Dual WAN failover
Posted: Wed Mar 02, 2022 12:01 am
I've been fiddling with RouterOS' dual WAN failover, and I've found it somewhat hard to implement (fiy - I'm not an expert in networking). Whatever solution I've found was either too complex or didn't work at all. I've thought of a solution with simple routing distance changes, without any recursive lookups and such, and I came up with a solution:
Let's say I've got two WAN ports (ether1 and ether2), first one is main WAN port, second is for backup. The thing is I don't want (or rather can't have) load balancing between two networks, so I'm forcing 8.8.8.8 to go through ether1, remaining traffic to go throught ether1 (higher distance) and ether2 just sits there and waits (accepting incoming traffic).
If I need to use DHCP, I add dhcp-client config to appropriate interfaces. I disable adding default route (it would mess up config above) and I add a little script to update gateways in routing tables (in case gateway changes)
Then I'm using a single script run with a scheduler to ping 8.8.8.8 via CHECK route (distance 1, gateway same as MAIN). If it fails after 5 attempts I increase distance of MAIN route, so all remaining traffic goes through BACKUP route (ether2).
Script's source
Scheduler triggers script execution
The downside is I'm unable to use 8.8.8.8 for DNS if my primary WAN fails, but that's not a real issue for me, and I can always change it to some other IP.
So, please tell me, am I crazy, or is this REALLY SIMPLE solution actually works?
Let's say I've got two WAN ports (ether1 and ether2), first one is main WAN port, second is for backup. The thing is I don't want (or rather can't have) load balancing between two networks, so I'm forcing 8.8.8.8 to go through ether1, remaining traffic to go throught ether1 (higher distance) and ether2 just sits there and waits (accepting incoming traffic).
Code: Select all
/ip route
add comment=CHECK disabled=no distance=1 dst-address=8.8.8.8/32 gateway=192.168.1.1
add comment=MAIN disabled=no distance=2 dst-address=0.0.0.0/0 gateway=192.168.1.1
add comment=BACKUP disabled=no distance=3 dst-address=0.0.0.0/0 gateway=192.168.9.1Code: Select all
/ip dhcp-client
add add-default-route=no comment=defconf interface=ether1 script="/ip route set [find comment=\"CHECK\"] gateway=([/ip dhcp-client get [find interface\
=ether1]]->\"gateway\")\r\
\n/ip route set [find comment=\"MAIN\"] gateway=([/ip dhcp-client get [find interface=ether1]]->\"gateway\")"
add add-default-route=no comment=defconf interface=ether2 script=\
"/ip route set [find comment=\"BACKUP\"] gateway=([/ip dhcp-client get [find interface=ether2]]->\"gateway\")"Code: Select all
/system script
add dont-require-permissions=no name=wan_failover owner=admin policy=read,write,policy,test source="#SCRIPT SOURCE BELOW FOR BETTER READABILLITY"Code: Select all
:local PingFailTreshold 5
:global PingFailCount
:if ([:typeof $PingFailCount] = "nothing") do={:set $PingFailCount 0}
:local PingResult
:set $PingResult [:typeof ([/tool/ping address=8.8.8.8 count=1 interval=1 as-value]->"status")]
:if ($PingResult = "nothing") do={
:if ($PingFailCount > 0) do={
:if ($PingFailCount >= ($PingFailTreshold -1)) do={
/log/error "WAN on ether1 is UP, adjusting routes"
/ip/route/set [find comment="MAIN"] distance=2
}
:set $PingFailCount 0
}
} else={
:set $PingFailCount ($PingFailCount + 1)
:if ($PingFailCount = ($PingFailTreshold -1)) do={
/log/error "WAN on ether1 is DOWN, adjusting routes"
/ip/route/set [find comment="MAIN"] distance=10
}
}Code: Select all
/system scheduler
add interval=5s name=wan_failover on-event=wan_failover policy=read,write,policy,test start-time=startupSo, please tell me, am I crazy, or is this REALLY SIMPLE solution actually works?