Hi all,

I am planning to incorporate another ISP into my setup to cater to situations when the current ISP goes down. I work from home and have had a difficult time when my primary ISP has died for whatever reason.

My current setup is as follows.
I have the primary isp's modem in bridge mode. It is connected to ether1 of my Mikrotik RBD52G-5HacD2HnD router.
The router then is connected to a primary switch. Everything including the various access points through out my flat are connected to this switch. The router gives addresses to everything. I have a static IP address from the ISP.

Now, how do I add another gateway? Let us assume that it will be on ether4.
I suspect the first thing I will have to do is to remove ether4 from the lan list so that the dhcp server does not give any IP addresses on that port.
I will need to add a default route with a greater distance but I am not sure what to do if the new backup ISP gives me a dynamic address. I have asked them about setting their modem to bridge mode and they have said it is possible but I will not know until the installation people come.

I am pasting my current configuration below. I use the cli so what should I be doing? I am preparing in advance because I need to be ready to test things when the ISP's installation team comes.
Note:
Some IP addresses have been altered.

Now, how do I add another gateway? Let us assume that it will be on ether4.
I suspect the first thing I will have to do is to remove ether4 from the lan list so that the dhcp server does not give any IP addresses on that port.
I will need to add a default route with a greater distance but I am not sure what to do if the new backup ISP gives me a dynamic address. I have asked them about setting their modem to bridge mode and they have said it is possible but I will not know until the installation people come.

That's basically right. But you also need to remove ether4 from remove the bridge (/interface bridge port) to do that. To handle the DHCP, you need to just add an /ip/dhcp-client on ether4 and set the "default-route-distance=2" on the new dhcp-client. Plus adding ether4 as a WAN in /interface/list/members so the traffic get NAT'ed out.

There is the issue of how you detect failure on ether1 WAN... The most basic is to just set check-gateway=ping on the static /ip/route. But you can use recursive routes or netwatch if more fancy failure is desired.

Hi,
Many thanks for your pointers. I think I have enough to get things done. I thought if I set the distance of the backup gateway to say 2, then the mikrotik will automatically switch to it when the primary gateway is unavailable? I have read about some edge cases where this fails so I am open to ideas.

There are two possible "points of failure":
1) your local ISP modem/router
2) the ISP line/cable/server/whatever

A failover route (with higher distance) will only become effective if the one with a lower distance becomes inactive, but this will normally only happen if #1 above happens, i.e. the Mikrotik router detects no connection to the current gateway, but will do nothing if the modem/router cannot connect to the internet.

One would use a "recursive" route or a netwatch script to detect if a (usually very reliable) DNS server on the internet is woriking and act on that

Here is a simple failover setup (using a very simple netwatch script):
viewtopic.php?p=1102428
viewtopic.php?p=1102428#p1102129

Hi all,

I have applied the configurations as discussed and believe the new isp is online. I can at least see a new ip address from it.
However, my wi-fi network has gone offline so I have disconnected the new modem for now. I do not know what is happening and why this happened. Here are the commands I ran.
The wired lan interface is up.
/interface bridge port remove [find interface=ether2]
/ip dhcp-server network remove [find interface=ether2]
/ip dhcp-server remove [find interface=ether2]
/ip dhcp-client add interface=ether2 disabled=no distance=2

The only thing I can see in the log is
14:22:36 dhcp,warning defconf offering lease 192.168.88.15 for 08:7B:87:11:C8:D1 without success
There are a bunch of these entries. I do not know why they are coming and cannot determine this.

