Community discussions

MikroTik App
 
parham
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 62
Joined: Sun Feb 15, 2015 11:35 pm

CHeck gateway

Thu Apr 28, 2022 7:41 pm

Hey all,

FAO Developers

1- Can you please add Src-address in net watch.
2- Can you please add host ip in the route for check gateway ping.

Thanks
Parham
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7038
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v7.3beta [testing] is released!

Thu Apr 28, 2022 8:29 pm

Check gateway is what the name suggests, to check gateway. If you want to check some nodes behind the gateway use other tools. If you want to make the route active/inactive based on specific nodes reachability behind the gateway, use either recursive routing or other tools + scripts.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.3beta [testing] is released!

Thu Apr 28, 2022 9:17 pm

His other request is valid, though! Netwatch could have an optional source address, VRF, and fail-count added.
(not that I want to suggest working on that before finishing the BGP features :-)
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3169
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: v7.3beta [testing] is released!

Fri Apr 29, 2022 2:32 am

Check gateway is what the name suggests, to check gateway.
True but not easy if dynamic routes.

I'd used to a dynamic-in rule in V6 to add the check-gateway to a DHCP client injected dynamic route. Scriptable, but if you forget to add a script, no check-gateway. The dynamic-in rule made that automatic but those are still gone...
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3169
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: v7.3beta [testing] is released!

Fri Apr 29, 2022 2:41 am

2- Can you please add host ip in the route for check gateway ping.
That "recursive routing", Mikrotik has an example. But you'd just use the "host ip" you'd want check, instead of the 8.8.8.8 ones in the example.
See https://help.mikrotik.com/docs/pages/vi ... d=26476608

Since those are DNS addresses it make it look like DNS is involved, but they use them in the example since they are always pingable. But basically the 8.8.8.8 is the "host ip in the route for check gateway" you're looking for. And if you have only one route, you don't need the firewall marking either.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.3beta [testing] is released!

Fri Apr 29, 2022 10:20 am

2- Can you please add host ip in the route for check gateway ping.
That "recursive routing", Mikrotik has an example. But you'd just use the "host ip" you'd want check, instead of the 8.8.8.8 ones in the example.
See https://help.mikrotik.com/docs/pages/vi ... d=26476608

Since those are DNS addresses it make it look like DNS is involved, but they use them in the example since they are always pingable. But basically the 8.8.8.8 is the "host ip in the route for check gateway" you're looking for. And if you have only one route, you don't need the firewall marking either.
Remember to always use a host which is either under your control or has a defined policy w.r.t. pinging.
Otherwise, the admin of the host may at sometime get bored with all the pings, adjust the firewall so it no longer forwards those, and suddenly the ping replies stop and your network is in trouble.
I don't know if 8.8.8.8 has a policy that allows pinging it, but I think it offers DNS resolver service, not PING service, explicitly. So that may terminate at any moment.
Years ago we had a situation like that in the network of the ISP I used at work. I had all kinds of clever scripting to change from main ADSL line to backup ISDN line and at some time it switched to ISDN because "no more ping on the ADSL", then found no ping on ISDN either and shutdown the internet and sent an alert.
But all was fine, it was just the sysadmins that had enough of everyone pinging the router (they said it was inefficient and causing a load on their router) and disabled it.
And of course as a user, you have no guarantee that everything can be pinged. So be careful, especially when you have no monitoring.
 
ivicask
Member
Member
Posts: 417
Joined: Tue Jul 07, 2015 2:40 pm
Location: Croatia, Zagreb

Re: v7.3beta [testing] is released!

Fri Apr 29, 2022 12:12 pm



That "recursive routing", Mikrotik has an example. But you'd just use the "host ip" you'd want check, instead of the 8.8.8.8 ones in the example.
See https://help.mikrotik.com/docs/pages/vi ... d=26476608

