Dual WAN failover

TimothyKoval · Wed Mar 02, 2022 12:01 am

I've been fiddling with RouterOS' dual WAN failover, and I've found it somewhat hard to implement (fiy - I'm not an expert in networking). Whatever solution I've found was either too complex or didn't work at all. I've thought of a solution with simple routing distance changes, without any recursive lookups and such, and I came up with a solution:

Let's say I've got two WAN ports (ether1 and ether2), first one is main WAN port, second is for backup. The thing is I don't want (or rather can't have) load balancing between two networks, so I'm forcing 8.8.8.8 to go through ether1, remaining traffic to go throught ether1 (higher distance) and ether2 just sits there and waits (accepting incoming traffic).

/ip route
add comment=CHECK disabled=no distance=1 dst-address=8.8.8.8/32 gateway=192.168.1.1
add comment=MAIN disabled=no distance=2 dst-address=0.0.0.0/0 gateway=192.168.1.1
add comment=BACKUP disabled=no distance=3 dst-address=0.0.0.0/0 gateway=192.168.9.1

If I need to use DHCP, I add dhcp-client config to appropriate interfaces. I disable adding default route (it would mess up config above) and I add a little script to update gateways in routing tables (in case gateway changes)

/ip dhcp-client
add add-default-route=no comment=defconf interface=ether1 script="/ip route set [find comment=\"CHECK\"] gateway=([/ip dhcp-client get [find interface\
    =ether1]]->\"gateway\")\r\
    \n/ip route set [find comment=\"MAIN\"] gateway=([/ip dhcp-client get [find interface=ether1]]->\"gateway\")"
add add-default-route=no comment=defconf interface=ether2 script=\
    "/ip route set [find comment=\"BACKUP\"] gateway=([/ip dhcp-client get [find interface=ether2]]->\"gateway\")"

Then I'm using a single script run with a scheduler to ping 8.8.8.8 via CHECK route (distance 1, gateway same as MAIN). If it fails after 5 attempts I increase distance of MAIN route, so all remaining traffic goes through BACKUP route (ether2).

/system script
add dont-require-permissions=no name=wan_failover owner=admin policy=read,write,policy,test source="#SCRIPT SOURCE BELOW FOR BETTER READABILLITY"

Script's source

:local PingFailTreshold 5
:global PingFailCount
:if ([:typeof $PingFailCount] = "nothing") do={:set $PingFailCount 0}

:local PingResult
:set $PingResult [:typeof ([/tool/ping address=8.8.8.8 count=1 interval=1 as-value]->"status")]
:if ($PingResult = "nothing") do={
	:if ($PingFailCount > 0) do={
		:if ($PingFailCount >= ($PingFailTreshold -1)) do={
			/log/error "WAN on ether1 is UP, adjusting routes"
			/ip/route/set [find comment="MAIN"] distance=2
		}
		:set $PingFailCount 0
	}
} else={
	:set $PingFailCount ($PingFailCount + 1)
	:if ($PingFailCount = ($PingFailTreshold -1)) do={
		/log/error "WAN on ether1 is DOWN, adjusting routes"
		/ip/route/set [find comment="MAIN"] distance=10
	}
}

Scheduler triggers script execution

/system scheduler
add interval=5s name=wan_failover on-event=wan_failover policy=read,write,policy,test start-time=startup

The downside is I'm unable to use 8.8.8.8 for DNS if my primary WAN fails, but that's not a real issue for me, and I can always change it to some other IP.

So, please tell me, am I crazy, or is this REALLY SIMPLE solution actually works?

s3uz · Fri Aug 12, 2022 2:10 am

Thank you! Finally working solution!

tomislav91 · Sun Sep 18, 2022 1:15 am

what happend when you just plug out cable from isp modem? Then you will see gateway from MikroTik but there will be no internet access.
Check it, and let us with results. I have problems with my script for failover in that kind of cases.

TimothyKoval · Sun May 26, 2024 11:14 am

what happend when you just plug out cable from isp modem? Then you will see gateway from MikroTik but there will be no internet access.
Check it, and let us with results. I have problems with my script for failover in that kind of cases.

You're checking 8.8.8.8 (or any other given address), not Your gateway

Dual WAN failover

Dual WAN failover

Re: Dual WAN failover

Re: Dual WAN failover

Re: Dual WAN failover

Who is online