Community discussions

MikroTik App
 
billybons2006
just joined
Topic Author
Posts: 21
Joined: Fri Jun 27, 2014 11:43 am

check-gateway=ping isnot works, but netwatch - works

Wed Jan 18, 2017 10:47 am

Hi! I try to use dual wan failover on RB951G-2HnD. Two ISP, static public IP. Evething ok.

Example is http://wiki.mikrotik.com/wiki/Advanced_ ... _Scripting.

When I unplug cable from mikrotik (1 on picture), route become unactive, failover works. I even thing that it is not failover, but just one of the 0.0.0.0/0 routes changes to down :) manually.
mikrotik-scheme.jpg
But when I unplug cable 2 - failover does not works.

While cable 2 unpluged I try to ping 208.67.222.222 (which must be pinged via ISP1 - it is setup by /ip route add dst-address=Host1A gateway=1.1.1.1 scope=10):
[admin@MikroTik] > ping 208.67.222.222
  SEQ HOST                                     SIZE TTL TIME  STATUS                                                                           
    0 208.67.222.222                                          timeout                                                                          
    1 1.1.1.2                                    84  64 643ms host unreachable                                                                 
    2 208.67.222.222                                          timeout                                                                          
    3 208.67.222.222                                          timeout                                                                          
    4 1.1.1.2                                    84  64 741ms host unreachable                                                                 
    5 208.67.222.222                                          timeout                                                                          
    6 208.67.222.222                                          timeout                                                                          
    7 1.1.1.2                                    84  64 843ms host unreachable	
    sent=8 received=0 packet-loss=100% 
So, timeout - answer to ping via ISP1 (1.1.1.1). This forces mikrotik to think, that this route via 1.1.1.1 is down.
Mikrotik try to ping 208.67.222.222 via other active route (2.2.2.1), but route to host 208.67.222.222 is only via 1.1.1.1. And cheme should works, as for me.

Why in this situation route via 1.1.1.1 is not marked as unreacheble?


After some experiments, I use Netwatch and action UP, DOWN, everything work.
Something like if 208.67.222.222 is down:
/ip route disablee [find comment="ISP1"]
/ip route enable [find comment="ISP2"]

But I very interested why isnt works example from http://wiki.mikrotik.com/wiki/Advanced_ ... _Scripting.

How to understand why rules like:
/ip route
add dst-address=1.1.1.1 gateway=208.67.222.222 scope=10 target-scope=10 check-gateway=ping
not works?

Or its works, but how to understand why route become active?

Idea of the scripts:
Google:
   Host1A: 8.8.8.8
   Host2A: 8.8.4.4
OpenDNS:
   Host1B: 208.67.222.222
   Host2B: 208.67.220.220

/ip route
add dst-address=8.8.8.8 gateway=1.1.1.1 scope=10
add dst-address=208.67.222.222 gateway=1.1.1.1 scope=10
add dst-address=8.8.4.4 gateway=2.2.2.1 scope=10
add dst-address=208.67.220.220 gateway=2.2.2.1 scope=10

add dst-address=1.1.1.1 gateway=8.8.8.8 scope=10 target-scope=10 check-gateway=ping
add dst-address=1.1.1.1 gateway=208.67.222.222 scope=10 target-scope=10 check-gateway=ping
add dst-address=2.2.2.1 gateway=8.8.4.4 scope=10 target-scope=10 check-gateway=ping
add dst-address=2.2.2.1 gateway=208.67.220.220 scope=10 target-scope=10 check-gateway=ping

add dst-address=0.0.0.0/0 gateway=1.1.1.1 distance=1
add dst-address=0.0.0.0/0 gateway=2.2.2.1 distance=2
You do not have the required permissions to view the files attached to this post.
 