Since those are DNS addresses it make it look like DNS is involved, but they use them in the example since they are always pingable. But basically the 8.8.8.8 is the "host ip in the route for check gateway" you're looking for. And if you have only one route, you don't need the firewall marking either.
Remember to always use a host which is either under your control or has a defined policy w.r.t. pinging.
Otherwise, the admin of the host may at sometime get bored with all the pings, adjust the firewall so it no longer forwards those, and suddenly the ping replies stop and your network is in trouble.
I don't know if 8.8.8.8 has a policy that allows pinging it, but I think it offers DNS resolver service, not PING service, explicitly. So that may terminate at any moment.
Years ago we had a situation like that in the network of the ISP I used at work. I had all kinds of clever scripting to change from main ADSL line to backup ISDN line and at some time it switched to ISDN because "no more ping on the ADSL", then found no ping on ISDN either and shutdown the internet and sent an alert.
But all was fine, it was just the sysadmins that had enough of everyone pinging the router (they said it was inefficient and causing a load on their router) and disabled it.
And of course as a user, you have no guarantee that everything can be pinged. So be careful, especially when you have no monitoring.
I do wonder also why mikrotik doesnt provide us simpler gateway failover mechanism.
They could just add option to ping one or more ip in failover and route ping thru the very same gateway automatically thats added in rule like for example.

Gateway:192.168.1.1
Check Gateway:ping external
1.1.1.1
9.9.9.9
8.8.8.8

All 3 not pingable thru this gateway? Then its down.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3169
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: v7.3beta [testing] is released!

Fri Apr 29, 2022 5:09 pm



Remember to always use a host which is either under your control or has a defined policy w.r.t. pinging.
Otherwise, the admin of the host may at sometime get bored with all the pings, adjust the firewall so it no longer forwards those, and suddenly the ping replies stop and your network is in trouble.
I don't know if 8.8.8.8 has a policy that allows pinging it, but I think it offers DNS resolver service, not PING service, explicitly. So that may terminate at any moment.
Years ago we had a situation like that in the network of the ISP I used at work. I had all kinds of clever scripting to change from main ADSL line to backup ISDN line and at some time it switched to ISDN because "no more ping on the ADSL", then found no ping on ISDN either and shutdown the internet and sent an alert.
But all was fine, it was just the sysadmins that had enough of everyone pinging the router (they said it was inefficient and causing a load on their router) and disabled it.
And of course as a user, you have no guarantee that everything can be pinged. So be careful, especially when you have no monitoring.
I do wonder also why mikrotik doesnt provide us simpler gateway failover mechanism.
They could just add option to ping one or more ip in failover and route ping thru the very same gateway automatically thats added in rule like for example.

Gateway:192.168.1.1
Check Gateway:ping external
1.1.1.1
9.9.9.9
8.8.8.8

All 3 not pingable thru this gateway? Then its down.
I've been forced down the recursive routing method myself - it works - but confusing. So don't disagree, in theory "Detect Internet" under Interfaces does a lightweight version of that – but can't say I'd recommend that approach in most cases.

I don't use Google DNS myself, both for the concerns as @pe1chl but also if someone else looks at the config, it sure look like some kinda DNS redirection thing at first glance.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: CHeck gateway

Sat Apr 30, 2022 1:32 am

To me, Detect Internet seems as first step in that direction. Only so far it ended right there and doesn't do anything useful beyond confusing users... which actually isn't very useful. :)
 
PaChF11
just joined
Posts: 1
Joined: Sat Apr 23, 2022 2:11 am

Re: v7.3beta [testing] is released!

Wed Dec 07, 2022 5:44 am



Remember to always use a host which is either under your control or has a defined policy w.r.t. pinging.
Otherwise, the admin of the host may at sometime get bored with all the pings, adjust the firewall so it no longer forwards those, and suddenly the ping replies stop and your network is in trouble.
I don't know if 8.8.8.8 has a policy that allows pinging it, but I think it offers DNS resolver service, not PING service, explicitly. So that may terminate at any moment.
Years ago we had a situation like that in the network of the ISP I used at work. I had all kinds of clever scripting to change from main ADSL line to backup ISDN line and at some time it switched to ISDN because "no more ping on the ADSL", then found no ping on ISDN either and shutdown the internet and sent an alert.
But all was fine, it was just the sysadmins that had enough of everyone pinging the router (they said it was inefficient and causing a load on their router) and disabled it.
And of course as a user, you have no guarantee that everything can be pinged. So be careful, especially when you have no monitoring.
I do wonder also why mikrotik doesnt provide us simpler gateway failover mechanism.
They could just add option to ping one or more ip in failover and route ping thru the very same gateway automatically thats added in rule like for example.

Gateway:192.168.1.1
Check Gateway:ping external
1.1.1.1
9.9.9.9
8.8.8.8

All 3 not pingable thru this gateway? Then its down.
Exactly - pfSense has that functionallity and if I remember it was also in older RouterOS - easy in one step instead of over a dozen of commands....

Who is online

Users browsing this forum: Google [Bot], nuwang13, Rhydu and 60 guests