Community discussions

MikroTik App
 
User avatar
shalak
newbie
Topic Author
Posts: 45
Joined: Sat Aug 24, 2019 11:47 am

Failover (WAN Backup) tutorial - trying to understand

Tue Feb 14, 2023 3:55 am

I'm following the official guide to setup the Failover using recursive routes.

I get the general flow of what's happening, however I hope someone can fill two blanks for me:

- First thing - about the recursive routes themselves, are defined as following in the official tutorial:
# Now configure routes that will be resolved recursively, so they will only be active when they are reachable with ping:
/ip/route/
add distance=1 gateway=8.8.8.8 routing-table=to_ISP1 target-scope=11 check-gateway=ping
add distance=2 gateway=8.8.4.4 routing-table=to_ISP1 target-scope=11 check-gateway=ping

# Configure similar recursive routes for the second gateway:
/ip/route/
add distance=1 gateway=8.8.4.4 routing-table=to_ISP2 target-scope=11 check-gateway=ping
add distance=2 gateway=8.8.8.8 routing-table=to_ISP2 target-scope=11 check-gateway=ping
From what I see here, now we have two default gateways with distance 1 - 8.8.8.8 & 8.8.4.4 (and two other with distance 2 - 8.8.4.4 & 8.8.8.8 ) - why don't we end up with ECMP (Equal-cost multi-path routing)? Also, why do we even set 4 default gateways? The Network Berg's tutorial contains only 2 (one for primary, with distance=1, another for backup, with distance=2) (my suspicion is, that we do this, so we can still reach 8.8.8.8 on backup and 8.8.4.4 on primary, do I understand this correctly?)

- Second thing - why do we need mangling and routing tables? Everything seems to work without them. The Network Berg's tutorial didn't include them as well.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 21249
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Failover (WAN Backup) tutorial - trying to understand

Tue Feb 14, 2023 4:01 am

 
User avatar
shalak
newbie
Topic Author
Posts: 45
Joined: Sat Aug 24, 2019 11:47 am

Re: Failover (WAN Backup) tutorial - trying to understand

Tue Feb 14, 2023 5:26 am

Thank you for the link. Unfortunately, that topic doesn't answer my questions. And it's also filled with mixed-information with ROS6 & ROS7, some of those are outdated etc.

I did find another topic: viewtopic.php?t=190308 - over there, the author had a problem with the setup from official tutorial, and just went with the approach taken by The Network Berg. And it solved their issue. Is the official tutorial broken with ROS7?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 21249
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Failover (WAN Backup) tutorial - trying to understand

Tue Feb 14, 2023 12:25 pm

Try starting reading at para I.

viewtopic.php?t=182373
 
User avatar
shalak
newbie
Topic Author
Posts: 45
Joined: Sat Aug 24, 2019 11:47 am

Re: Failover (WAN Backup) tutorial - trying to understand

Tue Feb 14, 2023 1:47 pm

Try starting reading at para I.

viewtopic.php?t=182373

Thank you! This is a really great source of knowledge! And it confirms my suspicion - all the solutions you posted there, including the ones described in the official tutorial (the "DUAL WAN - RECURSIVE" and the "USING TWO RECURSIVES - NESTED" approaches) use only one default gateway per ISP. They are quite clear to me (I'm using the NESTED one currently).

Also, unlike the official ones, those you mention don't utilize mangling, nor the routing tables. Should I consider the official tutorial broken, or is there something I'm missing here?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 21249
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Failover (WAN Backup) tutorial - trying to understand

Tue Feb 14, 2023 2:50 pm

Use what works, the documentation is generic and is not supposed to solve everyones personal setups.
I use the documentation to understand what commands are typically available and used and then forum experts to guide me through a config attempt.
The key is to show you are trying to do this on your own and ask for help when you get stuck............

As for the other concern......... Why would I use two gateways per ISP???
I dont understand the use case so you have to explain what your scenario is, in greater detail to get assistance.

Do you mean your provider gives you two separate WAN connections on two separate gateways............... in other words no clue what you mean??
 
Sob
Forum Guru
Forum Guru
Posts: 9188
Joined: Mon Apr 20, 2009 9:11 pm

Re: Failover (WAN Backup) tutorial - trying to understand

Tue Feb 14, 2023 2:54 pm

I didn't study it in detail, but @anav's examples seem to be simple fixed-role primary/backup. So ISP1 is always primary and ISP2 is used only when ISP1 fails. One routing table is enough for that. Multiple routing tables would be needed if you'd want to have group of devices using ISP1 and ISP2 as backup, and another group of devices using ISP2 and ISP1 as backup. Also incoming traffic (forwarded ports) that uses not only primary ISP needs more than one routing table.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 21249
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Failover (WAN Backup) tutorial - trying to understand

Tue Feb 14, 2023 3:00 pm

@Sob Concur, but your post is annoying, stop injecting requirements that were not expressed by the USER.
He never said he has two lans that need to go to WAN1 and two other lans that need to go to WAN2, nor did he say how fail over should work for those groupings if either wan1 or wan2 was not available. Nor was there any requirements detailed for port forwarding......

