Hello all!
I know this question has been asked but I have done some testing and can not find a forum that applies and works for our specific scenario. This should be fairly straight forward but I am not the best at scripting or mangle rules so I am hoping the community can help! This is also a two part question!
We have a customer that has a Mikrotik as their gateway router. They have Comcast as their primary ISP and it is setup fairly standard (static public, quad zero, etc...). They have recently added a secondary internet connection with fiber via Century Link. The Comcast line connects to ether1 and the Century Link connects to ether13. There is a quad zero route for both WAN connections and both are verified. If we fail over to the fiber line, all traffic fails over as it should. Previously, they had a separate router that had a T1 line. The fiber is a bit of an upgrade. Key part here is the T1 connected to a different router than the primary line, while the fiber actually connects to the same router. This is also the corporate location for our largest and most important customer so we really do not want to risk downtime if avoidable.
Question 1
The problem is currently both WAN interfaces are not pingable. So, we can only ping the WAN interface that is active at that moment. I understand why this is happening but am not sure how to fix it. I have read some forums about setting up mangle rules that tag the inbound traffic and send it back out the same default route but I had issues getting it to work and was hoping I could get some help with the configuration. Or is there a better way to do this?
Question 2
Historically, if the Comcast line went down we were able to log into the T1 router and get to the Comcast router and fail over the LAN. Since we are decommissioning the T1 router we are going ton lose this ability. As a scenario example.... If the Comcast internet connection fails a couple hops out then the default route on the gateway Mikrotik will not fail over, even though the internet is actually down. We had a previous customer that had a similar scenario and our old Network Admin setup a script that would ping something public, like 8.8.8.8, and if not available it would fail over to the other default route. The script often had issues with flapping the routes back and forth though and never worked correctly. What is the best way to handle this with Tiks? I guess if we can get the fiber pingable from question 1 it would allow us to get in and change the administrative distance if this occurred but it is not very automated.
I am more concerned with the first question currently but it would be nice to have a nice clean solution for both of these. Thoughts? I can provide configs or whatever is needed.