fail as follows, even though both 8.8.8.8 and 8.8.4.4 are still reachable ...
This is something that I also faced during some experiments but I wasn't sure why it happened. For me the major problem is that I cannot see a solid explanation on how these routes should work on the new version with lets say an example that would make sense.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19109
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Dual WAN Recursive Failover ROSv7

Thu Jan 13, 2022 5:30 pm

Quoting from another thread (and no dont understand them either)
Just two rules:
1) scope of next route should be not more than target-scope of your route (can be equal or less);
2) target-scope of next route should be strictly less than target-scope of your route (this one was introduced in ROS v7);
 
aesmith
Member Candidate
Member Candidate
Posts: 264
Joined: Wed Mar 27, 2019 6:43 pm

Re: Dual WAN Recursive Failover ROSv7

Thu Jan 13, 2022 6:51 pm

Here's two stripped down examples, both CHR running 7.1.1 and modelled in GNS3.

This one the route stays up if either 8.8.8.8 OR 8.8.4.4 are reachable.
Recursive OR 7.1.1 Screenshot_51.png

The other needs both 8.8.4.4 AND 8.8.8.8 to be reachable ..
Recursive AND 7.1.1 Screenshot_51.png
I'm not sure I really understand scope vs target scope either, and my values are a mixture of copying what works elsewhere and a bit of guesswork.
You do not have the required permissions to view the files attached to this post.
 
draid
Member Candidate
Member Candidate
Topic Author
Posts: 106
Joined: Wed Aug 22, 2018 5:42 pm

Re: Dual WAN Recursive Failover ROSv7

Thu Jan 13, 2022 8:02 pm

Quoting from another thread (and no dont understand them either)
Just two rules:
1) scope of next route should be not more than target-scope of your route (can be equal or less);
2) target-scope of next route should be strictly less than target-scope of your route (this one was introduced in ROS v7);
Yes, I saw this, but could you dress in in an example with the cinfig I shared as it didn't worked for me as I hoped it will?
Here's two stripped down examples, both CHR running 7.1.1 and modelled in GNS3.

This one the route stays up if either 8.8.8.8 OR 8.8.4.4 are reachable.
Recursive OR 7.1.1 Screenshot_51.png


The other needs both 8.8.4.4 AND 8.8.8.8 to be reachable ..
Recursive AND 7.1.1 Screenshot_51.png

I'm not sure I really understand scope vs target scope either, and my values are a mixture of copying what works elsewhere and a bit of guesswork.
Thanks I'll try to check this one. I did something similar and it seemed to work as long as I didn't cut both gateways and hoped it will activate the backup link (it didn't happened).

I'm a bit mad at myself as I too cannot rly understand how it is supposed to work with the scopes and I feel like this is not documented well at all. What if I want for example the route 8.8.8.8 to be with priority and if that fails, to trigger 8.8.4.4 and if it also fails to activate the second ISP routes? I really hope that they will document this scenarios in a better way, especially as they made a change in the way it works.
 
aesmith
Member Candidate
Member Candidate
Posts: 264
Joined: Wed Mar 27, 2019 6:43 pm

Re: Dual WAN Recursive Failover ROSv7

Fri Jan 14, 2022 10:46 am

Having realised I was completely up the spout with Scope and Target Scope I have re-worked my "OR" example from scratch. The defaults for a static route are "scope=30" and "target-Scope=10", while a connected route has "scope=10" and no "target-scope".

My understanding is "target-scope" of the 0.0.0.0/0 route controls whether it can find it's next hop or not. "target-scope=10" should mean it can find a next hop with "scope=10" and this works for a simple default route via a directly connected gateway, like my first route in the screenshot. In RoS 6.x you could do the same for a recursive gateway, if you set the gateway route "scope=10" then it could be found by a recursive route with "target-scope=10".

