Recursive routing to MikroTik through DHCP designated gateways
The most frequently asked question to me about using recursive routing is: “What should I do if the main provider assigns us an ip-address via dhcp, while the default gateway often changes?”.
Warning! The materials and schemes in this article are simplified to primitivism in order to give a general idea of the method of solving the problem. Without deepening in particular.
What is recursive routing for? To monitor the availability of the Internet behind the provider's gateway . After all, it often happens that the provider's router responds to echo requests perfectly, but the link to the global network from the provider has disappeared for some reason.
')
Recursive routing allows you to assess the availability of Internet access through a selected provider and decide on the routing of traffic.
However, the fact is that the use of recursive routing implies thepresence of a directly explicit indication of the gateway IP address among the parameters of the created route. Specifying the name of the broadcast interface as a gateway is incorrect and in many cases simply does not work, because requires proxy-arp on the part of the provider. And yet, instead of a proxy-arp provider, your neighbor can switch on the ISP switch and try to intercept your traffic in this way by arranging a classic MITM!
The magic of recursive routing is hidden behind the "scope" and "target-scope" parameters. For a route to work as recursive, its “target-scope” must be greater than or equal to the value of the “scope” of the static route to which it refers recursively, and the gateway specified in the route was out of direct reach through one of the interfaces.
Consider the simplest scheme Active / Backup. Our router performs NAT and is connected to two providers via the Ether1-isp1 and Ether2-isp2 interfaces. The main provider (ISP-1) distributes IP addresses to its clients via DHCP and nothing else. The second provider provides us with a static IP address, but significantly lower speed.
Switching to a spare (ISP-2) should occur when access to the Internet through the main provider becomes impossible.
The highlight of the provider for such a scheme is a periodic arbitrary change not only of the client’s IP address, but also of default-gateway.
Before version 6.39, I had to see very sophisticated crutches in various combinations of sheduler , netwatch and similar mechanisms.
Starting from version 6.39, RouterOS developers went to meet such users and created the ability to call a special script when a dhcp client is triggered on a device.
The solution itself consists of two parts:
So let's start from the end.
Let's create a backup route through "ISP-2" with a value of "distance" more than the future main one. In this example, I used "distance = 2":
Further, in order to receive the default route from the ISP-1 provider, but do not use it directly, there is a special value “distance = 255”. A route with such a distance value will fall into the system routing table, but it will never become active .
We only need this route to read the parameters sent by the provider and embed them into the recursive route settings via a script.
From the obtained parameters, we are more interested in the $ gateway-address variable. As the name suggests, it contains the default gateway address in the provider's network. We will use it to bring recursive routes up to date.
The recursive routes themselves must be correctly identified from the script. To do this, at the stage of their creation, we will specify a unique “comment”, which will be used to search for them within the table. The code for creating a recursive pair of routes:
The first line should (and will!) Point to the real gateway in the provider's network only after the provider issues the dhcp parameters and they will be processed using the dhcp-client script:
Now, when an IP address is received from the ISP-1 provider for use as the default gateway, it will be added to the routing pair instead of 127.0.0.1.
The second line, where the route to 0.0.0.0/0 is indicated, actually performs all the magic. The 8.8.4.4 node specified there as the gateway will be checked for response with the “check-gateway = ping” option via the ISP-1 network. In case the node 8.8.4.4 does not respond twice to the pings within 20 seconds, the router will consider the connection to the Internet through this route (ISP-1) unavailable. New connections in this case will be routed through the ISP-2 backup provider.
If everything is done correctly, then the words “resursive via ...” will be visible in the winbox / ip-> routes window near the route to 8.8.4.4. This means the route was built exactly as recursive.
In the end, for example only, the screen of the winbox window:
Warning! The materials and schemes in this article are simplified to primitivism in order to give a general idea of the method of solving the problem. Without deepening in particular.
What is recursive routing for? To monitor the availability of the Internet behind the provider's gateway . After all, it often happens that the provider's router responds to echo requests perfectly, but the link to the global network from the provider has disappeared for some reason.
