Hey all,
FAO Developers
1- Can you please add Src-address in net watch.
2- Can you please add host ip in the route for check gateway ping.
Thanks
Parham
True but not easy if dynamic routes.Check gateway is what the name suggests, to check gateway.
That "recursive routing", Mikrotik has an example. But you'd just use the "host ip" you'd want check, instead of the 8.8.8.8 ones in the example.2- Can you please add host ip in the route for check gateway ping.
Remember to always use a host which is either under your control or has a defined policy w.r.t. pinging.That "recursive routing", Mikrotik has an example. But you'd just use the "host ip" you'd want check, instead of the 8.8.8.8 ones in the example.2- Can you please add host ip in the route for check gateway ping.
See https://help.mikrotik.com/docs/pages/vi ... d=26476608
Since those are DNS addresses it make it look like DNS is involved, but they use them in the example since they are always pingable. But basically the 8.8.8.8 is the "host ip in the route for check gateway" you're looking for. And if you have only one route, you don't need the firewall marking either.
I do wonder also why mikrotik doesnt provide us simpler gateway failover mechanism.Remember to always use a host which is either under your control or has a defined policy w.r.t. pinging.
That "recursive routing", Mikrotik has an example. But you'd just use the "host ip" you'd want check, instead of the 8.8.8.8 ones in the example.
See https://help.mikrotik.com/docs/pages/vi ... d=26476608
Since those are DNS addresses it make it look like DNS is involved, but they use them in the example since they are always pingable. But basically the 8.8.8.8 is the "host ip in the route for check gateway" you're looking for. And if you have only one route, you don't need the firewall marking either.
Otherwise, the admin of the host may at sometime get bored with all the pings, adjust the firewall so it no longer forwards those, and suddenly the ping replies stop and your network is in trouble.
I don't know if 8.8.8.8 has a policy that allows pinging it, but I think it offers DNS resolver service, not PING service, explicitly. So that may terminate at any moment.
Years ago we had a situation like that in the network of the ISP I used at work. I had all kinds of clever scripting to change from main ADSL line to backup ISDN line and at some time it switched to ISDN because "no more ping on the ADSL", then found no ping on ISDN either and shutdown the internet and sent an alert.
But all was fine, it was just the sysadmins that had enough of everyone pinging the router (they said it was inefficient and causing a load on their router) and disabled it.
And of course as a user, you have no guarantee that everything can be pinged. So be careful, especially when you have no monitoring.
I've been forced down the recursive routing method myself - it works - but confusing. So don't disagree, in theory "Detect Internet" under Interfaces does a lightweight version of that – but can't say I'd recommend that approach in most cases.I do wonder also why mikrotik doesnt provide us simpler gateway failover mechanism.
Remember to always use a host which is either under your control or has a defined policy w.r.t. pinging.
Otherwise, the admin of the host may at sometime get bored with all the pings, adjust the firewall so it no longer forwards those, and suddenly the ping replies stop and your network is in trouble.
I don't know if 8.8.8.8 has a policy that allows pinging it, but I think it offers DNS resolver service, not PING service, explicitly. So that may terminate at any moment.
Years ago we had a situation like that in the network of the ISP I used at work. I had all kinds of clever scripting to change from main ADSL line to backup ISDN line and at some time it switched to ISDN because "no more ping on the ADSL", then found no ping on ISDN either and shutdown the internet and sent an alert.
But all was fine, it was just the sysadmins that had enough of everyone pinging the router (they said it was inefficient and causing a load on their router) and disabled it.
And of course as a user, you have no guarantee that everything can be pinged. So be careful, especially when you have no monitoring.
They could just add option to ping one or more ip in failover and route ping thru the very same gateway automatically thats added in rule like for example.
Gateway:192.168.1.1
Check Gateway:ping external
1.1.1.1
9.9.9.9
8.8.8.8
All 3 not pingable thru this gateway? Then its down.
Exactly - pfSense has that functionallity and if I remember it was also in older RouterOS - easy in one step instead of over a dozen of commands....I do wonder also why mikrotik doesnt provide us simpler gateway failover mechanism.
Remember to always use a host which is either under your control or has a defined policy w.r.t. pinging.
Otherwise, the admin of the host may at sometime get bored with all the pings, adjust the firewall so it no longer forwards those, and suddenly the ping replies stop and your network is in trouble.
I don't know if 8.8.8.8 has a policy that allows pinging it, but I think it offers DNS resolver service, not PING service, explicitly. So that may terminate at any moment.
Years ago we had a situation like that in the network of the ISP I used at work. I had all kinds of clever scripting to change from main ADSL line to backup ISDN line and at some time it switched to ISDN because "no more ping on the ADSL", then found no ping on ISDN either and shutdown the internet and sent an alert.
But all was fine, it was just the sysadmins that had enough of everyone pinging the router (they said it was inefficient and causing a load on their router) and disabled it.
And of course as a user, you have no guarantee that everything can be pinged. So be careful, especially when you have no monitoring.
They could just add option to ping one or more ip in failover and route ping thru the very same gateway automatically thats added in rule like for example.
Gateway:192.168.1.1
Check Gateway:ping external
1.1.1.1
9.9.9.9
8.8.8.8
All 3 not pingable thru this gateway? Then its down.