Blog nya Penjual Pulsa

Selasa, 25 Juli 2017

Setting FailOver Internet Pada MikroTik

Artikel dibawah ini hanya kopi paste, bukan niat untuk plagiat tetapi untuk menyimpan saja agar sy lebih mudah mencarinya di kemudian hadi jika sy memelukannya lagi.
Kepada penulis:
https://web.archive.org/web/20151014092819/https://aacable.wordpress.com/2013/04/12/mikrotik-multiple-wan-fail-over-scripts/saya ucapkan benar-benar terimakasih karena telah sangat-sangat membantu sy dalam melakukan routing gateway mikrotik.



In this short reference post , I will post some WAN link fail over scenarios. For example If you have two DSL wan links, and one of link goes down , What will happen? If your  DSL modem is down – then check-gateway=ping can save your packets from being sent to that link , But what if your modem is up, and telephone line is down? Or one of your ISP has a problem from there end  ????
There are several method that you can use to sort this problem, either by using NetWatch tool to monitor WAN link , or you can use use scripts to periodically ping remote hosts. And then disable/enable routes.
Following is a very simple method you can use for fail over.

SCENARIO #1


FAIL OVER
 for Dual WAN links without Load Balancing & without Scripting

mikrotik-isp-redundancy
We have two WAN links and we want to use second WAN for fail over ONLY, No load balancing is required.
To achieve fail-over follow the  below
Example:
LAN = 192.168.0.1
WAN1 GW= 192.168.1.1
WAN2 GW= 192.168.2.1
External Host ip that we want to monitor for the WAN status. (You can use your ISP’s DNS / Web server ip also or any one which is more reliable and preferably closer to you)
Google DNS = 8.8.8.8
TW DNS (PK) = 221.132.112.8
Following is complete script.
1# Make sure you change the interface names and IP addresses according to your network,
2# In DNS section, Use your ISP’s DNS ip addresses
3# You can use different host ip addresses for monitoring, preferably your primary ISP’s reliable servers like DNS or other. You can use other web sites ips too.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
# apr/12/2013 10:41:20 by RouterOS 5.20
# Syed Jahanzaib / aacable@hotmail.com
/ip address
add address=192.168.0.1/24 disabled=no interface=LAN network=192.168.0.0
add address=192.168.1.2/24 disabled=no interface=WAN1 network=192.168.1.0
add address=192.168.2.2/24 disabled=no interface=WAN2 network=192.168.2.0
 
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB \
max-udp-packet-size=512 servers=208.67.222.222,202.141.224.34
# Or use your ISP's DNS
 
/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=WAN1
add action=masquerade chain=srcnat disabled=no out-interface=WAN2
 
#### Following is ROUTE section where we will be using check-gateway function to monitor external hosts from each wan
 
/ip route
add dst-address=8.8.8.8 gateway=192.168.1.1 scope=10
add dst-address=221.132.112.8 gateway=192.168.2.1 scope=10
 
add distance=1 gateway=8.8.8.8 check-gateway=ping
add distance=2 gateway=221.132.112.8 check-gateway=ping
The above fail over method works fine,when the WAN1 link will fail , it will automatically fail over to secondary link, and when the wan1 link becomes available all load will shift back to wan1 link. The only negative is that we are using single wan host to monitor, if that particular host (e.g 8.8.8.8) ping goes down and the rest is fine , wan1 link will still shift to secondary link. To avoid it use multiple hosts to monitor wan connectivity.