The change in RoS 7 seems to be that a recursive route now only works if the "target-scope" of the recursive route is GREATER than the "scope" of the gateway. So in the first screenshot I've set it to 11, where with RoS 6 it worked with 10.
Recursive OR 7.1.1 Screenshot_52.png

I think this is a bug for a couple of reasons. Firstly because a normal default route with "target-scope=10" can find a directly connected gateway with "scope=10". Secondly if instead of changing "scope" of the gateway, I change "target-scope" of the recursive route then I only have to set it to 30, equal rather than greater. So it's inconsistent, sometimes target-scope needs to be greater or equal to scope, sometimes it needs to be greater.
Recursive OR 7.1.1 Screenshot_53.png


You asked ..
What if I want for example the route 8.8.8.8 to be with priority and if that fails, to trigger 8.8.4.4 and if it also fails to activate the second ISP routes?

If I understand your question correctly then the examples here will do this. The route via 8.8.8.8 distance=1 will be preferred over the route via 8.8.4.4 distance=5. In reality they are both the same route as they both have the same actual next hop of 192.168.123.1. If they both fail then the direct route via the other gateway distance=10

By the way remember that by using 8.8.8.8 and 8.8.4.4 as gateways this means you shouldn't use them as DNS servers within the network. This is because they are now hard coded to the first ISP and won't fail over to the second. I prefer to use something specific to each ISP, for example their DNS servers or a gateway or NTP server. Something you never want to reach via the backup path.
You do not have the required permissions to view the files attached to this post.
 
draid
Member Candidate
Member Candidate
Topic Author
Posts: 106
Joined: Wed Aug 22, 2018 5:42 pm

Re: Dual WAN Recursive Failover ROSv7

Fri Jan 14, 2022 11:58 am

I hope that today I'll have more time to upgrade again and to try reconfigure it again. The thing is that they really should in my opinion give some more documentation on how this is supposed to work as at the moment it's a complete try/error for such configuration which shouldn't happen.

As for the DNS, sure I'm not using neither google nor opendns their 4 addresses are reserved for the fail-over configuration.
 
draid
Member Candidate
Member Candidate
Topic Author
Posts: 106
Joined: Wed Aug 22, 2018 5:42 pm

Re: Dual WAN Recursive Failover ROSv7

Sat Jan 15, 2022 6:40 pm

So, today I had some time for more experiments and it seems that I managed to force it in a working condition or at least it seems to be working as intended. The changes currently made to the configuration that I've shared which was working on v6.x.x are as follow:
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.10.10.1 routing-table=main \
    scope=10 suppress-hw-offload=no target-scope=30
add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=10.20.20.2 routing-table=main \
    scope=10 suppress-hw-offload=no target-scope=30
add disabled=no distance=1 dst-address=8.8.8.8/32 gateway=ISP1 GW routing-table=\
    main scope=10 suppress-hw-offload=no target-scope=10
add disabled=no distance=1 dst-address=8.8.4.4/32 gateway=ISP2 GW routing-table=\
    main scope=10 suppress-hw-offload=no target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=10.10.10.1/32 gateway=8.8.8.8 \
    routing-table=main scope=10 suppress-hw-offload=no target-scope=20
add check-gateway=ping disabled=no distance=2 dst-address=10.10.10.1/32 gateway=\
    208.67.220.220 routing-table=main scope=10 suppress-hw-offload=no target-scope=20
add check-gateway=ping disabled=no distance=1 dst-address=10.20.20.2/32 gateway=8.8.4.4 \
    routing-table=main scope=10 suppress-hw-offload=no target-scope=20
add check-gateway=ping disabled=no distance=2 dst-address=10.20.20.2/32 gateway=\
    208.67.222.222 routing-table=main scope=10 suppress-hw-offload=no target-scope=20
add disabled=no distance=1 dst-address=208.67.220.220/32 gateway=ISP1 GW \
    routing-table=main scope=10 suppress-hw-offload=no target-scope=10
add disabled=no distance=1 dst-address=208.67.222.222/32 gateway=ISP2 GW \
    routing-table=main scope=10 suppress-hw-offload=no target-scope=10
At the moment google dns with distance 1, next on is the openDNS one with distance 2, if this also fails the default route becomes invalid/unreachable (don't know why it's becoming invalid, probably because of the cascade target-scope) and it triggers the second default route from the second ISP with distance 2.