User avatar
Caci99
Forum Guru
Forum Guru
Posts: 1076
Joined: Wed Feb 21, 2007 2:26 pm
Location: Tirane
Contact:

Re: check-gateway=ping isnot works, but netwatch - works

Wed Jan 18, 2017 8:02 pm

If the configuration is as you have posted, then it is wrong. The right one should be as follows
/ip route
add dst-address=8.8.8.8 gateway=1.1.1.1 scope=10 target-scope=10
add dst-address=0.0.0.0/0 gateway=8.8.8.8 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=2.2.2.1 distance=5
This way you create a recursive route which is checked by ping, and it will ping a live host on the internet (like 8.8.8.8 ). So when ping fails two times, it will switch to the second route which does have a greater distance. Once the host ( 8.8.8.8 ) is back alive, it will switch once more on the primary route.
This is how fail over works, unless you want something else.
 
billybons2006
just joined
Topic Author
Posts: 21
Joined: Fri Jun 27, 2014 11:43 am

Re: check-gateway=ping isnot works, but netwatch - works

Thu Jan 19, 2017 2:37 pm

So, this is not regular check by itself:
add dst-address=1.1.1.1 gateway=8.8.8.8 scope=10 target-scope=10 check-gateway=ping
but just route and by the way checking?
I mean, option "check-gateway=ping" only talks that if some packet goes through this route, router will do checking and if there are no answer, route mark unreacheble.
Right?
 
billybons2006
just joined
Topic Author
Posts: 21
Joined: Fri Jun 27, 2014 11:43 am

Re: check-gateway=ping isnot works, but netwatch - works

Thu Jan 19, 2017 3:37 pm

Why there are no such routes
add dst-address=0.0.0.0/0 gateway=8.8.8.8 distance=1 check-gateway=ping
in manual http://wiki.mikrotik.com/wiki/Advanced_ ... _Scripting ?
 
billybons2006
just joined
Topic Author
Posts: 21
Joined: Fri Jun 27, 2014 11:43 am

Re: check-gateway=ping isnot works, but netwatch - works

Thu Jan 19, 2017 5:04 pm

Anyway, thank you for answer. This time I switch off Netwatch and use as you told me.

If I want to encrease uplink test, can I use:
/ip route add dst-address=0.0.0.0/0 gateway=8.8.8.8 distance=1 check-gateway=ping
/ip route add dst-address=0.0.0.0/0 gateway=208.67.222.222 distance=2 check-gateway=ping
If 8.8.8.8 become down (unreal, but why not?), first default route become unaccessible,
but if it is not ISP fail, second default route via the same ISP will work. Yes?
 
User avatar
Caci99
Forum Guru
Forum Guru
Posts: 1076
Joined: Wed Feb 21, 2007 2:26 pm
Location: Tirane
Contact:

Re: check-gateway=ping isnot works, but netwatch - works

Thu Jan 19, 2017 8:10 pm

Keep it as I posted it.
By using 8.8.8.8 or any other live host (all the time accessible computer on the internet) as your gateway you are actually checking by ping this host and not the gateway of your ISP. This will solve the problem when connection to your ISP is working but connection to internet is not. Once ping finds out 8.8.8.8 is not reachable it will switch to the second route which has greater distance.
You can use 8.8.8.8 or 4.4.2.2 or 4.4.2.4 or whatever other host in the internet which is always on.
 
billybons2006
just joined
Topic Author
Posts: 21
Joined: Fri Jun 27, 2014 11:43 am

Re: check-gateway=ping isnot works, but netwatch - works

Fri Jan 20, 2017 11:12 am

Thank you very much for answers. Idea is clear, everything works.
 
serman
just joined
Posts: 5
Joined: Mon Jan 30, 2017 5:43 pm

Re: check-gateway=ping isnot works, but netwatch - works

Fri Mar 03, 2017 7:43 pm

I was wondering aroud with the problem for weeks and finally made progress with my dual wan setup.
I wrapped up tutorial for all the MikroTik users - https://serman.maxdesk.com/user/viewarticle/9378
In the tutorial there are several different dual wan situations and solutions to them.

Who is online

Users browsing this forum: kot2905 and 26 guests