Community discussions

MikroTik App
 
TimothyKoval
just joined
Topic Author
Posts: 2
Joined: Wed Jun 10, 2020 1:51 am

Dual WAN failover

Wed Mar 02, 2022 12:01 am

I've been fiddling with RouterOS' dual WAN failover, and I've found it somewhat hard to implement (fiy - I'm not an expert in networking). Whatever solution I've found was either too complex or didn't work at all. I've thought of a solution with simple routing distance changes, without any recursive lookups and such, and I came up with a solution:

Let's say I've got two WAN ports (ether1 and ether2), first one is main WAN port, second is for backup. The thing is I don't want (or rather can't have) load balancing between two networks, so I'm forcing 8.8.8.8 to go through ether1, remaining traffic to go throught ether1 (higher distance) and ether2 just sits there and waits (accepting incoming traffic).
/ip route
add comment=CHECK disabled=no distance=1 dst-address=8.8.8.8/32 gateway=192.168.1.1
add comment=MAIN disabled=no distance=2 dst-address=0.0.0.0/0 gateway=192.168.1.1
add comment=BACKUP disabled=no distance=3 dst-address=0.0.0.0/0 gateway=192.168.9.1
If I need to use DHCP, I add dhcp-client config to appropriate interfaces. I disable adding default route (it would mess up config above) and I add a little script to update gateways in routing tables (in case gateway changes)
/ip dhcp-client
add add-default-route=no comment=defconf interface=ether1 script="/ip route set [find comment=\"CHECK\"] gateway=([/ip dhcp-client get [find interface\
    =ether1]]->\"gateway\")\r\
    \n/ip route set [find comment=\"MAIN\"] gateway=([/ip dhcp-client get [find interface=ether1]]->\"gateway\")"
add add-default-route=no comment=defconf interface=ether2 script=\
    "/ip route set [find comment=\"BACKUP\"] gateway=([/ip dhcp-client get [find interface=ether2]]->\"gateway\")"
Then I'm using a single script run with a scheduler to ping 8.8.8.8 via CHECK route (distance 1, gateway same as MAIN). If it fails after 5 attempts I increase distance of MAIN route, so all remaining traffic goes through BACKUP route (ether2).
/system script
add dont-require-permissions=no name=wan_failover owner=admin policy=read,write,policy,test source="#SCRIPT SOURCE BELOW FOR BETTER READABILLITY"
Script's source
:local PingFailTreshold 5
:global PingFailCount
:if ([:typeof $PingFailCount] = "nothing") do={:set $PingFailCount 0}

:local PingResult
:set $PingResult [:typeof ([/tool/ping address=8.8.8.8 count=1 interval=1 as-value]->"status")]
:if ($PingResult = "nothing") do={
	:if ($PingFailCount > 0) do={
		:if ($PingFailCount >= ($PingFailTreshold -1)) do={
			/log/error "WAN on ether1 is UP, adjusting routes"
			/ip/route/set [find comment="MAIN"] distance=2
		}
		:set $PingFailCount 0
	}
} else={
	:set $PingFailCount ($PingFailCount + 1)
	:if ($PingFailCount = ($PingFailTreshold -1)) do={
		/log/error "WAN on ether1 is DOWN, adjusting routes"
		/ip/route/set [find comment="MAIN"] distance=10
	}
}
Scheduler triggers script execution
/system scheduler
add interval=5s name=wan_failover on-event=wan_failover policy=read,write,policy,test start-time=startup
The downside is I'm unable to use 8.8.8.8 for DNS if my primary WAN fails, but that's not a real issue for me, and I can always change it to some other IP.

So, please tell me, am I crazy, or is this REALLY SIMPLE solution actually works?
 
s3uz
just joined
Posts: 4
Joined: Thu Dec 30, 2021 1:40 pm

Re: Dual WAN failover

Fri Aug 12, 2022 2:10 am

Thank you! Finally working solution!
 
tomislav91
Member
Member
Posts: 303
Joined: Fri May 26, 2017 12:47 pm

Re: Dual WAN failover

Sun Sep 18, 2022 1:15 am

what happend when you just plug out cable from isp modem? Then you will see gateway from MikroTik but there will be no internet access.
Check it, and let us with results. I have problems with my script for failover in that kind of cases.

Who is online

Users browsing this forum: ko00000000001 and 14 guests