Artikel dibawah ini hanya kopi paste, bukan niat untuk plagiat tetapi untuk menyimpan saja agar sy lebih mudah mencarinya di kemudian hadi jika sy memelukannya lagi.
Kepada penulis:
https://web.archive.org/web/20151014092819/https://aacable.wordpress.com/2013/04/12/mikrotik-multiple-wan-fail-over-scripts/saya ucapkan benar-benar terimakasih karena telah sangat-sangat membantu sy dalam melakukan routing gateway mikrotik.
In this short reference post , I will post some WAN link fail over scenarios. For example If you have two DSL wan links, and one of link goes down , What will happen? If your DSL modem is down – then check-gateway=ping can save your packets from being sent to that link , But what if your modem is up, and telephone line is down? Or one of your ISP has a problem from there end ????
There are several method that you can use to sort this problem, either by using NetWatch tool to monitor WAN link , or you can use use scripts to periodically ping remote hosts. And then disable/enable routes.
Following is a very simple method you can use for fail over.
▼
SCENARIO #1
FAIL OVER for Dual WAN links without Load Balancing & without Scripting
We have two WAN links and we want to use second WAN for fail over ONLY, No load balancing is required.
To achieve fail-over follow the below
Example:
LAN = 192.168.0.1
WAN1 GW= 192.168.1.1
WAN2 GW= 192.168.2.1
WAN1 GW= 192.168.1.1
WAN2 GW= 192.168.2.1
External Host ip that we want to monitor for the WAN status. (You can use your ISP’s DNS / Web server ip also or any one which is more reliable and preferably closer to you)
Google DNS = 8.8.8.8
TW DNS (PK) = 221.132.112.8
TW DNS (PK) = 221.132.112.8
Following is complete script.
1# Make sure you change the interface names and IP addresses according to your network,
2# In DNS section, Use your ISP’s DNS ip addresses
3# You can use different host ip addresses for monitoring, preferably your primary ISP’s reliable servers like DNS or other. You can use other web sites ips too.
2# In DNS section, Use your ISP’s DNS ip addresses
3# You can use different host ip addresses for monitoring, preferably your primary ISP’s reliable servers like DNS or other. You can use other web sites ips too.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
| # apr/12/2013 10:41:20 by RouterOS 5.20# Syed Jahanzaib / aacable@hotmail.com/ip addressadd address=192.168.0.1/24 disabled=no interface=LAN network=192.168.0.0add address=192.168.1.2/24 disabled=no interface=WAN1 network=192.168.1.0add address=192.168.2.2/24 disabled=no interface=WAN2 network=192.168.2.0/ip dnsset allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB \max-udp-packet-size=512 servers=208.67.222.222,202.141.224.34# Or use your ISP's DNS/ip firewall natadd action=masquerade chain=srcnat disabled=no out-interface=WAN1add action=masquerade chain=srcnat disabled=no out-interface=WAN2#### Following is ROUTE section where we will be using check-gateway function to monitor external hosts from each wan/ip routeadd dst-address=8.8.8.8 gateway=192.168.1.1 scope=10add dst-address=221.132.112.8 gateway=192.168.2.1 scope=10add distance=1 gateway=8.8.8.8 check-gateway=pingadd distance=2 gateway=221.132.112.8 check-gateway=ping |
The above fail over method works fine,when the WAN1 link will fail , it will automatically fail over to secondary link, and when the wan1 link becomes available all load will shift back to wan1 link. The only negative is that we are using single wan host to monitor, if that particular host (e.g 8.8.8.8) ping goes down and the rest is fine , wan1 link will still shift to secondary link. To avoid it use multiple hosts to monitor wan connectivity.
▼
▼
SCENARIO #2
FAIL OVER for Dual WAN links without Load Balancing using NETWATCH SCRIPT
If you have 2 WAN Links , and you want to use Primary Link for Main internet usage, and in case Primary Link [WAN1] Looses its connectivity with the INTERNET (For example problem with the link between your modem and ISP or Problem between ISP link and the internet), then Secondary Link take its place, and when Primary link [WAN1] restores, it will become active again. You can use the following scripts.
You have to create two scripts for this purpose.
