Failover Script 2 gateway

[zxmaster technology]

Ciao a tutti sono qua che combatto per far funzionare uno script in modo che se la connessione principale cade subentri quella di backup.

rb750
ether1=wan1
ip 192.168.1.5
gw 192.168.1.252

ether2=wan1
ip 192.168.0.5
gw 192.168.0.1

ether3= LAN
ip 10.1.0.1 (GATEWAY LOCALE)

Dal momento che a monte ho 2 router (1 per adsl) non posso usare distance 1 & 2 in quanto se la connettività cade ma il router resta acceso non fa lo switch delle adsl.

Cercando sul wiki os ho trovato quello che fa al caso mio, ma non riesco a capire come configurare RB750.

gli script li ho capiti, ma no capisco come impostare alla base il MT;

Allego script

crea lo scheduler

/ system scheduler
add name="ping_google_link_A-up" on-event=schedule_A_up start-date=jan/01/1970 \
start-time=00:00:00 interval=5s comment="" disabled=yes
add name="ping_google_link_A-down" on-event=schedule_A_down \
start-date=jan/01/1970 start-time=00:00:00 interval=5s comment="" \
disabled=no


scripts go up

#set variables
:local pingcount 3
:local ipA 192.168.0.5
:local GatewayA 192.168.0.1
:local ipB 192.168.1.5
:local GatewayB 192.168.1.252
:local GatewayC 10.1.0.1

#ping gateways with src
:local pingresultA [/ping http://www.google.com src-address=$ipA count=$pingcount]
:local pingresultB [/ping http://www.google.com src-address=$ipB count=$pingcount]


#if link_A is DOWN and link_B is UP then:
:if (($pingresultA=0) && ($pingresultB=3)) do={
/ip route set [find comment="Default Gateway"] gateway=$GatewayB
}

#if link_A is UP and link_B is DOWN then:
:if (($pingresultA=3) && ($pingresultB=0)) do={
/ip route set [find comment="Default Gateway"] gateway=$GatewayA
}

#if both link DOWN:
:if (($pingresultA=0) && ($pingresultB=0)) do={
/ip route set [find comment="Default Gateway"] gateway=$GatewayC
}

# Link A or Link B both are UP:
:if (($pingresultA=$pingcount) && ($pingresultB=$pingcount)) do={

#send alert email
/tool e-mail send subject=($ipA . "is up now") \
body=("the gateway is backed up at: " . [/system clock get date]) \ to=("XXXXXX@gmail.com")

#disable all multi-session balancing mangles
/ip firewall mangle set [find chain=prerouting in-interface=LAN \
connection-mark=even action=mark-routing passthrough=no] disabled=no
/ip firewall mangle set [find chain=prerouting in-interface=LAN \
connection-state=new new-connection-mark=even passthrough=yes \
action=mark-connection nth=1,1,1] disabled=no
/ip firewall mangle set [find chain=prerouting in-interface=LAN \
connection-mark=odd action=mark-routing new-routing-mark=odd \
passthrough=no] disabled=no
/ip firewall mangle set [find chain=prerouting in-interface=LAN nth=1,1,0 \
action=mark-connection new-connection-mark=odd \
passthrough=yes] disabled=no

#disable current scheduler
/system scheduler set [find name=ping_google_link_A-down] disabled=no

#enable -up scheduler
/system scheduler set [find name=ping_google_link_A-up] disabled=yes

#set gateway back to GatewayB
/ip route set [find comment="Default Gateway"] gateway=$GatewayB
}


Scripts go Down

#set variables
:local pingcount 3
:local ipA 192.168.0.5
:local GatewayA 192.168.0.1
:local ipB 192.168.1.5
:local GatewayB 192.168.1.252
:global state no

#ping gateways with src
:local pingresultA [/ping http://www.google.com src-address=$ipA count=$pingcount]
:local pingresultB [/ping http://www.google.com src-address=$ipB count=$pingcount]

# Link A or Link B is down then>
:if (($pingresultA=0) || ($pingresultB=0)) do={
#send email
/tool e-mail send subject=($ipA . " is down") \
body=("the gateway is down now at: " . [/system clock get date]) \ to=("XXXXXX@gmail.com")

#disable all multi-session balancing mangles
/ip firewall mangle set [find chain=prerouting in-interface=LAN \
connection-mark=even action=mark-routing passthrough=no] disabled=yes
/ip firewall mangle set [find chain=prerouting in-interface=LAN \
connection-state=new new-connection-mark=even passthrough=yes \
action=mark-connection nth=1,1,1] disabled=yes
/ip firewall mangle set [find chain=prerouting in-interface=LAN \
connection-mark=odd action=mark-routing new-routing-mark=odd \
passthrough=no] disabled=yes
/ip firewall mangle set [find chain=prerouting in-interface=LAN nth=1,1,0 \
action=mark-connection new-connection-mark=odd \
passthrough=yes] disabled=yes

#disable current scheduler
/system scheduler set [find name=ping_google_link_A-down] disabled=yes

#enable -up scheduler
/system scheduler set [find name=ping_google_link_A-up] disabled=no

