Board logo

標題: 【RB2011UAS-2HnD-IN】- Failover checking script using Netwatch [打印本頁]
作者: bubblestar    時間: 2013-6-15 13:00     標題: 【RB2011UAS-2HnD-IN】- Failover checking script using Netwatch

目的: 以 【RB2011UAS-2HnD-IN】- Dual WAN Dual Gateway 及 分流 作為藍本,作進一步優化,以確保一旦其中一個Gateway 斷線後,所有內部 IP 都可以自動診斷出來,並可自動經另一條正常的ISP 管道上網,此處是以 /tool netwatch 作監察,然後自動failover 的。

設定完畢後,可以在Windows cmd prompt 鍵入 tracert www.google.com 作測試,然後拔走其中一條ISP WAN 線,人為地disable WAN 連線,此時,tracert www.google.com 的結果將會顯示你走出去的線路,已經自動轉了另一條備用的ISP了。
  1. /system script
  2. add name="HKBN-Down" source="/ip route set HKBN gateway=pppoe-out1" \
  3.     policy=ftp,reboot,read,write,policy,test,winbox,password
  4. add name="HKBN-Up" source="/ip route set HKBN gateway=WAN1" \
  5.     policy=ftp,reboot,read,write,policy,test,winbox,password
  6. add name="PCCW-Up" source="/ip route set PCCW gateway=pppoe-out1" \
  7.     policy=ftp,reboot,read,write,policy,test,winbox,password
  8. add name="PCCW-Down" source="/ip route set PCCW gateway=WAN1" \
  9.         policy=ftp,reboot,read,write,policy,test,winbox,password

  11. /tool netwatch
  12. add host=61.123.100.123 timeout=30ms interval=1s up-script=HKBN-Up \
  13.     down-script=HKBN-Down comment="" disabled=no
  14. add host=116.123.11.128 timeout=30ms interval=1s up-script=PCCW-Up \
  15.     down-script=PCCW-Down comment="" disabled=no
複製代碼
作者: 角色    時間: 2013-6-16 13:34

最近非常忙,所以都沒有去弄我的兩台【RB2011UAS-2HnD-IN】了,所以突然間都完了怎樣入手。
作者: Qnewbie    時間: 2013-6-25 03:39

本帖最後由 Qnewbie 於 2013-6-25 04:25 編輯

I have one question, which might be not relative this fail-over scheme:

1. ISP1 is used as main internet supplier.
2. ISP2 (3G modem) is used as fail-over for important servers, such as asterisk server due to the expansive data plan.

One possible solution is to use firewall to block traffic towards ISP2 except those from important servers.

Any other suggestions?
作者: bubblestar    時間: 2013-6-25 12:02

回復 3# Qnewbie


    You may allow ONLY certain server (such as Astersik) IP to go out via specific ISP by adding rules in /IP >> Routes >> Rules.  Example can be find at http://www.hkepc.com/forum/redir ... 13&pid=29193770
作者: Qnewbie    時間: 2013-6-25 23:08

回復 4# bubblestar

OK, I know what you mean.

PCs reach out only through ISP1, which follows your links. Dual-wan are set for all but as the PCs are sticked with ISP1...

The problem is to assign static IP to each PC  It is OK for home use. Maybe it should be better with IP pool...



歡迎光臨 電訊茶室 (http://telecom-cafe.com/forum/) Powered by Discuz! 7.2