SCRIPT-1 > DOWN will check Primary Link connectivity using default route , if it dont get reply from Google DNS IP 8.8.8.8, it will change Primary Link Route distance value to 3 ,
SCRIPT-2 > UP will will change Default Primary Route distance value to 1.
▼
Route Distance values should be
[WAN1] PRIMARY link with Route DISTANCE value 1
&
[WAN2] SECONDARY link with Route DISTANCE value 2,
&
[WAN2] SECONDARY link with Route DISTANCE value 2,
▼
Make sure that you must do the following
1- Add following comment in the Default Primary Link [WAN1] route
Default Route
(If you don’t add this comment , Script wont be able to locate your default route)
▼
2- Add static route for 8.8.8.8 [google dns] to make sure that monitoring to google dns always goes via primary link). This is very important
1
2
| /ip route add comment="Route to check 8.8.8.8 connectivity via PRIMARY Link, change the gateway ip to match your primary link gateway ip " distance=1 \ dst-address=8.8.8.8/32 gateway=192.168.1.1 |
▼
Make sure that you Add following comment in the Default Primary Link [WAN1] route
Default Route
(If you don’t add this comment , Script wont be able to locate your default route)
▼
Now ADD Scripts that will be executed in UP/DOWN event.
DOWN SCRIPT
copy paste following in terminal window of Mikrotik
1
2
3
4
5
6
| /sys scriptadd name=down policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \ source=":log warning \"PRIMAYR LINK DOWN, Call 911 / zaib\"\r\ \n/ip route set [find comment=\"Default Route\"] distance=3\r\ \n" |
▼
UP SCRIPT
1
2
3
4
5
6
7
| /sys scriptadd name=up policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \ source=":log warning \"PRIMARY link seems to be UP, switch back to Primary\ \_WAN Link / zaib\"\r\ \n/ip route set [find comment=\"Default Route\"] distance=1\r\ \n" |
Now add NETWATCH to monitor the Internet HOST
↓
Netwatch SCRIPT to monitor Primary Link status
1
2
3
4
| /tool netwatchadd comment="Monitor Internet Connectivity 8.8.8.8" down-script=\"/system script run down" host=8.8.8.8 interval=60s timeout=3s up-script=\"/system script run up" |
▲
You will see following entries in LOG when WAN link goes DOWN and UP. You can also configure actions to email or SMS you if any link goes down for tack purposes, or if you want to be informed about the WAN status.
As showed in the image below . .
Script is good , because you can control the frequency and lot of other functions too.
Compact Method with NETWATCH
One compact method using NETWATCH without scripts is as follow
1
2
3
4
5
6
7
8
9
10
11
12
| # Change the gateway192.168.1.1 to match your local internet gateway/ip route add comment="Route to check 8.8.8.8 connectivity via PRIMARY Link, change the gateway ip to match your primary link gateway ip " distance=1 \ dst-address=8.8.8.8/32 gateway=192.168.1.1/tool netwatchadd comment="Monitor Internet Connectivity 8.8.8.8" disabled=no down-script=\":log warning \"PRIMAYR LINK DOWN, Call 911 / zaib\"\r\\n/ip route set [find comment=\"Default Route\"] distance=3\r\\n" host=8.8.8.8 interval=1m timeout=2s up-script=\":log warning \"PRIMARY link seems to be UP, switch back to Primary WAN Link / zaib\"\r\\n/ip route set [find comment=\"Default Route\"] distance=1\r\\n |
.
.
.
.
SCENARIO #3
DUAL WAN LOAD BALANCING USING PCC WITH FAIL OVER without scripting (Very useful : ))
The following script does the two wan load balancing using PCC method, also if any of WAN link will fail , it will automatically fail over to secondary link, and when the particular failed link becomes available load will be start distributing among both links (remember it will not shift back previously made connections like downloads via idm etc. new packets will be distributed) .The only negative is that we are using single wan host to monitor, if that particular host (e.g 8.8.8.8) ping goes down and the rest is fine , wan1 link will still shift to secondary link. To avoid it use multiple hosts to monitor wan connectivity.
