Scribd Logo
Upload

Welcome to Scribd!

  • Advanced Routing Failover Without Scripting: Basic Setup

    Uploaded by

    Guy Zebaze
    4 views4 pages

    Original Title

    Advanced-Routing-Failover-without-Scripting

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    4 views4 pages

    Advanced Routing Failover Without Scripting: Basic Setup

    Uploaded by

    Guy Zebaze

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    Advanced Routing Failover without Scripting 1

    Advanced Routing Failover without Scripting


    Applies to RouterOS: v3, v4, v5

    Introduction
    Let us suppose that we have several WAN links, and we want to monitor, whether the Internet is accessible through
    each of them. The problem can be everywhere.
    If your VPN cannot connect - then there's no problem, your default route with gateway=that-vpn-connection will
    be inactive.
    If your ADSL modem is down - then check-gateway=ping is on stage, and no problem again.
    But what if your modem is up, and telephone line is down? Or one of your ISP has a problem inside it, so traceroute
    shows only a few hops - and then stops...
    Some people use NetWatch tool to monitor remote locations. Others use scripts to periodically ping remote hosts.
    And then disable routes or in some other way change the behaviour of routing.
    But RouterOS facilities allow us to use only /ip routes to do such checking - no scripting and netwatch at all!

    Implementation

    Basic Setup
    Let's suppose that we have two uplinks: GW1, GW2. It can be addresses of ADSL modems (like 192.168.1.1 and
    192.168.2.1), or addresses of PPP interfaces (like pppoe-out1 and pptp-out1). Then, we have some policy routing
    rules, so all outgoing traffic is marked with ISP1 (which goes to GW1) and ISP2 (which goes to GW2) marks. And
    we want to monitor Host1 via GW1, and Host2 via GW2 - those may be some popular Internet websites, like
    Google, Yahoo, etc.
    First, create routes to those hosts via corresponding gateways:

    /ip route
    add dst-address=Host1 gateway=GW1 scope=10
    add dst-address=Host2 gateway=GW2 scope=10

    Now we create rules for ISP1 routing mark (one for main gateway, and another one for failover):

    /ip route
    add distance=1 gateway=Host1 routing-mark=ISP1 check-gateway=ping
    add distance=2 gateway=Host2 routing-mark=ISP1 check-gateway=ping

    Those routes will be resolved recursively (see Manual:IP/Route#Nexthop_lookup), and will be active only if HostN
    is pingable.
    Then the same rules for ISP2 mark:

    /ip route
    add distance=1 gateway=Host2 routing-mark=ISP2 check-gateway=ping
    Advanced Routing Failover without Scripting 2

    add distance=2 gateway=Host1 routing-mark=ISP2 check-gateway=ping

    Multiple host checking per Uplink


    If Host1 or Host2 in #Basic Setup fails, corresponding link is considered failed too. For redundancy, we may use
    several hosts per uplink: let's monitor Host1A and Host1B via GW1, and Host2A and Host2B via GW2. Also, we'll
    use double recursive lookup, so that there were fewer places where HostN is mentioned.
    As earlier, first we need routes to our checking hosts:

    /ip route
    add dst-address=Host1A gateway=GW1 scope=10
    add dst-address=Host1B gateway=GW1 scope=10
    add dst-address=Host2A gateway=GW2 scope=10
    add dst-address=Host2B gateway=GW2 scope=10

    Then, let's create destinations to "virtual" hops to use in further routes. I'm using 10.1.1.1 and 10.2.2.2 as an
    example:

    /ip route
    add dst-address=10.1.1.1 gateway=Host1A scope=10 target-scope=10 check-gateway=ping
    add dst-address=10.1.1.1 gateway=Host1B scope=10 target-scope=10 check-gateway=ping
    add dst-address=10.2.2.2 gateway=Host2A scope=10 target-scope=10 check-gateway=ping
    add dst-address=10.2.2.2 gateway=Host2B scope=10 target-scope=10 check-gateway=ping

    And now we may add default routes for clients:

    /ip route
    add distance=1 gateway=10.1.1.1 routing-mark=ISP1
    add distance=2 gateway=10.2.2.2 routing-mark=ISP1
    add distance=1 gateway=10.2.2.2 routing-mark=ISP2
    add distance=2 gateway=10.1.1.1 routing-mark=ISP2

    Workaround 1
    In ROS versions at least up to 4.10 there's a bug, and if your ethernet interface goes down (for example, your directly
    connected ADSL modem is powered off) and then brings up, recursive routes are not recalculated (or something)
    and all traffic still goes via another uplink. As a workaround, additional rules for each HostN may be used. When
    adding them, all is recalculated correctly:

    /ip route
    add dst-address=Host1 type=blackhole distance=20
    add dst-address=Host2 type=blackhole distance=20
    Advanced Routing Failover without Scripting 3

    Thanks to
    • Valens Riyadi, on Poland MUM 2010 he mentioned casually that using of 'scope' attribute is possible for remote
    host checking for failover implementation
    • Martín (Ibersystems [1]) - he asked for a solution, and I invented what you see above =)
    • Robert Urban (treborr [2]) - he faced a problem mentioned in Workaround1, and we both solved it =)

    References
    [1] http:/ / forum. mikrotik. com/ memberlist. php?mode=viewprofile& u=5217
    [2] http:/ / forum. mikrotik. com/ memberlist. php?mode=viewprofile& u=40000
    Article Sources and Contributors 4

    Article Sources and Contributors


    Advanced Routing Failover without Scripting  Source: http://wiki.mikrotik.com/index.php?oldid=19792  Contributors: Chupaka

    Image Sources, Licenses and Contributors


    Image:Version.png  Source: http://wiki.mikrotik.com/index.php?title=File:Version.png  License: unknown  Contributors: Normis

    You might also like