We can ducking come up with a gazillion scenarios, but I have no appetite for such a game.
Good luck Sob , Im outta this thread........
 
Sob
Forum Guru
Forum Guru
Posts: 9188
Joined: Mon Apr 20, 2009 9:11 pm

Re: Failover (WAN Backup) tutorial - trying to understand

Tue Feb 14, 2023 3:08 pm

Says the king of hijackers. ;) Mine was just a quick note that no, official tutorial with multiple routing tables is not necessarily broken.
 
User avatar
broderick
Member Candidate
Member Candidate
Posts: 286
Joined: Mon Nov 30, 2020 7:44 pm

Re: Failover (WAN Backup) tutorial - trying to understand

Tue Feb 14, 2023 4:54 pm

... Also, unlike the official ones, those you mention don't utilize mangling, nor the routing tables. Should I consider the official tutorial broken, or is there something I'm missing here?
Hi,
I watched this video about recursive failover:
https://www.youtube.com/watch?v=eTmpBAAW_pQ

which led me to set up failover for ROS V7 pretty much in a similar way:
/ip route
add comment="VIA WAN1" disabled=no distance=1 dst-address=1.0.0.1/32 gateway=192.168.122.1 pref-src="" routing-table=main scope=10 suppress-hw-offload=no target-scope=\
    10
add comment="VIA WAN2" disabled=no distance=1 dst-address=9.9.9.9/32 gateway=192.168.9.1 pref-src="" routing-table=main scope=10 suppress-hw-offload=no target-scope=10
add check-gateway=ping comment="default router" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=1.0.0.1 pref-src="" routing-table=main scope=30 \
    suppress-hw-offload=no target-scope=11
add check-gateway=ping comment=backup disabled=no distance=2 dst-address=0.0.0.0/0 gateway=9.9.9.9 pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
    target-scope=11

Please, don't pay to much attention to the IPs I used since I set it up in a virtual environment to give it a go ( my physical Mikrotik device still runs ROS v6 in my real home LAN).
Everything seems to be working as expected, so if you don't like tinkering with mangle, you could use this approach and call it a day.
 
User avatar
shalak
newbie
Topic Author
Posts: 45
Joined: Sat Aug 24, 2019 11:47 am

Re: Failover (WAN Backup) tutorial - trying to understand

Tue Feb 14, 2023 5:39 pm

As for the other concern......... Why would I use two gateways per ISP???
I wouldn't! I was just trying to understand the underlying logic behind the official tutorial.

I've already set mine configuration as following:
/ip/route
add dst-address=8.8.8.8 gateway=pppoe-out1 scope=10
add dst-address=208.67.222.222 gateway=pppoe-out1 scope=10
add dst-address=8.8.4.4 gateway=lte1 scope=10
add dst-address=208.67.220.220 gateway=lte1 scope=10

/ip/route
add dst-address=10.111.111.111 gateway=8.8.8.8 scope=10 target-scope=11 check-gateway=ping
add dst-address=10.111.111.111 gateway=208.67.222.222 scope=10 target-scope=11 check-gateway=ping
add dst-address=10.222.222.222 gateway=8.8.4.4 scope=10 target-scope=11 check-gateway=ping
add dst-address=10.222.222.222 gateway=208.67.220.220 scope=10 target-scope=11 check-gateway=ping

/ip/route
add distance=1 gateway=10.111.111.111 target-scope=12
add distance=2 gateway=10.222.222.222 target-scope=12
I also disabled the dynamic gateways on pppoe & lte interfaces. It works like a charm.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 21249
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Failover (WAN Backup) tutorial - trying to understand

Tue Feb 14, 2023 6:55 pm

Logically speaking I would not rely on pairs of DNS services from the SAME sources. Not saying im right but just a thought!!
If on my primary WAN cannot get through to DNS 8.8.8.8, Is it because my ISP or the DNS server, (that also runs 8.8.4.4...........) is not working.

Hence,. the config goes then to opendns and that doesnt work, then we abandon ISP1 and go to ISP2 and check what........ THE SAME sources,

suggesting:
source1: 1.1.1.1
source2: 8.8.8.8
source3: 208.67.222.222
source4: 9.9.9.9


What I want to understand is the use cases.................
Are WAN1 and WAN2 used at the same time?
How do you decide which users/subnets go out which WAN
What happens when one WAN fails.........

