Dealing with resilience on network: Setting Up a Failover System with MikroTik RouterOS

Introduction

In networking, ensuring consistent connectivity is critical. This article outlines the process of configuring a failover system on a MikroTik router to seamlessly switch between two internet connections, maintaining network availability.

Network Architecture

The setup involved two internet connections:

1. Primary WAN (ether1): A PPPoE connection.
2. Backup WAN (ether2): Connected to a secondary MikroTik router.

The router is a Mikrotik RB750Gr3 model with the 6.48.7 RouterOS version.

The goal was to configure routing and monitoring so that the backup connection would activate automatically if the primary connection failed, also the change must be faster to avoid throttling on user machines.

Configuration Steps

1. Primary Connection Setup

The primary WAN was configured as a PPPoE client on ether1 with the following commands:

/interface pppoe-client
add interface=ether1 name=pppoe-out1 user=primary_user password=secret
/ip route
add dst-address=0.0.0.0/0 gateway=pppoe-out1 distance=1

2. Configuring the Backup Connection on ether2

To use ether2 as the backup WAN, it required specific configuration:

• Assign an IP Address to ether2:

  /ip address
  add address=192.168.255.25/24 interface=ether2

• Add a Route for the Backup Connection:

  /ip route
  add dst-address=0.0.0.0/0 gateway=192.168.255.1 distance=2

3. Enabling Failover with Netwatch

To automate failover, Netwatch was used to monitor the primary connection. If the primary connection became unavailable, the backup route would activate:

/tool netwatch
add host=8.8.8.8 interval=10s timeout=5s \
    up-script="/ip route enable [find gateway=pppoe-out1]" \
    down-script="/ip route disable [find gateway=pppoe-out1]"

4. Testing the Configuration

To validate the setup, the primary route was disabled manually to simulate a failure:

/ip route disable [find gateway=pppoe-out1]

The router switched seamlessly to the backup route, demonstrating the functionality of the failover system.

Common Challenges and Solutions

Bridging Conflicts

Initially, ether2 was part of the bridge, causing routing conflicts. To resolve this, ether2 was removed from the bridge:

/interface bridge port remove [find interface=ether2]

Routing Conflicts

The backup gateway wasn’t recognized initially. Assigning the correct IP and gateway for ether2 resolved the issue.

Debugging Tools

• Ping tests: Verify connectivity.

  /ping 192.168.255.1

• Routing table inspection: Confirm route priorities.

  /ip route print