Community discussions

MUM Europe 2020
 
antiqued4
just joined
Topic Author
Posts: 8
Joined: Mon Jan 13, 2020 1:50 pm

Questions about Cloud Mikrotik

Thu Jan 16, 2020 8:04 pm

Hello everyone, I would like to know if there is a way for mikrotik to force the cloud update before 1 minute, I closed connection of an array with branch office via VPN, they have 2 links to failover, if only one fall, mikrotik update the cloud to the new ip, so the system folder is less possible offline time. VPN l2tp with IPSEC connected via cloud mikrotik.
 
Zacharias
Forum Guru
Forum Guru
Posts: 1380
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: Questions about Cloud Mikrotik

Sun Jan 19, 2020 5:54 pm

Create a script and let it run with an interval of 30 seconds...
/ip cloud force-update
 
nescafe2002
Long time Member
Long time Member
Posts: 647
Joined: Tue Aug 11, 2015 12:46 pm
Location: Netherlands

Re: Questions about Cloud Mikrotik

Mon Jan 20, 2020 11:41 am

You may not be suprised if MT decides to ban you for that :)


The minimum update interval, no scripting required, is 60 seconds:

https://wiki.mikrotik.com/wiki/Manual:I ... Properties
ddns-update-interval (time, minimum 60 seconds; Default: none) If set DDNS will attempt to connect IP Cloud servers at the set interval. If set to none it will continue to internally check IP address update and connect to IP Cloud servers as needed. Useful if IP address used is not on the router itself and thus, cannot be checked as a value internal to the router.

Note that this is specifically useful if MT is behind another router. If MT is the outside router, you don't need this setting as the router will update it's cloud address within 60 seconds automatically.

But, updating DNS is one. There are a few things needed for failover:
- the current connection needs to be disconnected/timed out (dpd)
- the client dns entry and intermediate cache entries need to be expired
- the connection has to be re-established

In my experience, in plain ipsec peers with dynamic addresses scenario, failover using ip cloud is simply not working. MT will keep connecting to the old address long after expiry for several minutes and even hours (Ticket#2019062422004454).

Therefore, if you need a quick failover solution, don't (ab)use ip cloud, but rather set up two tunnels and load balance or policy route between them.
 
Zacharias
Forum Guru
Forum Guru
Posts: 1380
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: Questions about Cloud Mikrotik

Mon Jan 20, 2020 6:54 pm

You may not be suprised if MT decides to ban you for that :)
If thats the case then they could simply disallow values less than 60 seconds...
But maybe you are right... i cant be sure...

Who is online

Users browsing this forum: dalami and 55 guests