Community discussions

MikroTik App
just joined
Topic Author
Posts: 22
Joined: Wed Apr 25, 2018 1:31 am

WAN failover basics

Wed Sep 28, 2022 2:43 am


when dealing with several WAN and failover i use WAN1 with scope 1 and target scope 10 and WAN 2 with scope 2 and target scope 10 and recursive for failover function and both internet used
but as i understand this way of thinking is going away and we should be using ip router rules instead of recursive like i do and some traffic i steer to wan1 and others to wan2.

Would appreciate an basic Example with 2 WANS and failover what would it look like with regards to ir/route rule matchng recursive ...

Thank you
User avatar
Posts: 41
Joined: Thu Nov 11, 2021 4:40 am
Location: Bandung

Re: WAN failover basics

Wed Sep 28, 2022 11:05 am

You can see this post viewtopic.php?t=189520
Just change the failover (distance: 200) to different distance.

Forum Guru
Forum Guru
Posts: 9707
Joined: Mon Dec 04, 2017 9:19 pm

Re: WAN failover basics  [SOLVED]

Wed Sep 28, 2022 5:05 pm

You are mixing too many subjects together.

scope and target-scope control the recursion, where a destination (dst-address) of a "server" route can be used as the gateway address of another, "client", route. The purpose of these two parameters is to prevent recursive loops - a "client" route can only use other routes as its "server" ones if its target-scope value is higher than (or equal to in RouterOS 6) their scope ones.

Recursive routing and these parameters were originally intended for use in dynamic routing (using BGP or other routing protocols); the possibility to use them for uplink redundancy with statically configured routing alone is a welcome side-effect. Using check-gateway=ping, an indirect route may monitor the actual availability of the network path, and become unavailable if the gateway address doesn't respond to pings, allowing other routes to take over.

This way of thinking does not go away - there are subtle changes between RouterOS 6 and RouterOS 7, but the basic idea remains. You may not be satisfied with the speed of detection of the uplink unavailability because you cannot affect the frequency of check-ping (which is hardcoded to 1 ping in 10 seconds), but other than this, there is no need to use anything else to monitor the uplink availability.

scope values 1 and 2 of the topmost "client" routes do not affect the mutual priority of multiple available routes with otherwise identical parameters (dst-address, routing-mark). For this purpose, the distance parameter is used.

Routing rules (and/or mangle rules) are used for a different purpose - to use specific routing strategies for distinct classes of traffic, assigning them distinct routing marks, each identifying a specific routing table to use. But in these specific routing tables, you can still use recursive routes.

So ex.:
/ip route add
dst-address= gateway= scope=10
dst-address= gateway= scope=10

routing-mark=main gateway= target-scope=11 check-gateway=ping distance=1
routing-mark=main gateway= target-scope=11 check-gateway=ping distance=2

routing-mark=pref-wan-222 gateway= target-scope=11 check-gateway=ping distance=2
routing-mark=pref-wan-222 gateway= target-scope=11 check-gateway=ping distance=1

routing-mark=only-wan-222 gateway= distance=1
routing-mark=only-wan-222 type=blackhole

The first pair of routes are the server routes for the recursive client ones, specifying the actual gateways in connected subnets, hence their scope is lowered to 10 as compared to the default 30.

The second pair of default routes are recursive clients of the first two, so their target-scope is set to 11 (the default 10 would be sufficient for RouterOS 6). The route via, resolving to, is to be preferred whenever both WANs are available, hence its distance is set to 1 whereas the other one has distance 2. Routing table main is used if no routing-mark is assigned to the packet (and it is the default value of routing-mark when adding a route).

The third pair of default routes are also recursive clients of the first two, but they are intended for traffic that should prefer WAN 2, so the route via, resolving to, has a lower distance value here.

The fourth pair of default routes is for traffic that must only use WAN 2 and not fail over to WAN 1 even if WAN 2 becomes unavailable. Hence there is no point in monitoring availability of WAN 2, so the first route is not a recursive client of any other one and specifies the address of the actual gateway. But if WAN 2 goes down physically, this route becomes unavailable, so there must be the second one that will prevent the routing process from using routing table main instead (this is just one possible way of doing that, there are other ones as well).

What you use to assign the routing-mark values to particular packets is another question, and the behaviour differs between RouterOS 6 and older versions of RouterOS 7 at one hand, and recent versions of RouterOS 7 on the other one. In particular, in the older versions the routing-mark assigned by mangle rules can be overwritten using routing rules; this is not possible in the newer versions.
Don't write novels, post /export hide-sensitive file=x. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
User avatar
Forum Guru
Forum Guru
Posts: 13681
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: WAN failover basics

Wed Sep 28, 2022 9:14 pm

Would add, no there is no need to deviate from the normal recursive methods and run to routing rules.......
Routing rules are more for directing users out a specific interface. (exceptions for the most part).

For more info on recursive........
See Para's I through L - viewtopic.php?t=182373
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
PS. I only scratch the surface!

Who is online

Users browsing this forum: Baidu [Spider] and 20 guests