Something interesting I also found that is mentioned in other topics is that there is no place where it is pointed that the route is recursive. Another thing I've spotted is that the next-hop and VRF tabs are missing from the route table which may mean it's still unfinished.
Last edited by draid on Sat Jan 15, 2022 6:47 pm, edited 1 time in total.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19109
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Dual WAN Recursive Failover ROSv7

Sat Jan 15, 2022 6:45 pm

Cant help you on whether or not your scope is correct enough, I only use scope for bad breath.

However, if you look at IP routes in winbox, it will show the live connection as being recursive. (at least if v6.xx)
....
recursive.jpg
You do not have the required permissions to view the files attached to this post.
 
draid
Member Candidate
Member Candidate
Topic Author
Posts: 106
Joined: Wed Aug 22, 2018 5:42 pm

Re: Dual WAN Recursive Failover ROSv7

Sat Jan 15, 2022 6:51 pm

The thing is it doesn't show anything in v7, just the Gateway. As I mentioned it also is missing the Nexthops and VRF tabs, only Routes and Rule tab available.
Screenshot 2022-01-15 185019.jpg
I guess your screenshot is from v6.x,x?
You do not have the required permissions to view the files attached to this post.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Dual WAN Recursive Failover ROSv7

Sat Jan 15, 2022 7:40 pm

Nexthops are moved to Routing->Nexthops. VRF I can see in Interface->VRF and IP->VRF (don't ask me why two). But the nice and friendly "recursive via" seems to be gone. You can enable "Immediate Gateway" column, but the whole thing works weird, display is lagging, doesn't update info and often shows complete nonsese. It looks like it needs some more work.
 
draid
Member Candidate
Member Candidate
Topic Author
Posts: 106
Joined: Wed Aug 22, 2018 5:42 pm

Re: Dual WAN Recursive Failover ROSv7

Sat Jan 15, 2022 7:46 pm

Nexthops are moved to Routing->Nexthops. VRF I can see in Interface->VRF and IP->VRF (don't ask me why two). But the nice and friendly "recursive via" seems to be gone. You can enable "Immediate Gateway" column, but the whole thing works weird, display is lagging, doesn't update info and often shows complete nonsese. It looks like it needs some more work.
Indeed all inactive routes are lagging i.e transition between active/inactive happens only if you switch tabs or open something else. In the configuration I've posted once anything on the chain is cut it doesn't make the path unreachable, but instead Invalid, like it messes something with the scope/target-scope (could be from my setup). And as for Immediate Gateway it only shows the interface of the ISP. The "recursive via" was a great thing as one could easy see what and how is happening.

Will check the nexthops tab tho to compare it with the v6 configuration.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19109
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Dual WAN Recursive Failover ROSv7

Sun Jan 16, 2022 11:36 pm

Overall, why check recursive routes on gateway2
If ISP1 is down, either gateway2 works or it doesn't/

However I suppose if this is a load balancing story, then
both gateways may be the failover for the other and before switching one wants to confirm its truly down..........
Okay I get it now.......
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19109
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Dual WAN Recursive Failover ROSv7

Mon Jan 17, 2022 2:16 am

Looking at your routes and target scope of recursive route must be greater than resolved route.
So overall I think good to go!

Is it working?
If not try to DISABLE the rules in Orange, I do not think they are needed??

The rule of thumb is that the target scope of the recursive route (gw=DNShost)
has to be greater than the target scope of the resolving route (gwy=ISP gateway)



