I'm running RouterOS 7.17.2 and have dual WAN with recursive routing failover and DHCP set up:
I'm trying to ping healthchecks.io in order to receive alerts when either WAN1 or WAN2 fail. Netwatch is configured to icmp ping 1.1.1.1 (WAN1) and 9.9.9.9 (WAN2) and with Test scripts that ping healthchecks.io if status is "up".
This isn't working. If I disconnect the WAN1 cable, pings to 1.1.1.1 still succeed because they fail over to WAN2, and I don't understand why -- the dhcp1 route has target-scope=10, so the WAN1_default and WAN2_default routes should be ignored because they have target-scope=11. From IP Routing -> Nexthop Lookup:
Routes with a scope greater than the maximum accepted value are not used for next-hop lookup. Each route specifies the maximum accepted scope value for its nexthop in the target-scope property.
Alternatively, I'm trying to use a scheduler script to check the status of the routes and send the healthchecks ping only if not "unreachable":
Gateway check can be extended by setting check-gateway parameter. Gateway reachability can be checked by sending ARP probes, or ICMP
messages or by checking active BFD sessions. The router periodically (every 10 seconds) checks the gateway by sending either an ICMP echo request (pi
ng) or an ARP request (arp). If no response from the gateway is received for 10 seconds, the request times out. After two timeouts gateway is considered
unreachable.
/routing/route documents an unreachable property:
unreachable (yes | no) A flag indicates whether the route next-hop is unreachable.
but it doesn't exist:
In fact, there are several discrepancies between the documented properties and those available in the terminal:
Here is the status when the WAN1 cable is disconnected:
I'm confused. What is the difference between (not) active and inactive? Why does active return nothing? What properties should I test, disabled, inactive, both? Thanks!
Code:
[admin@Palace] > /ip/route/print detailFlags: D - dynamic; X - disabled, I - inactive, A - active; c - connect, s - static, r - rip, b - bgp, o - ospf, i - is-is, d - dhcp, v - vpn, m - modem, y - bgp-mpls-vpn; H - hw-offloaded; + - ecmp 0 As ;;; WAN1_default dst-address=0.0.0.0/0 routing-table=main gateway=1.1.1.1 immediate-gw=158.51.83.129%ether1 check-gateway=ping distance=1 scope=10 target-scope=11 suppress-hw-offload=no 1 s ;;; WAN2_default dst-address=0.0.0.0/0 routing-table=main pref-src="" gateway=9.9.9.9 immediate-gw=100.187.137.1%ether2 check-gateway=ping distance=2 scope=10 target-scope=11 suppress-hw-offload=no DAc dst-address=10.1.10.0/24 routing-table=main gateway=bridge immediate-gw=bridge distance=0 scope=10 target-scope=5 local-address=10.1.10.1%bridge DAc dst-address=100.187.137.0/24 routing-table=main gateway=ether2 immediate-gw=ether2 distance=0 scope=10 target-scope=5 local-address=100.187.137.43%ether2 2 As ;;; LM1200 dst-address=192.168.5.0/24 routing-table=main pref-src="" gateway=100.187.137.1 immediate-gw=100.187.137.1%ether2 distance=1 scope=10 target-scope=10 suppress-hw-offload=no DAc dst-address=158.51.83.128/25 routing-table=main gateway=ether1 immediate-gw=ether1 distance=0 scope=10 target-scope=5 local-address=158.51.83.238%ether1 3 As ;;; dhcp1 dst-address=1.1.1.1/32 routing-table=main pref-src="" gateway=158.51.83.129 immediate-gw=158.51.83.129%ether1 distance=1 scope=10 target-scope=10 suppress-hw-offload=no 4 As ;;; dhcp2 dst-address=9.9.9.9/32 routing-table=main pref-src="" gateway=100.187.137.1 immediate-gw=100.187.137.1%ether2 distance=1 scope=10 target-scope=10 suppress-hw-offload=no I'm trying to ping healthchecks.io in order to receive alerts when either WAN1 or WAN2 fail. Netwatch is configured to icmp ping 1.1.1.1 (WAN1) and 9.9.9.9 (WAN2) and with Test scripts that ping healthchecks.io if status is "up".
This isn't working. If I disconnect the WAN1 cable, pings to 1.1.1.1 still succeed because they fail over to WAN2, and I don't understand why -- the dhcp1 route has target-scope=10, so the WAN1_default and WAN2_default routes should be ignored because they have target-scope=11. From IP Routing -> Nexthop Lookup:
Routes with a scope greater than the maximum accepted value are not used for next-hop lookup. Each route specifies the maximum accepted scope value for its nexthop in the target-scope property.
Alternatively, I'm trying to use a scheduler script to check the status of the routes and send the healthchecks ping only if not "unreachable":
Gateway check can be extended by setting check-gateway parameter. Gateway reachability can be checked by sending ARP probes, or ICMP
messages or by checking active BFD sessions. The router periodically (every 10 seconds) checks the gateway by sending either an ICMP echo request (pi
ng) or an ARP request (arp). If no response from the gateway is received for 10 seconds, the request times out. After two timeouts gateway is considered
unreachable.
/routing/route documents an unreachable property:
unreachable (yes | no) A flag indicates whether the route next-hop is unreachable.
but it doesn't exist:
Code:
[admin@Palace] > :put [/ip/route/get [find comment="dhcp2"] unreachable ] input does not match any value of value-nameIn fact, there are several discrepancies between the documented properties and those available in the terminal:
Code:
about blackhole dhcp dynamic immediate-gw modem routing-table target-scope active check-gateway disabled ecmp inactive ospf scope vpn bgp comment distance gateway is-is pref-src static vrf-interface bgp-mpls-vpn connect dst-address hw-offloaded local-address rip suppress-hw-offload value-name Here is the status when the WAN1 cable is disconnected:
Code:
[admin@Palace] > /ip/rout/printFlags: D - DYNAMIC; X - DISABLED, I - INACTIVE, A - ACTIVE; c - CONNECT, s - STATIC; H - HW-OFFLOADEDColumns: DST-ADDRESS, GATEWAY, DISTANCE# DST-ADDRESS GATEWAY DISTANCE;;; dhcp10 Xs 1.1.1.1/32 158.51.83.129 1;;; WAN1_default1 IsH 0.0.0.0/0 1.1.1.1 1;;; WAN2_default2 As 0.0.0.0/0 9.9.9.9 2 DAc 10.1.10.0/24 bridge 0 DAc 100.187.137.0/24 ether2 0;;; LM12003 As 192.168.5.0/24 100.187.137.1 1;;; dhcp24 As 9.9.9.9/32 100.187.137.1 1[admin@Palace] > :put [/ip/route/get [find comment="dhcp1"] active ] [admin@Palace] > :put [/ip/route/get [find comment="dhcp1"] disabled ] true[admin@Palace] > :put [/ip/route/get [find comment="dhcp1"] inactive ]]true[admin@Palace] > :put [/ip/route/get [find comment="WAN1_default"] inactive ]] true[admin@Palace] > :put [/ip/route/get [find comment="WAN1_default"] active ]] I'm confused. What is the difference between (not) active and inactive? Why does active return nothing? What properties should I test, disabled, inactive, both? Thanks!
Statistics: Posted by keg415 — Tue Feb 11, 2025 12:39 am