#set gateway to secondary or tertiary

#if link_A is DOWN and link_B is UP then:
:if (($pingresultA=0) && ($pingresultB>0)) do={
/ip route set [find comment="Default Gateway"] gateway=192.168.1.252
}

#if link_A is UP and link_B is DOWN then:
:if (($pingresultA>0) && ($pingresultB=0)) do={
/ip route set [find comment="Default Gateway"] gateway=192.168.0.1
}

#if link_A and link_B both were DOWN then:
:if (($pingresultA=0) && ($pingresultB=0)) do={
/ip route set [find comment="Default Gateway"] gateway=10.1.0.1
}
}

Ho configurato le schede con gli ip come sopra descritti nello script, poi ero in dubbio se creare la tavola di route e ho provato ma senza risultati se non una route statica.

Portate pazienza se ho scritto castronerie.

Il link del wiki da cui ho preso il tutto è il seguente
http://wiki.mikrotik.com/wiki/Improved_Load_Balancing_over_Multiple_Gateways_Failover_Script

Spero possiate essermi di aiuto e di essere stato chiaro.

Ciao e grazie a tutti

[xanio]

Bravo e approccio interessante.

Io lo faccio in modo + barbaro ...imposto una rotta statica in cui faccio pingare un apparato tramite un ip ben definito (wan1) nel momento in cui non pingo l'ip, imposto la rotta di backup (wan2)...quando ritorno a pingare quell'ip, allora rimetto tutto come prima.

[zxmaster technology]

Ti ringrazio della rapida risposta, e ti chiedo cortesemente se puoi postarmi quello che hai fatto (config e d eventuali script) per capirne qualcosa in più.

Grazie infinite e buona giornta

[zxmaster technology]

ho trovato questo script in rete e l'ho risistemato, l'unico problema è che se la porta wan1 viene staccata o il router a monte si spegne entra in un loop che ogni 10 secondi riprova a usare la wan 1. Al momento ho risolto mettendo uno "stupido" switch di rete tra il router e la wan 1, ma non mi risolve il problema lo raggira.
Se avete idee....... dite pure che provo.


/interface ethernet
set [ find default-name=ether3 ] name=LAN3
set [ find default-name=ether1 ] name=WAN1
set [ find default-name=ether2 ] name=WAN2

/ip address add address=192.168.1.5/24 interface=WAN1
/ip address add address=192.168.0.5/24 interface=WAN2
/ip address add address=10.1.0.1/24 interface=LAN3

/ip route add gateway=192.168.1.252

/ip route add dst-address=8.8.8.8 gateway=192.168.1.252 comment=ISP1

/ip firewall nat /add action=masquerade chain=srcnat

/tool netwatch
add down-script=ISP1_Down host=8.8.8.8 interval=10s timeout=2000ms up-script=ISP1_UP

/system script
add name=ISP1_Down source="ip route set [/ip route find dst-address=0.0.0.0/0] gateway=192.168.0.1"
add name=ISP1_UP source="ip route set [/ip route find dst-address=0.0.0.0/0] gateway=192.168.1.252"


Ciaoooo

[xanio]

Questo è quello che ho fatto.

Codice: Seleziona tutto

/ip route
add distance=1 gateway=192.168.3.254
add comment=WAN1 distance=1 dst-address=8.8.8.8/32 gateway=192.168.3.254

/system script
add name=WAN1_Down policy=\
    ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
    source="ip route set [/ip route find dst-address=0.0.0.0/0]  gateway=192.168\
    .2.254"
add name=WAN1_UP policy=\
    ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
    source="ip route set [/ip route find dst-address=0.0.0.0/0]  gateway=192.168\
    .3.254"
   
/tool netwatch
add down-script=WAN1_Down host=8.8.8.8 up-script=WAN1_UP

[zxmaster technology]

Grazie Xanio
in linea di massima sono molto simili i 2 script.
Ma tu non hai il problema che se stacchi il cavo dalla wan1 ti perde dei pacchetti, perche (ad esempio nel mio caso) prova ogni 10 secondi a pingare il dns di google (8.8.8.8) e nel fare questo cambia lo stato della policy da down a up; e poi torna in down in quanto il dns non risponde.

[xanio]

eheheh
io ho lasciato i tempi standard...anzi li allungo...alla fine se hai 5 minuti di down non muore nessuno.


PS eventualmente puoi fare un ping-check che se trova un time-out riprova.

[zxmaster technology]

risolto tutti i problemi compreso il loop down modificando il script.