SCENARIO #2


FAIL OVER
 for Dual WAN links without Load Balancing using NETWATCH SCRIPT

mikrotik-isp-redundancy
If you have 2 WAN Links , and you want to use Primary Link for Main internet usage, and in case Primary Link [WAN1] Looses its connectivity with the INTERNET (For example problem with the link between your modem and ISP or Problem between ISP link and the internet), then Secondary Link take its place, and when Primary link [WAN1] restores, it will become active again. You can use the following scripts.
You have to create two scripts for this purpose.
SCRIPT-1 > DOWN will check Primary Link connectivity using default route , if it dont get reply from Google DNS IP 8.8.8.8, it will change Primary Link Route distance value to 3 ,
SCRIPT-2 >  UP will will change Default Primary Route distance value to 1.
Route Distance values should be
[WAN1]  PRIMARY link with Route DISTANCE value 1
&
[WAN2]  SECONDARY link with Route DISTANCE value 2,
Make sure that you must  do the following
1- Add following comment in the Default Primary Link [WAN1] route
Default Route
(If you don’t add this comment , Script wont be able to locate your default route)
2- Add static route for 8.8.8.8 [google dns] to make sure that monitoring to google dns always goes via primary link). This is very important :)
1
2
/ip route add comment="Route to check 8.8.8.8 connectivity via PRIMARY Link, change the gateway ip to match your primary link gateway ip " distance=1 \
 dst-address=8.8.8.8/32 gateway=192.168.1.1
Make sure that you Add following comment in the Default Primary Link [WAN1] route

Default Route

(If you don’t add this comment , Script wont be able to locate your default route)
default-route
Now ADD Scripts that will be executed in UP/DOWN event.

DOWN SCRIPT

copy paste following in terminal window of Mikrotik
1
2
3
4
5
6
/sys script
add name=down policy=\
 ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
 source=":log warning \"PRIMAYR LINK DOWN, Call 911 / zaib\"\r\
 \n/ip route set [find comment=\"Default Route\"] distance=3\r\
 \n"

UP SCRIPT

1
2
3
4
5
6
7
/sys script
add name=up policy=\
 ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
 source=":log warning \"PRIMARY link seems to be UP, switch back to Primary\
 \_WAN Link / zaib\"\r\
 \n/ip route set [find comment=\"Default Route\"] distance=1\r\
 \n"
Now add NETWATCH to monitor the Internet HOST

Netwatch SCRIPT to monitor Primary Link status

1
2
3
4
/tool netwatch
add comment="Monitor Internet Connectivity 8.8.8.8" down-script=\
"/system script run down" host=8.8.8.8 interval=60s timeout=3s up-script=\
"/system script run up"
You will see following entries in LOG when WAN link goes DOWN and UP. You can also configure actions to email or SMS you if any link goes down for tack purposes, or if you want to be informed about the WAN status.
As showed in the image below  . .
1- down
2- UP
Script is good , because you can control the frequency and lot of other functions too.

Compact Method with NETWATCH

One compact method using NETWATCH without scripts is as follow
1
2
3
4
5
6
7
8
9
10
11
12
# Change the gateway192.168.1.1 to match your local internet gateway
/ip route add comment="Route to check 8.8.8.8 connectivity via PRIMARY Link, change the gateway ip to match your primary link gateway ip " distance=1 \
 dst-address=8.8.8.8/32 gateway=192.168.1.1
 
/tool netwatch
add comment="Monitor Internet Connectivity 8.8.8.8" disabled=no down-script=\
":log warning \"PRIMAYR LINK DOWN, Call 911 / zaib\"\r\
\n/ip route set [find comment=\"Default Route\"] distance=3\r\
\n" host=8.8.8.8 interval=1m timeout=2s up-script=\
":log warning \"PRIMARY link seems to be UP, switch back to Primary WAN Link / zaib\"\r\
\n/ip route set [find comment=\"Default Route\"] distance=1\r\
\n

.

.

.

.

