Community discussions

 
gotsprings
Forum Veteran
Forum Veteran
Topic Author
Posts: 778
Joined: Mon May 14, 2012 9:30 pm

Using 2 Gateways/WANs/ISPs and Monitoring them

Sun Jun 17, 2018 9:50 pm

Problem:
2 Gateways.
Comcast Cable = 2.2.2.2 on interface ether1
Cellular = 3.3.3.3 on interface ether6-Cell

Cable should be the primary, Cellular should be the failover.
/ip route
add comment=MarkComcast distance=10 gateway=2.2.2.2 routing-mark=Comcast
add comment=MarkCell distance=10 gateway=3.3.3.3 routing-mark=4Cell
add disabled=yes distance=10 gateway=3.3.3.3 routing-mark=4Cell
add check-gateway=ping comment="Comcast Static" distance=1 gateway=2.2.2.2
add check-gateway=ping comment="Cellular" distance=2 gateway=3.3.3.3
If Cable goes down... Cellular becomes active.

To make the cellular work when it is not the primary...
/ip firewall mangle
add action=mark-connection chain=prerouting comment="Cell Back Up" \
    connection-mark=no-mark in-interface=ether6-Cell new-connection-mark=Cell
    passthrough=no
add action=mark-routing chain=prerouting comment=Cell connection-mark=Cell \
    in-interface=bridge-local new-routing-mark=4Cell passthrough=no
add action=mark-routing chain=output comment=Cell connection-mark=Cell \
    new-routing-mark=4Cell passthrough=no
That works too.

Now here is where I am getting stuck...
I want to monitor a host over each connection and take action based on outages.

Have Comcast Ping 75.75.75.75
Have Cellular Ping 8.8.4.4

When pings to 75.75.75.75 fail... I would like to change the "Comcast Static" to 3.
/ip route 
set distance=3 [find comment="Comcast Static"]
That should make the Cellular the primary.
But I want to keep checking 75.75.75.75 for when it comes back to flip it back to the primary.
/ip route 
set distance=1 [find comment="Comcast Static"]
I am sure I am making a routing table mistake and making this too hard.
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain
 
anav
Forum Guru
Forum Guru
Posts: 3114
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Using 2 Gateways/WANs/ISPs and Monitoring them

Sun Jun 17, 2018 11:47 pm

gotsprings I think your initial setup is questionable.

If comcast is your primary WAN, you shouldnt need to mangle anything for comcast, all traffic is going in that direction.
If you have some traffic that you need to go to the fail-over, that makes sense to me as a case for mangle.
Also I am assuming you want these users to go out cellular regardless so distance=1 is fine.
Dont need ping on second gateway it is implied that if the primary returns traffic will go back to primary.

/ip route {unnecessary rules removed}
add des=0.0.0.0/0 comment="CellularRouting" distance=1 gateway=3.3.3.3 routing-mark=4Cell distance=1
add des=0.0.0.0/0 check-gateway=ping comment="Comcast Static" distance=1 gateway=2.2.2.2
add des=0.0.0.0/0 comment="Cellular" distance=2 gateway=3.3.3.3

Mangling rule........ fixed..........
/ip firewall mangle
add chain=prerouting comment="cellular_traffic" in-interface=bridge-local connection-mark=no-mark \
action=mark-connection new-connection-mark=mark_cellular passthrough=yes
add chain= prerouting in-interface=bridge-local comment="cellular route mark" \
connection=mark=mark_cellular action=mark-routing new-routing-mark=4Cell passthrough=no

NOW....................................
You do not want to rely on the ISP gateway for providing the indication of whats up or down as the ISP gateway can in some circumstances be flaky.