Export della configurazione:


/interface ethernet
set [ find default-name=ether3 ] name=LAN3
set [ find default-name=ether1 ] name=WAN1
set [ find default-name=ether2 ] name=WAN2

/ip address
add address=192.168.1.5/24 interface=WAN1 network=192.168.1.0
add address=192.168.0.5/24 interface=WAN2 network=192.168.0.0
add address=10.1.0.1/24 interface=LAN3 network=10.1.0.0
/ip firewall nat
add action=masquerade chain=srcnat
/ip route
add check-gateway=ping distance=1 gateway=192.168.1.252
add comment=ISP1 distance=1 dst-address=8.8.8.8/32 gateway=192.168.1.252

/system scheduler
add interval=10s name=schedule1 on-event="#set variables\r\
\n :local pingcount 10\r\
\n :local ipA 192.168.1.5\r\
\n :local GatewayA 192.168.1.252\r\
\n :global state no\r\
\n \r\
\n #ping gateways with src\r\
\n :local pingresultA [/ping 8.8.8.8 src-address=\$ipA count=\$pingcoun\
t]\r\
\n \r\
\n #if link_A is UP then:\r\
\n :if (\$pingresultA=\$pingcount) do={\r\
\n ip route set [/ip route find dst-address=0.0.0.0/0] gateway=192.168\
.1.252}" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
jan/02/1970 start-time=00:00:01




/system script
add name=ISP1_Down policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive source="ip route set [/ip route find dst-address=0.0.0.0/0] gateway=192.168.0.1"
add name=ISP1_UP policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive source="#set variables\r\
\n :local pingcount 10\r\
\n :local ipA 192.168.1.5\r\
\n :local GatewayA 192.168.1.252\r\
\n :global state no\r\
\n \r\
\n #ping gateways with src\r\
\n :local pingresultA [/ping 8.8.8.8 src-address=\$ipA count=\$pingcount]\r\
\n \r\
\n #if link_A is UP then:\r\
\n :if (\$pingresultA=\$pingcount) do={\r\
\n ip route set [/ip route find dst-address=0.0.0.0/0] gateway=192.168.1.252}"

/tool netwatch
add down-script=ISP1_Down host=8.8.8.8 interval=10s timeout=2s
add host=8.8.8.8 interval=30s timeout=2s up-script=ISP1_UP

/system ntp client
set enabled=yes primary-ntp=193.204.114.232 secondary-ntp=193.204.114.233

/system clock
set time-zone-name=Europe/Rom

/system reboot
y

Spero sia chiaro nel caso lo commento.

Ciaooo

[maxumi]

Ciao, io provato ad implementare lo script e la configurazione come hai indicato te in questo post.
Purtroppo a me presenta lo stesso problema di loop che dicevi in caso di cavo staccato o router A spento.

puoi darmi qualche consiglio su cosa andare a verificare?

risolto tutti i problemi compreso il loop down modificando il script.

Export della configurazione:


/interface ethernet
set [ find default-name=ether3 ] name=LAN3
set [ find default-name=ether1 ] name=WAN1
set [ find default-name=ether2 ] name=WAN2

/ip address
add address=192.168.1.5/24 interface=WAN1 network=192.168.1.0
add address=192.168.0.5/24 interface=WAN2 network=192.168.0.0
add address=10.1.0.1/24 interface=LAN3 network=10.1.0.0
/ip firewall nat
add action=masquerade chain=srcnat
/ip route
add check-gateway=ping distance=1 gateway=192.168.1.252
add comment=ISP1 distance=1 dst-address=8.8.8.8/32 gateway=192.168.1.252

/system scheduler
add interval=10s name=schedule1 on-event="#set variables\r\
\n :local pingcount 10\r\
\n :local ipA 192.168.1.5\r\
\n :local GatewayA 192.168.1.252\r\
\n :global state no\r\
\n \r\
\n #ping gateways with src\r\
\n :local pingresultA [/ping 8.8.8.8 src-address=\$ipA count=\$pingcoun\
t]\r\
\n \r\
\n #if link_A is UP then:\r\
\n :if (\$pingresultA=\$pingcount) do={\r\
\n ip route set [/ip route find dst-address=0.0.0.0/0] gateway=192.168\
.1.252}" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
jan/02/1970 start-time=00:00:01




/system script
add name=ISP1_Down policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive source="ip route set [/ip route find dst-address=0.0.0.0/0] gateway=192.168.0.1"
add name=ISP1_UP policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive source="#set variables\r\
\n :local pingcount 10\r\
\n :local ipA 192.168.1.5\r\
\n :local GatewayA 192.168.1.252\r\
\n :global state no\r\
\n \r\
\n #ping gateways with src\r\
\n :local pingresultA [/ping 8.8.8.8 src-address=\$ipA count=\$pingcount]\r\
\n \r\
\n #if link_A is UP then:\r\
\n :if (\$pingresultA=\$pingcount) do={\r\
\n ip route set [/ip route find dst-address=0.0.0.0/0] gateway=192.168.1.252}"

/tool netwatch
add down-script=ISP1_Down host=8.8.8.8 interval=10s timeout=2s
add host=8.8.8.8 interval=30s timeout=2s up-script=ISP1_UP

/system ntp client
set enabled=yes primary-ntp=193.204.114.232 secondary-ntp=193.204.114.233

/system clock
set time-zone-name=Europe/Rom

/system reboot
y

Spero sia chiaro nel caso lo commento.

Ciaooo

[maxumi]

Cancella tutto!!!
tutto OK, è che facevo il test verso il dns google usato come check...
confermo che lo script funziona correttamente senza loop..