Community discussions

MikroTik App
 
aarntesla
just joined
Topic Author
Posts: 5
Joined: Fri Mar 11, 2022 10:40 pm

pcc failover netwatch

Fri Jan 13, 2023 2:09 am

Hello!

The next configuration use netwatch tool for enable or disable routes in an interval of 10 seconds when wan1 or wan2 fail, using two static routes to dns cisco
Check
wan1 -> 208.67.222.222
wan2 -> 207.67.220.220

/ip dns
set allow-remote-requests=yes cache-max-ttl=1h max-concurrent-queries=200 max-concurrent-tcp-sessions=100 query-total-timeout=5s servers=8.8.8.8,8.8.4.4

/ip address
add address=192.168.21.197/24 interface=wan1 network=192.168.21.0
add address=192.168.70.197/24 interface=wan2 network=192.168.70.0
add address=192.168.80.1/24 interface=lan network=192.168.80.0

/ip firewall mangle
add action=accept chain=prerouting dst-address=192.168.21.0/24 in-interface=lan
add action=accept chain=prerouting dst-address=192.168.70.0/24 in-interface=lan
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=wan1 new-connection-mark=ISP1_conn
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=wan2 new-connection-mark=ISP2_conn
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=lan new-connection-mark=ISP1_conn per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=lan new-connection-mark=ISP2_conn per-connection-classifier=both-addresses:2/1
add action=mark-routing chain=prerouting connection-mark=ISP1_conn in-interface=lan new-routing-mark=to_ISP1
add action=mark-routing chain=prerouting connection-mark=ISP2_conn in-interface=lan new-routing-mark=to_ISP2
add action=mark-routing chain=output connection-mark=ISP1_conn new-routing-mark=to_ISP1
add action=mark-routing chain=output connection-mark=ISP2_conn new-routing-mark=to_ISP2

/ip firewall nat
add action=masquerade chain=srcnat out-interface=wan1
add action=masquerade chain=srcnat out-interface=wan2

/ip route
#routes for check internet via wan1 or wan2
add comment=Check-ISP1 dst-address=208.67.222.222 gateway=192.168.21.1
add comment=Check-ISP2 dst-address=208.67.220.220 gateway=192.168.70.1
#balancing wans
add check-gateway=ping comment=ISP2 disabled=no gateway=192.168.70.1@main routing-table=to_ISP2
add check-gateway=ping comment=ISP1 disabled=no gateway=192.168.21.1@main routing-table=to_ISP1
#internet mikrotik
add distance=1 gateway=192.168.21.1
add distance=2 gateway=192.168.70.1

/tool netwatch
add disabled=no down-script="/ip route set [find comment=ISP1] disabled=yes" host=208.67.222.222 interval=10s test-script="" type=simple up-script="ip route set [find comment=ISP1] disabled=no"
add disabled=no down-script="/ip route set [find comment=ISP2] disabled=yes" host=208.67.220.220 interval=10s test-script="" type=simple up-script="ip route set [find comment=ISP2] disabled=no"

Who is online

Users browsing this forum: GoogleOther [Bot] and 60 guests