Skip to main content

There are several ways to do a failover in RouterOS. I wanted the most stable failover I could think of, in my opinion that is by pinging multiple IP addresses. And pinging the gateway was not the way for me. I was inspired with the failover from Steve Discher and Michael Bear, I changed the script a little bit.

First I added this script to the Mikrotik router (System -> Scripts):

:local rchbl;
       :if ([/ping 4.3.2.1 count=2] > 0 || [/ping 1.2.3.4 count=2] > 0) do={:set rchbl 1} else={:set rchbl 0}
       :local rtenable [/ip route print count-only where comment="primary gateway" && distance=1]
       :local msg ""
       :put "rchbl is $rchbl "

       # check the distance of the primary default gateway static route
       :if ($rtenable = 1) do={
           :if ($rchbl = 0) do={
               :set msg "Pings not reachable, switching to secondary gateway with setting distance to 1"
               /ip route set [find comment="primary gateway"] distance=20
               /ip route set [find comment="secondary gateway"] distance=1
           }
       } else={
           if ($rchbl > 0) do={
               :set msg "Pings reachable, switching back to primary gateway with setting distance to 1"
                /ip route set [find comment="primary gateway"] distance=1
                /ip route set [find comment="secondary gateway"] distance=20
           }
       }

       # output/feedback
       :if ($msg != "") do={
           :log info "$msg"
           :put ".:. $msg"
       }

This script checks two IP addresses (8.8.8.8 and 8.8.4.4 in this case). If one of them fails to respond there could be a problem with that specific IP address, not with the internet line. When both IP addresses aren’t responding the script changes the distance of the primary and secondary route. When one IP address is responding again the distance is changed back to normal.

There are a few additional settings. The primary and secondary routes have to have the comment “primary gateway” and “secondary gateway”.

/ip route
add comment="secondary gateway" distance=1 dst-address=0.0.0.0/0 gateway=x.x.x.x
add comment="primary gateway" distance=20 dst-address=0.0.0.0/0 gateway=x.x.x.x

/ip route add comment="Force test pings to 8.8.8.8 through primary gateway" dst-address=8.8.8.8 gateway=x.x.x.x
/ip route add comment="Force test pings to 8.8.4.4 through primary gateway" dst-address=8.8.4.4 gateway=x.x.x.x

And to be certain that only pings to 8.8.8.8 and 8.8.4.4 go through the primary gateway interface we add two firewall rules:

/ip firewall filter add chain=output comment="Drop pings to 8.8.8.8 if they go through secondary gateway" dst-address=8.8.8.8 out-interface=ether2 action=drop
/ip firewall filter add chain=output comment="Drop pings to 8.8.4.4.4 if they go through secondary gateway" dst-address=8.8.4.4 out-interface=ether2 action=drop

You can now test the failover by running the script. After testing you have to add the script to the scheduler:

/system scheduler add interval=10s name=failover on-event="/system script run gateway_failover" start-date=jan/10/2018 start-time=22:18:14

I haven’t tested if 8.8.8.8 and 8.8.4.4 are reachable in failover mode. I think it is better to use the DNS addresses of your own provider, or use the OPENDNS addresses: 208.67.222.222, 208.67.220.220