/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.10.10.1 routing-table=main \
scope=10 suppress-hw-offload=no target-scope=30
add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=10.20.20.2 routing-table=main \
scope=10 suppress-hw-offload=no target-scope=30

add disabled=no distance=1 dst-address=8.8.8.8/32 gateway=ISP1 GW routing-table=\
main scope=10 suppress-hw-offload=no target-scope=10
add disabled=no distance=1 dst-address=8.8.4.4/32 gateway=ISP2 GW routing-table=\
main scope=10 suppress-hw-offload=no target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=10.10.10.1/32 gateway=8.8.8.8 \
routing-table=main scope=10 suppress-hw-offload=no target-scope=20
add check-gateway=ping disabled=no distance=2 dst-address=10.10.10.1/32 gateway=\
208.67.220.220 routing-table=main scope=10 suppress-hw-offload=no target-scope=20
add check-gateway=ping disabled=no distance=1 dst-address=10.20.20.2/32 gateway=8.8.4.4 \
routing-table=main scope=10 suppress-hw-offload=no target-scope=20
add check-gateway=ping disabled=no distance=2 dst-address=10.20.20.2/32 gateway=\
208.67.222.222 routing-table=main scope=10 suppress-hw-offload=no target-scope=20
add disabled=no distance=1 dst-address=208.67.220.220/32 gateway=ISP1 GW \
routing-table=main scope=10 suppress-hw-offload=no target-scope=10
add disabled=no distance=1 dst-address=208.67.222.222/32 gateway=ISP2 GW \
routing-table=main scope=10 suppress-hw-offload=no target-scope=10
 
draid
Member Candidate
Member Candidate
Topic Author
Posts: 106
Joined: Wed Aug 22, 2018 5:42 pm

Re: Dual WAN Recursive Failover ROSv7

Mon Jan 17, 2022 9:13 am

^ It is working as the posted configuration. At the moment if GW 8.8.8.8 for ISP1 fails it's using then 208.67.220.220 , if that also fails it's switching to the second ISP. And if the path through ISP1 is active again it's switching back to ISP1. The only strange behavior I see is that if I pull the ISP1 cable lets say all routes connected to it are becoming with tag invalid/unreachable, and on v6 it was only unreachable. Sadly I do not know how to check if it's working how it should other way than just simulate single failure for example disabling one path or just pulling off the cable.

You think that removing the default route should be done? That seems strange to me?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19109
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Dual WAN Recursive Failover ROSv7

Mon Jan 17, 2022 2:06 pm

^ It is working as the posted configuration. At the moment if GW 8.8.8.8 for ISP1 fails it's using then 208.67.220.220 , if that also fails it's switching to the second ISP. And if the path through ISP1 is active again it's switching back to ISP1. The only strange behavior I see is that if I pull the ISP1 cable lets say all routes connected to it are becoming with tag invalid/unreachable, and on v6 it was only unreachable. Sadly I do not know how to check if it's working how it should other way than just simulate single failure for example disabling one path or just pulling off the cable.

You think that removing the default route should be done? That seems strange to me?
Dont, if its working for you............... I forget you are using a mangle load balance thing and they are probably required.
 
draid
Member Candidate
Member Candidate
Topic Author
Posts: 106
Joined: Wed Aug 22, 2018 5:42 pm

Re: Dual WAN Recursive Failover ROSv7

Mon Jan 17, 2022 2:35 pm

No, I'm not using any Mangal rules. Just fail-over with src-nat. ISP1 is the priority link and when it's up I'm using it. Some day I may split the traffic but at the moment it isn't.
 
aesmith
Member Candidate
Member Candidate
Posts: 264
Joined: Wed Mar 27, 2019 6:43 pm

Re: Dual WAN Recursive Failover ROSv7

Mon Jan 17, 2022 5:23 pm

Can you show the routes actually in effect as well? From the CLI "ip route print". I think the orange routes are your only actual default routes.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19109
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Dual WAN Recursive Failover ROSv7

Mon Jan 17, 2022 5:27 pm

No, I'm not using any Mangal rules. Just fail-over with src-nat. ISP1 is the priority link and when it's up I'm using it. Some day I may split the traffic but at the moment it isn't.
Then no need for default routes........
I dont use any on my configuration ????
 
draid
Member Candidate
Member Candidate
Topic Author
Posts: 106
Joined: Wed Aug 22, 2018 5:42 pm

