MikroTik Failover Static Routes
MikroTik Failover Static Routes
Posted inHome Networking Routing Scripting Tutorials

The Ultimate MikroTik Internet Failover #1

With Static Gateways

There is a second instance of this solution here whereby we apply the same config and logic as in this article however with getting the default gateway routes dynamically instead of statically, as we have here.

The Ultimate MikroTik Internet Failover #2

Initial Config

The configuration for this topology is very simple, we have the following variants:

LAN

The LAN is Bridge with an IP and DHCP server running on it with a single client attached.

Interface: Bridge
Name: USER01
IP Address: 172.31.1.1/24

WAN1

WAN1 is a simple static IP assignment.

Interface: ether1
IP Address: 10.100.10.100/24
IP Assignment: Static

WAN2

WAN2 is a PPPOE client which is common with some ISPs. It gets it’s IP dynamically from the ISP NTU (PPPOE Server) however instead of getting it’s default route we have disabled this option and will be using static routes.

Interface: pppoe-client
IP Address: 100.64.7.2
IP Assignment: Dynamic (Add Default Route: No)

NAT

There are two separate NAT Masuerade rules for each outbound WAN interface

/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
add action=masquerade chain=srcnat out-interface=pppoe-client1

Routing

For this we will use 2 Static Default routes for both WAN1 and WAN2, with WAN1 having a distance of 1 and WAN2 having 2. This means WAN1 will be prioritised.

On each route we have added comments for each one:

  • WAN1: primary_route
  • WAN2: secondary_route

Now the last 2 routes are both pointing to 8.8.8.8 (Google DNS) with equal distances, each one using each of the WAN links. This is required for when the default routes are failed over, the primary interface can still test to the remote IP (8.8.8.8) when WAN2 is primary.

/ip route
add comment=primary_route disabled=no distance=1 dst-address=0.0.0.0/0 \
    gateway=10.101.10.1 routing-table=main scope=30 suppress-hw-offload=no \
    target-scope=10
add comment=secondary_route disabled=no distance=2 dst-address=0.0.0.0/0 \
    gateway=100.64.7.1 routing-table=main scope=30 suppress-hw-offload=no \
    target-scope=10
add disabled=no distance=1 dst-address=8.8.8.8/32 gateway=10.101.10.1 \
    routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add disabled=no distance=1 dst-address=8.8.8.8/32 gateway=100.64.7.1 \
    routing-table=main scope=30 suppress-hw-offload=no target-scope=10

Scripts

:local ipPing ("8.8.8.8")
:local interface ("ether1")

:local pingip [/ping $ipPing interface=$interface count=10]

:if ($pingip < 10) do={

:log info ("INET PRIMARY DOWN")

/ip route set distance=3 number=[find comment="primary_route"] 

sys scheduler enable sch_failed_over
tool netwatch disable inet_check

}
/system script
add dont-require-permissions=yes name=inet_check owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\
    local ipPing (\"8.8.8.8\")\r\
    \n:local interface (\"ether1\")\r\
    \n\r\
    \n:local pingip [/ping \$ipPing interface=\$interface count=10]\r\
    \n\r\
    \n:if (\$pingip < 10) do={\r\
    \n\r\
    \n:log info (\"INET PRIMARY DOWN\")\r\
    \n\r\
    \n/ip route set distance=3 number=[find comment=\"primary_route\"] \r\
    \n\r\
    \nsys scheduler enable sch_failed_over\r\
    \ntool netwatch disable inet_check\r\
    \n\r\
    \n}"
:local ipPing ("8.8.8.8")
:local interface ("ether1")

:local pingip [/ping $ipPing interface=$interface count=10]

:if ($pingip < 10) do={

:log info ("INET PRIMARY STILL DOWN")

} else={

:log info ("INET PRIMARY BACKUP")

/ip route set distance=1 number=[find comment="primary_route"] 

sys scheduler disable sch_failed_over
tool netwatch enable inet_check


}
add dont-require-permissions=yes name=inet_check_backup owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\
    local ipPing (\"8.8.8.8\")\r\
    \n:local interface (\"ether1\")\r\
    \n\r\
    \n:local pingip [/ping \$ipPing interface=\$interface count=10]\r\
    \n\r\
    \n:if (\$pingip < 10) do={\r\
    \n\r\
    \n:log info (\"INET PRIMARY STILL DOWN\")\r\
    \n\r\
    \n} else={\r\
    \n\r\
    \n:log info (\"INET PRIMARY BACKUP\")\r\
    \n\r\
    \n/ip route set distance=1 number=[find comment=\"primary_route\"] \r\
    \n\r\
    \nsys scheduler disable sch_failed_over\r\
    \ntool netwatch enable inet_check\r\
    \n\r\
    \n\r\
    \n}"

Netwatch

/tool netwatch
add disabled=no down-script=inet_check host=8.8.8.8 http-codes="" interval=\
    10s name=inet_check test-script="" type=simple up-script=""

Schedular

/system scheduler
add disabled=yes interval=10s name=sch_failed_over on-event=inet_check_backup \
    policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=2021-05-30 start-time=11:42:30

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *