Questo forum fa uso dei cookie
Questo forum utilizza i cookie per memorizzare i dettagli del tuo login o della tua ultima visita. I cookie sono piccoli files di testo salvati nel computer; i cookie da noi utilizzati sono relativi unicamente ai servizi da noi forniti direttamente o dai banner pubblicitari. I cookie su questo forum salvano inoltre i dettagli relativi alle discussioni lette e alle tue preferenze personali. Sei pregato di selezionare il tasto OKAY se sei consapevole della presenza di questi files e ci autorizzi ad utilizarli per le informazioni specificate.

Indipendentemente dalla tua scelta un cookie verrà salvato per memorizzare nel tuo pc la risposta a questo form. Puoi modificare le impostazioni relative ai cookie nelle preferenze del tuo browser.

  • 0 voto(i) - 0 media
  • 1
  • 2
  • 3
  • 4
  • 5
[Mikrotik] Resilience /Monitoring -ECMP Failover Script

#1
Information 
How to do automatic ECMP failover
This script demonstrates one method of doing automatic failover using the Netwatch function and using scripting to enable or disable gateways. This is probably not the most efficient way, but it works. I would welcome any input on how it can be improved.
The situation:
You have 2 lines going out to the internet - 10.0.0.12 and 10.0.0.13. You have setup a mangle to mark HTTP traffic (optional) and want to route http along the 2 lines using load balancing.
You setup the mangle:
Codice:
/ip firewall mangle add chain=prerouting protocol=tcp dst-port=80 action=mark-routing \
  new-routing-mark=ecmp-http-route passthrough=yes comment=" Route HTTP \
  traffic to ECMP" disabled=no


You set up ECMP (Equal Cost Multipath Routing) by using something like
Codice:
/ip route add dst-address=0.0.0.0/0 gateway=10.0.0.12,10.0.0.13 routing-mark=ecmp-http-route comment="ECMP route for HTTP"


Now you have ECMP for HTTP only. This is nice because MSN messenger, banking websites and other programs and problem sites will not be broken in the same way it might be if you used ECMP for all protocols.

What I then do is for example mark SMTP traffic and route this out through 10.0.0.12:

Codice:
/ip firewall mangle add chain=prerouting protocol=tcp dst-port=25 action=mark-routing \

Codice:
  new-routing-mark=smtp-out passthrough=yes comment="SMTP Traffic" disabled=no


Codice:
/ip route add dst-address=0.0.0.0/0 gateway=10.0.0.12 routing-mark=smtp-out comment="SMTP Traffic out"


and route all other traffic through 10.0.0.13
Codice:
/ip route add dst-address=0.0.0.0/0 gateway=10.0.0.13 comment="Default Route to Internet"


Then I need to setup 2 routes to specific addresses to force the router through specific gateways to "test" the links. These should not be popular addresses with your users! Otherwise when a gateway goes down they will have no access to those sites. The addresses I am using as an example are 1.1.1.12 to test 10.0.0.12, and 1.1.1.13 to test 10.0.0.13.

Next I use the Netwatch Function to switch all traffic to the working gateway should any of the gateways fail:

Codice:
/ tool netwatch

Codice:
  add host=1.1.1.13 timeout=2s interval=30s up-script="/ip route set \

Codice:
  \[find comment=\"Default Route To Internet\"\] gateway=10.0.0.13" \

Codice:
  down-script="/ip route set \[find comment=\"Default Route To Internet\"\] \

Codice:
  gateway=10.0.0.12 comment="" disabled=no

Codice:
  add host=1.1.1.12 timeout=2s interval=30s up-script="/ip route set \

Codice:
  \[find comment=\"SMTP Traffic out\"\] gateway=1.0.0.12" down-script="/ip \

Codice:
  \n" \route set \[find comment=\"SMTP Traffic out\"\] gateway=10.0.0.13

Codice:
  comment="" disabled=no


The problem is that the ECMP http route will still be active, therefore http traffic wont work, so I have 2 scripts to check if both gateways are up or down and take action accordingly:
Codice:
system script

Codice:
  add name="ecmp-startup" source=":if ([/ping 1.1.1.12 count=1]=1 && \

Codice:
  [/ping 1.1.1.13 count=1]=1 && [/ip route get [find \

Codice:
  comment=\"ECMP Route For HTTP\"] disabled]=true) do={ :log info \"Both gateways up\" \

Codice:
  \n/ip route set [find routing-mark=ecmp-http-route] \

Codice:
  disabled=no}" policy=ftp,reboot,read,write,policy,test,winbox,password

Codice:
  add name="ecmp-shutdown" source=":if ([/ping 1.1.1.12 count=1]=1 && \

Codice:
  [/ping 1.1.1.13 count=1]=0) do={ :log info \"Gateway down\"\

Codice:
  \n/ip route set [find routing-mark=ecmp-http-route] \

Codice:
  disabled=yes}" policy=ftp,reboot,read,write,policy,test,winbox,password


Codice:
Hi I found this error while trying to use this script, what worked for me was

Codice:
  ecmp start/shut script. Looks like  in the start and shut script (") are missing

Codice:
  from the find, well other the script works wonders for me. Thanks a lot savagedavid


Codice:
ecmp starthp script

Codice:
  :if ([/ping 1.1.1.13 count=1]=1 && [/ping 1.1.1.12 count=1]=1 && [/ip route get \

Codice:
  [find routing-mark="ecmp-http-route"] disabled]=true) do={:log info "Both Gateways are up" \

Codice:
  /n/ip route set [find routing-mark="ecmp-http-route"] disable=no}


Codice:
ecmp shutdown script

Codice:
  :if ([/ping 1.1.1.13 count=1]=0 || [/ping 1.1.1.12 count=1]=0) do={:log info \

Codice:
  "Gateway down" /ip route set [find routing-mark="ecmp-http-route"] disabled=yes}


Notice that it first checks to see if the route is enable before trying to re-enable it. Otherwise it will reset the route and users will be dropped momentarily.

Then finally schedule the scripts to check every 30 seconds:

Codice:
/ system scheduler

Codice:
  add name="gateway-check" on-event="/system script run ecmp-shutdown

Codice:
  script run ecmp-startup" start-date=jan/01/1970 start-time=00:00:00 \

Codice:
  interval=30s comment="" disabled=no

Cita messaggio


Discussioni simili
Discussione Autore Risposte Letto Ultimo messaggio
Exclamation Script: Notifica sovraccarico CPU hamtarociaoo 1 1'660 10-09-2016, 01:18
Ultimo messaggio: hunte88
Information [Mikrotik] Semi-Automating CPE ROS/Firmware/script updates and setting changes berryberry 0 1'356 17-06-2015, 11:54
Ultimo messaggio: berryberry
Information [Mikrotik] SXT 5HnD Alignment Script berryberry 0 1'682 17-06-2015, 11:47
Ultimo messaggio: berryberry
Information [Mikrotik] Yet Another Alignment Script With LEDs And Sound berryberry 0 2'086 17-06-2015, 11:07
Ultimo messaggio: berryberry
  [Mikrotik] Improved auto upgrade script v3.X berryberry 0 1'234 17-06-2015, 10:53
Ultimo messaggio: berryberry
Information [Mikrotik] Automated Upgrade/Downgrade script V3.9+ berryberry 0 1'245 17-06-2015, 10:51
Ultimo messaggio: berryberry
Information [Mikrotik] Auto upgrade script V3.x berryberry 0 773 17-06-2015, 10:34
Ultimo messaggio: berryberry
Information [Mikrotik] Failover Scripting berryberry 0 760 16-06-2015, 11:17
Ultimo messaggio: berryberry
Information [Mikrotik] Monitor logs, send email alert / run script berryberry 0 1'217 16-06-2015, 10:55
Ultimo messaggio: berryberry
Information [Mikrotik] Failover via Netwatch III (English) berryberry 0 804 16-06-2015, 10:01
Ultimo messaggio: berryberry

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


Utenti che stanno guardando questa discussione:
1 Ospite(i)


Powered by MyBB, © 2002-2019 MyBB Group.