I do not see a preference for any WAN or any fail over setups........
 
User avatar
shalak
newbie
Topic Author
Posts: 45
Joined: Sat Aug 24, 2019 11:47 am

Re: Failover (WAN Backup) tutorial - trying to understand

Wed Feb 15, 2023 2:11 am

Logically speaking I would not rely on pairs of DNS services from the SAME sources.

Well, I'm considering 8.8.8.8 and 8.8.4.4 to be different sources. I rely on google keeping those two completely separated. But you're right, I'll consider reworking the setup into 4 different providers.

Are WAN1 and WAN2 used at the same time?

They are not.

How do you decide which users/subnets go out which WAN
What happens when one WAN fails.........
I do not see a preference for any WAN or any fail over setups........

pppoe-out1 is the main WAN, to be used almost always, and lte1 is the backup. I've set up different distances for them (pppoe is 1, lte is 2). That's the failover.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 21249
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Failover (WAN Backup) tutorial - trying to understand

Wed Feb 15, 2023 3:20 am

Got it, makes sense! Your config looks good.
 
User avatar
raphaps
just joined
Posts: 23
Joined: Fri Feb 03, 2023 12:29 am
Location: Brasil
Contact:

Re: Failover (WAN Backup) tutorial - trying to understand

Thu Feb 23, 2023 5:29 am

I am still a little confused about RouterOS v7 and have some doubts. In this case, I couldn't understand why virtual jumps are used in this configuration. I have a similar situation, which is two links, with WAN 01 as the primary and WAN 02 only functioning as a backup, and everything works fine. But I see many people using these virtual jumps like 10.111.111.111 and 10.222.222.222 in the example, so I'm unsure if I'm doing something wrong here. My configuration works fine, but is there something wrong with it?

/ip/route
add comment="Check WAN01" dst-address=8.8.4.4/32 gateway=192.168.5.254 scope=10 target-scope=10
add comment="Check WAN01" dst-address=1.1.1.1/32 gateway=192.168.5.254 scope=10 target-scope=10

/ip/route
add check-gateway=ping comment="WAN 01" distance=1 gateway=8.8.4.4 scope=30 target-scope=11
add check-gateway=ping comment="WAN 01" distance=2 gateway=1.1.1.1 scope=30 target-scope=11
add comment="WAN 02" distance=3 gateway=192.168.1.1 scope=30 target-scope=10

I do not configure recursive route for WAN02, as it is the last route. If WAN01 and WAN02 go down, there will be no other WAN route available. If WAN01 comes back online, it will become the default route.
Last edited by raphaps on Thu Feb 23, 2023 7:47 am, edited 1 time in total.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 21249
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Failover (WAN Backup) tutorial - trying to understand

Thu Feb 23, 2023 7:34 pm

What you are calling jumps is NESTED recursive vice just flat recursive. Not something to lose sleep over. Stick with what you are comfortable understanding.
Your rules look fine, the TS of the further hop is greater by one of the TS of the resolved route, and the scope of the resolving route is equal to or less than the TS of the farther route.
Last edited by anav on Thu Feb 23, 2023 7:42 pm, edited 1 time in total.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 21249
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Failover (WAN Backup) tutorial - trying to understand

Thu Feb 23, 2023 7:37 pm

I didn't study it in detail, but @anav's examples seem to be simple fixed-role primary/backup. So ISP1 is always primary and ISP2 is used only when ISP1 fails. One routing table is enough for that. Multiple routing tables would be needed if you'd want to have group of devices using ISP1 and ISP2 as backup, and another group of devices using ISP2 and ISP1 as backup. Also incoming traffic (forwarded ports) that uses not only primary ISP needs more than one routing table.
I should have stated more clearly................

I typically set ISP1 as Primary and ISP2 as Secondary because of efficiency.
If everyone is going out ISP1, then I only need to direct one group out another WAN vice directing two groups out two WANs.
Every scenario is different in terms of what is optimal.
 
User avatar
raphaps
just joined
Posts: 23
Joined: Fri Feb 03, 2023 12:29 am
Location: Brasil
Contact:

Re: Failover (WAN Backup) tutorial - trying to understand

Thu Feb 23, 2023 9:37 pm

What you are calling jumps is NESTED recursive vice just flat recursive. Not something to lose sleep over. Stick with what you are comfortable understanding.
Your rules look fine, the TS of the further hop is greater by one of the TS of the resolved route, and the scope of the resolving route is equal to or less than the TS of the farther route.
I read your topic "New User Pathway To Config Success" and now I understand what NESTED would be. Thanks a lot for the help.

Who is online

Users browsing this forum: Bing [Bot], Google [Bot], lurker888, Renfrew and 48 guests