Re: Dual WAN Recursive Failover ROSv7

Mon Jan 17, 2022 9:28 pm

Can you show the routes actually in effect as well? From the CLI "ip route print". I think the orange routes are your only actual default routes.
Orange routes are indeed the only default routes.
Screenshot 2022-01-17 213002.jpg
Then no need for default routes........
I dont use any on my configuration ????
Well I meant that I haven't set any marking in the firewall mangle.
You do not have the required permissions to view the files attached to this post.
 
aesmith
Member Candidate
Member Candidate
Posts: 264
Joined: Wed Mar 27, 2019 6:43 pm

Re: Dual WAN Recursive Failover ROSv7

Tue Jan 18, 2022 10:49 am

Then no need for default routes........
I dont use any on my configuration ????
I'm not sure if this is a difference in terminology. In my world a "default route" is a route to 0.0.0.0/0. It's "default" because it's used for any destination that isn't known or doesn't have a more specific route available. A normal Internet router pretty much always needs one of these, otherwise it won't send stuff to the Internet. A possible exception might be where some sort of policy based routing is setting next hop in some other way, and the routing table therefore isn't being consulted.

If that's the terminology then I can't see how draid's configuration would work without those two routes. It could be simplified to miss off the 10.x.x.x virtual gateways, as in my earlier examples. However from what's been posted it seems to be working the way he has it at the moment. The ISP1 route is taking precedence, but the ISP2 route is sitting ready to step in.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19109
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Dual WAN Recursive Failover ROSv7

Tue Jan 18, 2022 2:44 pm

Strange, what are 10.10.10.1 and 10.20.20.1 in his setup?
My IPs are dynamic so I dont set them in my rules..............


Mine looks like (Vers 6) in IP ROUTES:
AS/ dst-address=0.0.0.0/0 Gateway= 1.0.0.1 recursive via (ISP gateway IP) check-gateway=ping distance=3 (black active route)
AS/ dst-address=0.0.0.0/0 Gateway=9.9.9.9 recursive via (ISP gateway IP) check-gateway=ping distance=4 (blue non-active route)

AS/ dst-address=1.0.0.1 Gateway=ISPGateway reachable (black active)
AS/ dst-address=9.9.9.9 Gateway=ISPGateway reachable (blue non-active)

In the config it looks like
/ip route
add check-gateway=ping distance=3 gateway=1.0.0.1
add check-gateway=ping distance=4 gateway=9.9.9.9
add comment=PrimaryRecursive distance=3 dst-address=1.0.0.1/32 gateway=134.41.96.1 scope=10
add comment=SecondaryRecursive distance=4 dst-address=9.9.9.9/32 gateway=134.41.96.1 scope=10


IN OTHER WORDS
distance=1 gateway=ISP gateway

IS the same thing as saying
dst-address=0.0.0.0/0 gateway=ISP gateway distance=1

I have no default routes that you speak of ??
 
aesmith
Member Candidate
Member Candidate
Posts: 264
Joined: Wed Mar 27, 2019 6:43 pm

Re: Dual WAN Recursive Failover ROSv7

Tue Jan 18, 2022 4:32 pm

Strange, what are 10.10.10.1 and 10.20.20.1 in his setup?
That was an idea in an older Mikrotik presentation. To make your default route rely on two remote gateways on an either/or basis, you used a third intermediate gateway address. I don't really see the benefit over having two default routes, one referencing each of the two remote gateways like your configuration. See slide 25 onwards here.
https://mum.mikrotik.com/presentations/ ... 743837.pdf
 
draid
Member Candidate
Member Candidate
Topic Author
Posts: 106
Joined: Wed Aug 22, 2018 5:42 pm

Re: Dual WAN Recursive Failover ROSv7

Tue Jan 18, 2022 7:27 pm

Yes 10.10.10.1 and 10.20.20.2 are not the gateway adresses of the two ISPs. As aesmith said the configuration could be simplified by removing the 4 10.x.x.x addresses and just add two more default gateways, so something like:

1. 0.0.0.0/0 GW 8.8.8.8 Dst 1
2. 0.0.0.0/0 GW 208.67.220.220 Dst 1
3. 0.0.0.0/0 GW 8.8.4.4 Dst 2
4. 0.0.0.0/0 GW 208.67.222.222 Dst 2

However with the middle-man 10.x.x.x I'm having only two default routes, one for each ISP and it seems to be more "arranged" for me in a way.