1# Make sure you change the interface names and IP addresses according to your network,
2# In DNS section, Use your ISP’s DNS ip addresses
3# You can use different host ip addresses for monitoring, preferably your primary ISP’s reliable servers like DNS or other. You can use other web sites ips too.
2# In DNS section, Use your ISP’s DNS ip addresses
3# You can use different host ip addresses for monitoring, preferably your primary ISP’s reliable servers like DNS or other. You can use other web sites ips too.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
| # apr/12/2013 11:13:43 by RouterOS 5.20# Syed Jahanzaib / aacable@hotmail.com/ip addressadd address=192.168.0.1/24 disabled=no interface=LAN network=192.168.0.0add address=192.168.1.2/24 disabled=no interface=WAN1 network=192.168.1.0add address=192.168.2.2/24 disabled=no interface=WAN2 network=192.168.2.0/ip dnsset allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512 servers=208.67.222.222,202.141.224.34# Use your OWN isp DNS ips , in this example I have used OPENDNS and other isp dns. Filtering is ON at opendns/ip firewall mangleadd action=accept chain=prerouting disabled=no dst-address=192.168.1.0/24 in-interface=LANadd action=accept chain=prerouting disabled=no dst-address=192.168.2.0/24 in-interface=LANadd action=mark-connection chain=input disabled=no in-interface=WAN1 new-connection-mark=WAN1_mark passthrough=yesadd action=mark-connection chain=input disabled=no in-interface=WAN2 new-connection-mark=WAN2_mark passthrough=yesadd action=mark-routing chain=output connection-mark=WAN1_mark disabled=no new-routing-mark=to_ISP1 passthrough=yesadd action=mark-routing chain=output connection-mark=WAN2_mark disabled=no new-routing-mark=to_ISP2 passthrough=yesadd action=mark-connection chain=prerouting disabled=no dst-address-type=!LAN in-interface=LAN new-connection-mark=WAN1_mark passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0add action=mark-connection chain=prerouting disabled=no dst-address-type=!LAN in-interface=LAN new-connection-mark=WAN2_mark passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1add action=mark-routing chain=prerouting connection-mark=WAN1_mark disabled=no in-interface=LAN new-routing-mark=to_ISP1 passthrough=yesadd action=mark-routing chain=prerouting connection-mark=WAN2_mark disabled=no in-interface=LAN new-routing-mark=to_ISP2 passthrough=yes# Default masquerade rule for both WAN links/ip firewall natadd action=masquerade chain=srcnat disabled=no out-interface=WAN1add action=masquerade chain=srcnat disabled=no out-interface=WAN2### ROUTE SECTION ###### Magic begins here/ip route# Adding static routes for Google/TW which will be used further below to test both WAN link connectivityadd dst-address=8.8.8.8 gateway=192.168.1.1 scope=10add dst-address=221.132.112.8 gateway=192.168.2.1 scope=10## Now we create route for PCC marked packets routing mark:add distance=1 gateway=8.8.8.8 routing-mark=to_ISP1 check-gateway=pingadd distance=2 gateway=221.132.112.8 routing-mark=to_ISP2 check-gateway=ping## Create destinations to "virtual" hops to be use in further routesadd dst-address=10.0.0.1 gateway=8.8.8.8 scope=10 target-scope=10 check-gateway=pingadd dst-address=10.0.0.2 gateway=221.132.112.8 scope=10 target-scope=10 check-gateway=ping## Add default routes for both isp's marked packets by PCC mangle sectionadd distance=1 gateway=10.0.0.1 routing-mark=to_ISP1add distance=2 gateway=10.0.0.2 routing-mark=to_ISP2## Add default routes for no routing marks , For router itselfadd distance=1 gateway=10.0.0.1add distance=2 gateway=10.0.0.2 |
▼
For more information, please visit
http://wiki.mikrotik.com/index.php?title=Advanced_Routing_Failover_without_Scripting
http://wiki.mikrotik.com/index.php?title=Advanced_Routing_Failover_without_Scripting
Sekali lagi terimakasih untuk penulis :
https://web.archive.org/web/20151014092819/https://aacable.wordpress.com/2013/04/12/mikrotik-multiple-wan-fail-over-scripts/
0 komentar:
Posting Komentar