SCENARIO #3

DUAL WAN LOAD BALANCING USING PCC WITH FAIL OVER  without scripting (Very useful : ))

The following script does the two wan load balancing using PCC method, also if any of WAN link will fail , it will automatically fail over to secondary link, and when the particular failed link becomes available load will be start distributing among both links (remember it will not shift back previously made connections like downloads via idm etc. new packets will be distributed) .The only negative is that we are using single wan host to monitor, if that particular host (e.g 8.8.8.8) ping goes down and the rest is fine , wan1 link will still shift to secondary link. To avoid it use multiple hosts to monitor wan connectivity.
1# Make sure you change the interface names and IP addresses according to your network,
2# In DNS section, Use your ISP’s DNS ip addresses
3# You can use different host ip addresses for monitoring, preferably your primary ISP’s reliable servers like DNS or other. You can use other web sites ips too.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
# apr/12/2013 11:13:43 by RouterOS 5.20
# Syed Jahanzaib / aacable@hotmail.com
/ip address
add address=192.168.0.1/24 disabled=no interface=LAN network=192.168.0.0
add address=192.168.1.2/24 disabled=no interface=WAN1 network=192.168.1.0
add address=192.168.2.2/24 disabled=no interface=WAN2 network=192.168.2.0
 
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512 servers=208.67.222.222,202.141.224.34
# Use your OWN isp DNS ips , in this example I have used OPENDNS and other isp dns. Filtering is ON at opendns
 
/ip firewall mangle
add action=accept chain=prerouting disabled=no dst-address=192.168.1.0/24 in-interface=LAN
add action=accept chain=prerouting disabled=no dst-address=192.168.2.0/24 in-interface=LAN
add action=mark-connection chain=input disabled=no in-interface=WAN1 new-connection-mark=WAN1_mark passthrough=yes
add action=mark-connection chain=input disabled=no in-interface=WAN2 new-connection-mark=WAN2_mark passthrough=yes
add action=mark-routing chain=output connection-mark=WAN1_mark disabled=no new-routing-mark=to_ISP1 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN2_mark disabled=no new-routing-mark=to_ISP2 passthrough=yes
add action=mark-connection chain=prerouting disabled=no dst-address-type=!LAN in-interface=LAN new-connection-mark=WAN1_mark passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting disabled=no dst-address-type=!LAN in-interface=LAN new-connection-mark=WAN2_mark passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1
add action=mark-routing chain=prerouting connection-mark=WAN1_mark disabled=no in-interface=LAN new-routing-mark=to_ISP1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN2_mark disabled=no in-interface=LAN new-routing-mark=to_ISP2 passthrough=yes
 
# Default masquerade rule for both WAN links
/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=WAN1
add action=masquerade chain=srcnat disabled=no out-interface=WAN2
 
###   ROUTE SECTION   ###
### Magic begins here
 
/ip route
# Adding static routes for Google/TW which will be used further below to test both WAN link connectivity
add dst-address=8.8.8.8 gateway=192.168.1.1 scope=10
add dst-address=221.132.112.8 gateway=192.168.2.1 scope=10
 
## Now we create route for PCC marked packets routing mark:
add distance=1 gateway=8.8.8.8 routing-mark=to_ISP1 check-gateway=ping
add distance=2 gateway=221.132.112.8 routing-mark=to_ISP2 check-gateway=ping
 
## Create destinations to "virtual" hops to be use in further routes
add dst-address=10.0.0.1 gateway=8.8.8.8 scope=10 target-scope=10 check-gateway=ping
add dst-address=10.0.0.2 gateway=221.132.112.8 scope=10 target-scope=10 check-gateway=ping
 
## Add default routes for both isp's marked packets by PCC mangle section
add distance=1 gateway=10.0.0.1 routing-mark=to_ISP1
add distance=2 gateway=10.0.0.2 routing-mark=to_ISP2
 
## Add default routes for no routing marks , For router itself
add distance=1 gateway=10.0.0.1
add distance=2 gateway=10.0.0.2

Sekali lagi terimakasih untuk penulis :
https://web.archive.org/web/20151014092819/https://aacable.wordpress.com/2013/04/12/mikrotik-multiple-wan-fail-over-scripts/
Share:

Theme Support