/ip route
des=0.0.0.0/0 gateway=75.75.75.75 distance=1
des=75.75.75.75 gateway=2.2.2.2 distance=1
des=0.0.0.0/0 gateway=8.8.4.4 distance=2
des=8.8.4.4 gateway=3.3.3.3 distance=2
des 0.0.0.0/0 gateway=3.3.3.3 routing-mark=4Cell distance=1
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
gotsprings
Forum Veteran
Forum Veteran
Topic Author
Posts: 778
Joined: Mon May 14, 2012 9:30 pm

Re: Using 2 Gateways/WANs/ISPs and Monitoring them

Mon Jun 18, 2018 12:51 am

Anav

It looks like the routes you put there are going to send all my traffic to DNS servers rather then the ISP gateway?
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain
 
sindy
Forum Guru
Forum Guru
Posts: 3945
Joined: Mon Dec 04, 2017 9:19 pm

Re: Using 2 Gateways/WANs/ISPs and Monitoring them

Tue Jun 19, 2018 3:55 pm

It looks like the routes you put there are going to send all my traffic to DNS servers rather then the ISP gateway?
That's called recursive next-hop search and this is the article explaining it.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 1743
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: Using 2 Gateways/WANs/ISPs and Monitoring them

Tue Jun 19, 2018 6:53 pm

 
gotsprings
Forum Veteran
Forum Veteran
Topic Author
Posts: 778
Joined: Mon May 14, 2012 9:30 pm

Re: Using 2 Gateways/WANs/ISPs and Monitoring them

Tue Jun 19, 2018 9:14 pm

I have looked at that a bunch of times...

I don't see where the routing mark gets applied.
/ip route
add dst-address=Host1 gateway=GW1 scope=10
add dst-address=Host2 gateway=GW2 scope=10
/ip route
add distance=1 gateway=Host1 routing-mark=ISP1 check-gateway=ping
add distance=2 gateway=Host2 routing-mark=ISP1 check-gateway=ping
/ip route
add distance=1 gateway=Host2 routing-mark=ISP2 check-gateway=ping
add distance=2 gateway=Host1 routing-mark=ISP2 check-gateway=ping
Did they forget to add the mangle component or something?
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain
 
sindy
Forum Guru
Forum Guru
Posts: 3945
Joined: Mon Dec 04, 2017 9:19 pm

Re: Using 2 Gateways/WANs/ISPs and Monitoring them

Tue Jun 19, 2018 9:29 pm

They've only mentioned the need for marking rules in the text, the configuration rules only deal with the recursive next-hop resolution.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
anav
Forum Guru
Forum Guru
Posts: 3114
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Using 2 Gateways/WANs/ISPs and Monitoring them

Wed Jun 20, 2018 12:47 am

Sindy is quite correct, I will give him 10 points for Gryffindor, and if you want to see it with an associated route mark with mangling, you simply need to look at the configuration I provided.

Sindy, besides being really cool, what is the advantage or disadvantage of recursive routing??
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
sindy
Forum Guru
Forum Guru
Posts: 3945
Joined: Mon Dec 04, 2017 9:19 pm

Re: Using 2 Gateways/WANs/ISPs and Monitoring them

Wed Jun 20, 2018 2:00 pm

I'm not an expert here, but BGP seems to need it to work at all.

With static routing, the use of recursive next-hop search is to check that not only the last mile link works but that you can also get somewhere further via that link. That's why you declare rock stable addresses like 8.8.8.8 as recursive gateways. So you physically send your packets to the MAC address of the gateway on the other end of the WAN link, but you determine whether the route can be used or not by pinging the rock stable address, assuming that if the ping fails, the reason is not a failure of the rock stable address but of something between you and that address. As even rocks can sometimes fall, using two rock stable addresses, each operated by another large name, per each link is considered even more reliable.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
gotsprings
Forum Veteran
Forum Veteran
Topic Author
Posts: 778
Joined: Mon May 14, 2012 9:30 pm

Re: Using 2 Gateways/WANs/ISPs and Monitoring them

Wed Jun 20, 2018 8:14 pm

The page sindy points to... scopes needing to be changed from 30 to 10 made it work.

