Hi all,
I have a CCR204 on which i would like to setup 2 ISPs (ISP A, ISP B) links for 2 groups (Office, Dev) at the office in the following manner:
The office group would mainly use the ISPA and fail over to the ISP B in case of failure and the Dev group would use mainly the ISB P and fail over on ISP A.
Using BGP I am able to collect a /29 IPv4 (possibility of a /28) and a /48 IPv6 . Is there a pssibility to share the IPs between 2 groups and the policy above using the CCR2004. Whil I can see it's possiblle to use PBR for IPv4 I don't see understand how to do it for IPv6 or if there is a way to do it. Any guidance/example is welcome :)
Re: need guidance to setup 2 groups of failover with 2 ISPs?
I was able to provide advice until you added the gobblity gook stuff at the bottom,
In general
where ISP_interface= etherport name, PPPOE-out name, or vlan name
/ip route
add distance=5 gateway=ISP1_interface check ping-gateway
add distance=5 gateway=ISP2_interface check ping-gateway
add distance=5 gateway=ISP1_interface route-mark=UseWan1
add distance=5 gateway=ISP2_interface route-mark=UseWan2
Route Rules
Where subnet identifier can be the source-address=subnet (192.168.X.0/24) OR is an interface= (vlanxx, etherX, bridge)
/ip route rule
add action=lookup-in-table \
subnet identifier table=UseWan1
add action=lookup-in-table \
subnet identifier table=UseWan2
OR (my prerference!)
/ip route
add distance=5 gateway=ISP1_interface check ping-gateway
add distance=10 gateway=ISP2_interface check ping-gateway
add distance=10 gateway=ISP2_interface route-mark=UseWan2
Route Rules
/ip route rule
add action=lookup-in-table \
subnet identifier table=UseWan2
The two approaches are similar but in the first one both routes are equal distance so its not clear which the router will pick for use if the main table is being used.
Therefore, one needs two route rules to ensure lan1 traffic goes to wan1 and lan2 traffic goes to wan2.
If either route becomes unavailable, the router will look for an available route in the main table for the lan without, and will provide the other ISPs routing.
When the route comes back online, reachable the ping check, the router will then set the traffic back according to the route rules.
The second approach assumes that ISP1 is the primary route in the main table and all traffic will be directed to it.
Thus we need a route rule to ensure LAN2 traffic goes to ISP2.
If ISP2 goes offline, then the router will look at the main table and direct LAN2 to ISP1 as expected.
If ISP1 goes offline, then the router will simply switch from ISP1 on the main table to ISP2 on the main table, until ISP1 comes back on line.
I would say method 2 is more efficient in that regard.
In general
where ISP_interface= etherport name, PPPOE-out name, or vlan name
/ip route
add distance=5 gateway=ISP1_interface check ping-gateway
add distance=5 gateway=ISP2_interface check ping-gateway
add distance=5 gateway=ISP1_interface route-mark=UseWan1
add distance=5 gateway=ISP2_interface route-mark=UseWan2
Route Rules
Where subnet identifier can be the source-address=subnet (192.168.X.0/24) OR is an interface= (vlanxx, etherX, bridge)
/ip route rule
add action=lookup-in-table \
subnet identifier table=UseWan1
add action=lookup-in-table \
subnet identifier table=UseWan2
OR (my prerference!)
/ip route
add distance=5 gateway=ISP1_interface check ping-gateway
add distance=10 gateway=ISP2_interface check ping-gateway
add distance=10 gateway=ISP2_interface route-mark=UseWan2
Route Rules
/ip route rule
add action=lookup-in-table \
subnet identifier table=UseWan2
The two approaches are similar but in the first one both routes are equal distance so its not clear which the router will pick for use if the main table is being used.
Therefore, one needs two route rules to ensure lan1 traffic goes to wan1 and lan2 traffic goes to wan2.
If either route becomes unavailable, the router will look for an available route in the main table for the lan without, and will provide the other ISPs routing.
When the route comes back online, reachable the ping check, the router will then set the traffic back according to the route rules.
The second approach assumes that ISP1 is the primary route in the main table and all traffic will be directed to it.
Thus we need a route rule to ensure LAN2 traffic goes to ISP2.
If ISP2 goes offline, then the router will look at the main table and direct LAN2 to ISP1 as expected.
If ISP1 goes offline, then the router will simply switch from ISP1 on the main table to ISP2 on the main table, until ISP1 comes back on line.
I would say method 2 is more efficient in that regard.
Last edited by anav on Sat Jun 12, 2021 4:11 pm, edited 1 time in total.
Re: need guidance to setup 2 groups of failover with 2 ISPs?
"gobblity gook" ? :)I was able to provide advice until you added the gobblity gook stuff at the bottom,
In general
where ISP_interface= etherport name, PPPOE-out name, or vlan name
/ip route
add distance=5 gateway=ISP1_interface check ping-gateway
add distance=5 gateway=ISP2_interface check ping-gateway
add distance=5 gateway=ISP1_interface route-mark=UseWan1
add distance=5 gateway=ISP2_interface route-mark=UseWan2
Route Rules
Where subnet identifier can be the source-address=subnet (192.168.X.0/24) OR is an interface= (vlanxx, etherX, bridge)
/ip route rule
add action=lookup-in-table interface=ISP1_interface \
subnet identifier table=UseWan1
add action=lookup-in-table interface=ISP2_interface \
subnet identifier table=UseWan2
OR (my prerference!)
/ip route
add distance=5 gateway=ISP1_interface check ping-gateway
add distance=10 gateway=ISP2_interface check ping-gateway
add distance=10 gateway=ISP2_interface route-mark=UseWan2
Route Rules
/ip route rule
add action=lookup-in-table interface=ISP2_interface \
subnet identifier table=UseWan2
The two approaches are similar but in the first one both routes are equal distance so its not clear which the router will pick for use if the main table is being used.
Therefore, one needs two route rules to ensure lan1 traffic goes to wan1 and lan2 traffic goes to wan2.
If either route becomes unavailable, the router will look for an available route in the main table for the lan without, and will provide the other ISPs routing.
When the route comes back online, reachable the ping check, the router will then set the traffic back according to the route rules.
The second approach assumes that ISP1 is the primary route in the main table and all traffic will be directed to it.
Thus we need a route rule to ensure LAN2 traffic goes to ISP2.
If ISP2 goes offline, then the router will look at the main table and direct LAN2 to ISP1 as expected.
If ISP1 goes offline, then the router will simply switch from ISP1 on the main table to ISP2 on the main table, until ISP1 comes back on line.
I would say method 2 is more efficient in that regard.
Thanks for the example I will look at it to make it works at least foor IPv4
Re: need guidance to setup 2 groups of failover with 2 ISPs?
gobblity gook means BGP discussion is over my head LOL too complex............
I am just a simple man who grew up using a rotary dial telephone ;-)
I am just a simple man who grew up using a rotary dial telephone ;-)
Re: need guidance to setup 2 groups of failover with 2 ISPs?
:) I see. Nice expression :)gobblity gook means BGP discussion is over my head LOL too complex............
I am just a simple man who grew up using a rotary dial telephone ;-)
Re: need guidance to setup 2 groups of failover with 2 ISPs?
I amended my route rules, interface entries removed, subnet identifier was accurate and needed..