Community discussions

MikroTik App
 
atakacs
Member Candidate
Member Candidate
Topic Author
Posts: 121
Joined: Mon Mar 07, 2016 5:39 pm

Internet failover bast practice

Sun Jan 16, 2022 6:40 pm

I have two ISP delivering internet to my site and and have their respective links connected to ETH1 and ETH2 of my router.

What is the "best" way to have automatic switchover between the two WAN (say based on a ping of a "known good host") ?
 
Zacharias
Forum Guru
Forum Guru
Posts: 3459
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: Internet failover bast practice

Sun Jan 16, 2022 6:54 pm

Have a look here viewtopic.php?t=157048
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Internet failover bast practice

Sun Jan 16, 2022 7:36 pm

Do you want to use them at the same time in a load balancing arrangement ??
Do you want to use them as primary and failover (both are live but only one is used primarily unless it is down - also one can use the secondary one for specific needs such as email)?

Need more detail on requirements and expectationss
 
atakacs
Member Candidate
Member Candidate
Topic Author
Posts: 121
Joined: Mon Mar 07, 2016 5:39 pm

Re: Internet failover bast practice

Sun Jan 16, 2022 10:33 pm

The second scenario
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Internet failover bast practice

Sun Jan 16, 2022 11:10 pm

dst-address=0.0.0.0/0 gwy=ISP1 distance=5 check-gateway=ping
dst-address=0.0.0.0/0 gwy=ISP2 distance=10

In this way all traffic will be sent over ISP1, if it goes down, traffic will be diverted to ISP2 until such time ISP1 is back online.
If you need some traffic to go out ISP2 all the time..........
Then, assuming VER7 firmware, you need a third route

First create a table using Winbox Terminal window CLI
/routing table add name=bypass-reason fib

/ip route
dst-address=0.0.0.0/0 gwy=ISP2 table=bypass-reason distance=10

A Route rule associated:
Src-address= specific IP or a subnet
OR
An interface
Action = Lookup-ONLY-IN-Table
Table=bypass-reason

Note: If you want the bypass to revert to the ISP1 connection, if WAN2 is down, then simply use ACTION:LOOKUP.
++++++++++++++++++++++++++++++++++

example......... we want to send one LAN subnet out wan 2 all the time............ 192.168.50.0/24 gaming subnet

Step1. - table creation
/routing table add name=bypass-gaming fib

Step2. - route creation
dst-address=0.0.0.0/0 gwy=WAN2 table=bypass-gaming distance=10

Step3. - route rule creation
Scr-address=192.168.50.0/24 ( or use interface=vlanXX, if subnet is a vlan also)
Action: Lookup
Table: bypass-gaming

note: I opted to send gaming subnet out WAN2 but in case WAN2 is not available they can still use WAN1.
If they are never allowed to use ISP1 then the action would be lookup-only-in-table.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

The next question you have to answer is do both your ISPs automatically come backup online when they get interrupted.
a. dynamic IPs change leases
b. power outages etc.

The way to test this is to have one ISP hooked up at a time. Hit the release, then the renew button on the IP DHCP CLient.
Do you have interne access back - check in IP DCHP Client under advanced properties that the gateway and IP address are updated and present.
This does not necessarily mean the entries in your IP routes have been updated!!!

-other methods to be sure of router IP behaviour.
Check by disabling the ethernet interface and then re-nabling it.
Pull power on the modem and then reapply after 30 seconds.
Reboot the router.
Remove power from the router and plug back in for 30 seconds......

If not able to access the internet afterwards,, then you need to add scripts to your IP DHCP Client settings.
For example on my dual wan scenario my straight plane jane cable modem connection always comes back automatically
My bell fibre ISP modem, using a vlan for internet, always repopulates the advanced settings so I see the new IP and gateway but doesnt populate by manually created IP routes.
Thus I use a script to ensure they are repopulated.

Final question or potential setup step..........
Most people use some sort of recursive routing after mastering the items above.
They do this because its possible that your link to ISP1 via their modem is up and running but from the ISP to the internet is down.
Recursive routing means you check INTERNET sites via your ISP to confirm an end to end connection.
Folks often use TWO different sites, like google for one and Open DNS for the other.
In that way, they quickly confirm with two known sites if truly ISP1 is down before switching to ISP2.
Now, there is no need to do recursive routing on the second ISP because there is no other backup, if its not working you have no alternative. Something people dont logically think through
and needlessly complicate their setup.

GLuck!!
Last edited by anav on Sun Jan 16, 2022 11:42 pm, edited 1 time in total.
 
Zacharias
Forum Guru
Forum Guru
Posts: 3459
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: Internet failover bast practice

Sun Jan 16, 2022 11:35 pm

@anav what's the point of using different distances for routes that are using different routing Tables ?
This route dst-address=0.0.0.0/0 gwy=ISP2 distance=10 , as well as this dst-address=0.0.0.0/0 gwy=ISP2 table=bypass-reason distance=20, could both have distance 10 since they share no common Tables, one uses Table=main and the other the Table=bypass-reason, so unless i miss anything obvious it should work just fine...
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Internet failover bast practice

Sun Jan 16, 2022 11:40 pm

Probably no good reason Zach, other than I like to ensure separation of routes due to my lack of knowledge of how exactly route decisions are taken.
I expected that there are 3 billion MT employees going out with measuring tapes and measuring all the actual distances over pipelines and wires to ensure things are running smoothly ;-)

Concur, probably best practice to keep all routes associated with an ISP the same................ in this type of scenario... Adjusted accordingly.\

I noticed that I have an email bypass on my router
add comment=Email_bypass distance=1 dst-address=ISP2 email IP address gateway=ISP1 gwy IP

which basically means that if anyone checks their email (outlook etc) with the ISP email accounts, it avoids ISP1. In this case distance makes sense.
 
atakacs
Member Candidate
Member Candidate
Topic Author
Posts: 121
Joined: Mon Mar 07, 2016 5:39 pm

Re: Internet failover bast practice

Tue Jan 18, 2022 11:28 am

Thanks - most instructive for the newbee that I am

Who is online

Users browsing this forum: BartoszP and 39 guests