')
Recursive routing allows you to assess the availability of Internet access through a selected provider and decide on the routing of traffic.
However, the fact is that the use of recursive routing implies the
The magic of recursive routing is hidden behind the "scope" and "target-scope" parameters. For a route to work as recursive, its “target-scope” must be greater than or equal to the value of the “scope” of the static route to which it refers recursively, and the gateway specified in the route was out of direct reach through one of the interfaces.
Consider the simplest scheme Active / Backup. Our router performs NAT and is connected to two providers via the Ether1-isp1 and Ether2-isp2 interfaces. The main provider (ISP-1) distributes IP addresses to its clients via DHCP and nothing else. The second provider provides us with a static IP address, but significantly lower speed.
Switching to a spare (ISP-2) should occur when access to the Internet through the main provider becomes impossible.
The highlight of the provider for such a scheme is a periodic arbitrary change not only of the client’s IP address, but also of default-gateway.
Before version 6.39, I had to see very sophisticated crutches in various combinations of sheduler , netwatch and similar mechanisms.
Starting from version 6.39, RouterOS developers went to meet such users and created the ability to call a special script when a dhcp client is triggered on a device.
The solution itself consists of two parts:
- you need to get via the dhcp protocol from the provider the IP address and the gateway address for use in recursive routes
- If possible, the gateway address from the provider will be excluded from automatic use.
So let's start from the end.
Let's create a backup route through "ISP-2" with a value of "distance" more than the future main one. In this example, I used "distance = 2":
Backup via ISP-2
/ip route add dst-address=0.0.0.0/0 gateway=192.0.2.1 distance=2Further, in order to receive the default route from the ISP-1 provider, but do not use it directly, there is a special value “distance = 255”. A route with such a distance value will fall into the system routing table, but it will never become active .
Code
/ip dhcp-client add comment="ISP-1 dhcp" default-route-distance=255 dhcp-options=hostname,clientid interface=Ether1-isp1We only need this route to read the parameters sent by the provider and embed them into the recursive route settings via a script.
From the obtained parameters, we are more interested in the $ gateway-address variable. As the name suggests, it contains the default gateway address in the provider's network. We will use it to bring recursive routes up to date.
The recursive routes themselves must be correctly identified from the script. To do this, at the stage of their creation, we will specify a unique “comment”, which will be used to search for them within the table. The code for creating a recursive pair of routes:
Creating a pair of routes
/ip route add dst-address=8.8.4.4 gateway=127.0.0.1 scope=30 target-scope=30 comment=" isp1route " disabled=yes
/ip route add dst-address=0.0.0.0/0 gateway=8.8.4.4 check-gateway=pingThe first line should (and will!) Point to the real gateway in the provider's network only after the provider issues the dhcp parameters and they will be processed using the dhcp-client script:
Simplified script
/ip route set [find comment=" isp1route "] gateway=($"gateway-address") disabled=noMore advanced option
:if ($bound=1) do={ /ip route set [find comment=" isp1route "] gateway=($"gateway-address")disabled=no; :log warning ("New ISP1 gateway: ".($"gateway-address")) }Now, when an IP address is received from the ISP-1 provider for use as the default gateway, it will be added to the routing pair instead of 127.0.0.1.
The second line, where the route to 0.0.0.0/0 is indicated, actually performs all the magic. The 8.8.4.4 node specified there as the gateway will be checked for response with the “check-gateway = ping” option via the ISP-1 network. In case the node 8.8.4.4 does not respond twice to the pings within 20 seconds, the router will consider the connection to the Internet through this route (ISP-1) unavailable. New connections in this case will be routed through the ISP-2 backup provider.
If everything is done correctly, then the words “resursive via ...” will be visible in the winbox / ip-> routes window near the route to 8.8.4.4. This means the route was built exactly as recursive.
In the end, for example only, the screen of the winbox window:
Source: https://habr.com/ru/post/428097/
All Articles