Maybe you need to reboot the router.
Right now ether2 is not up: The error:
14:22:36 dhcp,warning defconf offering lease 192.168.88.15 for 08:7B:87:11:C8:D1 without success
comes from the DHCP server.
In your new configuration you seemingly miss this (that was present in the previously posted config):

Hi,

I added the ip address as you suggested and rebooted the router and the wireless network is back.
Here is the revised configuration with everything active.
When I have created the dhcp client for the backup gateway, I have set the default-route-distance to 2.
However, when I see the dynamically assigned route, I see a distance of 0 for the new gateway.
[pranav@ConShield] /ip/route> print
Flags: D - DYNAMIC; A - ACTIVE; c - CONNECT, s - STATIC, d - DHCP
Columns: DST-ADDRESS, GATEWAY, DISTANCE
# DST-ADDRESS GATEWAY DISTANCE
0 As 0.0.0.0/0 122.176.152.1 1
D d 0.0.0.0/0 192.168.100.1 2
DAc 122.176.152.0/24 ether1 0
DAc 192.168.3.0/24 bridge 0
DAc 192.168.88.0/24 bridge 0
DAc 192.168.89.0/24 bridge 0
DAc 192.168.100.0/24 ether2 0

The distance is 0 for LAN/subnet specific routes, not the internet. So if 192.168.88.200 wants to talk to 192.168.100.100 etc etc, that what would use the distance=0 ones. These route are automatically created (thus the "D" in first column of print) by adding /ip/address (or IP address added dynamically by DHCP to /ip/address) and distance=0 is expected since there "connected routes" (which is the "c" in the first column of print)

When I have created the dhcp client for the backup gateway, I have set the default-route-distance to 2.
However, when I see the dynamically assigned route, I see a distance of 0 for the new gateway.

Not really, in your (working) config you have:
so dhcp client on ether1 is disabled and the default route distance for the one on ether2 is 2 alright.
In your route print you have only one route that is d (assigned by dhcp) and that is not active (because it has a higher distance of 2):
0 As 0.0.0.0/0 122.176.152.1 1
D d 0.0.0.0/0 192.168.100.1 2
DAc 122.176.152.0/24 ether1 0
DAc 192.168.3.0/24 bridge 0
DAc 192.168.88.0/24 bridge 0
DAc 192.168.89.0/24 bridge 0
DAc 192.168.100.0/24 ether2 0

So it looks fine to me.

Also, on the failover. As configured now, it will only use the 2nd WAN if the cable to 1st WAN is unplugged/gateway is turned off. Since it's a static route, it will use that regardless if packets arrive anywhere.

One easy improvement is to change your:
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=122.176.152.1
-to-
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=122.176.152.1 check-gateway=ping

This will at least ping the default gateway, 122.176.152.1, and if 3 pings fail, the route will be marked as invalid and not used. To check if internet is "up", it gets more complex and there are a few approaches, which is described in @jaclaz link above. But the check-gateway=ping is at least better and may be sufficient since often the gateway is on the other end of the last mile, which is likely where problems may occur.

Hi all,

many thanks. I have made the change by adding
add disabled=no dst-address=0.0.0.0/0 gateway=122.176.152.1 check-gateway=ping
and will test the change over early morning.

Usually when this ISP has been done, I have been unable to ping even the modem because it is in bridge mode and does not have an IP address.

Usually when this ISP has been done, I have been unable to ping even the modem because it is in bridge mode and does not have an IP address.

Yup, and then it should failover from the check-gateway=ping.

All more advanced approaches do get real complex, so if your ISP is bridge (and most are), the check-gateway=ping is often sufficient.

Hi all,

I have tested fail over and returning to the primary gateway. I switched of the modem of the primary gateway and the switch over went seamlessly. The same thing happened when I switched the modem of the primary gateway back on. Things resumed so this is done.

Now, I wish this forum had a mechanism to mark multiple messages as answers because there is no one answer to this thread. <smile

Thanks again everyone

Now, I wish this forum had a mechanism to mark multiple messages as answers because there is no one answer to this thread. <smile
Thanks again everyone

Well there is no control over the quality of the "hired help" in the forums, tis a journey... but we get you to your destination eventually.

@slimprize - You can mark your top post as "solved". I don't think anyone cares too much about who solves... there are new puzzles in forum everyday.

@anav - luck played a role too... since easiest case of failover is static IP as primary and DHCP as secondary, with the primary WAN gateway being bridged to CO/headend/DC/etc.