Here the major concern were the scope/target-scope and how they should be properly tied in such configuration which I'm still not sure even If the latest configuration I shared seems to be a working solution.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19109
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Dual WAN Recursive Failover ROSv7

Tue Jan 18, 2022 10:21 pm

Yes 10.10.10.1 and 10.20.20.2 are not the gateway adresses of the two ISPs. As aesmith said the configuration could be simplified by removing the 4 10.x.x.x addresses and just add two more default gateways, so something like:

1. 0.0.0.0/0 GW 8.8.8.8 Dst 1 target scope=12
2. 0.0.0.0/0 GW 208.67.220.220 Dst 1 target scope=12
3. 0.0.0.0/0 GW 8.8.4.4 Dst 2 target scope=12
4. 0.0.0.0/0 GW 208.67.222.222 Dst 2 target scope=12
PLUS the four other routes needed.
dst=8.8.8.8 gwy=ISP1 target scope=11
dst=208.67.220.220 gwy=ISP1 target scope=11
dst=8.8..4.4. gwy=ISP2 target scope=11
dst=208.67.222.222 gwy=ISP2 target scope=11

++++++++++++++++++++++++++++++++++++++++++

If you are not mangling and you are only using ISP2 if ISP1 goes down then this could be shorter still.

add check-gateway=ping distance=5 dst-address=0.0.0.0/0 GW 8.8.8.8 target scope=12
add check-gateway=ping distance=10 dst-address=0.0.0.0/0 GW 208.67.220.220 target scope=12
add comment=SecondaryWAN distance=20 dst-address=0.0.0.0/0 gateway=wan2 Gateway target-scope=11
dst=8.8.8.8 gwy=ISP1 target scope=11
dst=208.67.220.220 gwy=ISP1 target scope=11
Last edited by anav on Wed Jan 19, 2022 2:20 pm, edited 1 time in total.
 
aesmith
Member Candidate
Member Candidate
Posts: 264
Joined: Wed Mar 27, 2019 6:43 pm

Re: Dual WAN Recursive Failover ROSv7

Wed Jan 19, 2022 12:57 pm

Here the major concern were the scope/target-scope and how they should be properly tied in such configuration which I'm still not sure even If the latest configuration I shared seems to be a working solution.
The whole business of scope vs target-scope seems to be a mess in RoS 7, there are inconsistencies like the fact that a route with target-scope=30 can happily find a gateway with scope=30. But if the gateway is scope=10 then the route has to be target-scope=11. And further more for the virtual gateway it seems its target-scope needs to be greater than the target-scope of the virtual gateway, not the scope.
However the following seems to work. The default route via 192.168.123.1 stays up as long as either 8.8.8.8 or 8.8.4.4 respond, if they are both down then the route goes unavailable and the second route via 192.168.122.1 takes effect.
Recursive Virtual Screenshot_55.png
You do not have the required permissions to view the files attached to this post.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19109
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Dual WAN Recursive Failover ROSv7

Wed Jan 19, 2022 2:24 pm

what is 10.0.0.1 ????
If it its not your DNS hosts and if its not your ISP, get rid of it.........

add check-gateway=ping distance=5 dst-address=0.0.0.0/0 GW 8.8.8.8 target scope=12
add check-gateway=ping distance=10 dst-address=0.0.0.0/0 GW 8.8.4.4 target scope=12
add comment=SecondaryWAN distance=20 dst-address=0.0.0.0/0 gateway=192.168.122.1 target-scope=11
dst=8.8.8.8 gwy=192.168.123.1 target scope=11 distance=5
dst=8.8.4.4 gwy=192.168.123.1 target scope=11 distance=10

Who is online

Users browsing this forum: CGGXANNX, DanMos79, xrlls and 40 guests