I had just finished making scripts that pinged some hosts then changed the primary to 3 and cleared the connections. Then when it got 5 pings again... Flipped 3 to 1 and cleared connections. I had to set address rules that dropped the traffic when an assigned IP couldn't use its ASSIGNED gateway. (Busy morning before sindy pointed to the page.)

The clearing connections makes things go a lot better whether I am using recursive or flipping gateways.
/ip firewall connection remove [find]
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain
 
gotsprings
Forum Veteran
Forum Veteran
Topic Author
Posts: 778
Joined: Mon May 14, 2012 9:30 pm

Re: Using 2 Gateways/WANs/ISPs and Monitoring them

Fri Jun 22, 2018 3:19 pm

Just to make it clear...

Currently using recursive method 2 from this page...
https://serman.maxdesk.com/user/viewarticle/9378

However...
"NB! You CANNOT test failover with continious #ping google.com from your PC - because when jumping from ISP1 to ISP2 the packet flow needs to be restarted. For testing just open different webpages OR check Interface traffic from MikroTik. Good idea is to watch Interface traffic on Mikrotik while you are doing speedtest on internet. "

/\/\/\/\/\ This part right here /\/\/\/\/\

If you clear connections using netwatch... you loose 1 ping on a continuous ping from google ROLLING BACK TO PRIMARY by clearing connections in the firewall.
If you disable an interface... it is instant.
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain
 
anav
Forum Guru
Forum Guru
Posts: 3114
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Using 2 Gateways/WANs/ISPs and Monitoring them

Fri Jun 22, 2018 4:03 pm

So you have to script the process of clearing connections in firewall?
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
gotsprings
Forum Veteran
Forum Veteran
Topic Author
Posts: 778
Joined: Mon May 14, 2012 9:30 pm

Re: Using 2 Gateways/WANs/ISPs and Monitoring them

Sat Jun 23, 2018 4:28 am

Yup
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain
 
anav
Forum Guru
Forum Guru
Posts: 3114
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Using 2 Gateways/WANs/ISPs and Monitoring them

Sat Jun 23, 2018 4:55 am

Hmm, can you script that for whenever the primary WANIP changes?
Like over to the failover IP and then back to the primary? Each time?
(would be useful to clear my VOIP stuck on old IP issues)
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
gotsprings
Forum Veteran
Forum Veteran
Topic Author
Posts: 778
Joined: Mon May 14, 2012 9:30 pm

Re: Using 2 Gateways/WANs/ISPs and Monitoring them

Sat Jun 23, 2018 12:52 pm

Even easier...
Set a static route to a host on your primary.
Write an output rule to drop the packet if it goes out any interface other than the primary.
Now make a netwatch to check that host.
Include in up or down the line to clear firewall connections.
Host is unreachable because it's down... Clear connections. This speeds up any connection being held open on the primary and makes it open a new one over the secondary.
When the host pings as up... Clear connections. This makes anything stuck on failover connection, make a new connection using the primary route.

Depending on how you have failover set...
You can flip the default gateway using that same netwatch.
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain
 
anav
Forum Guru
Forum Guru
Posts: 3114
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Using 2 Gateways/WANs/ISPs and Monitoring them

Sat Jun 23, 2018 6:59 pm

Ha, okay, no idea about setting a static route to a host on my network. I dont have any such hosts?
Also never used netwatch.
In another thread I am losing the bubble on mangling,
I recently found out my entire conception of how bridges work was shattered.
I seem to be getting less able to work on this unit every day. :-(
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
gotsprings
Forum Veteran
Forum Veteran
Topic Author
Posts: 778
Joined: Mon May 14, 2012 9:30 pm

Re: Using 2 Gateways/WANs/ISPs and Monitoring them

Sun Jun 24, 2018 4:09 am

I was brought in to "help" another company's "network guy" on a project.
He didn't know the difference between input, output, and forwarding.
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain

Who is online

Users browsing this forum: No registered users and 99 guests