So I have these two netwatch rules designed to trigger failover for two different ISP that each get used for Primary WANs on different sets of routing rules and here are the routing tables and example of routing rule
now what my concern is that if WAN2 in which would be the primary Internet for routing table=WAN21.. if there were an issue with it.. would the net watch down script trigger the command all connections to break from even WAN1 (main routing table).. I believe it would.. is there a safe way to clear those connections that would only effect WAN2
(I did steal the
/ip fire conn\r\
\n:foreach idc in=[find where timeout>60] do={\r\
\n remove [find where .id=\$idc]\r\
\n}"
from another post.. shoutout @rextended.. so maybe its ok.. but im not sure..
Code:
/tool netwatchadd comment="Internet Test 1.1.1.1" disabled=no down-script="/ip route disable [find where comment=WAN1]\r\ \n/ip fire conn\r\ \n:foreach idc in=[find where timeout>60] do={\r\ \n remove [find where .id=\$idc]\r\ \n}" host=1.1.1.1 http-codes="" test-script="" thr-avg=500ms thr-jitter=2s thr-max=2s thr-stdev=500ms type=icmp up-script=\ "/ip route enable [find where comment=WAN1]\r\ \n/ip fire conn\r\ \n:foreach idc in=[find where timeout>60] do={\r\ \n remove [find where .id=\$idc]\r\ \n}"add comment="Internet Test 1.0.0.1" disabled=no down-script="/ip route disable [find where comment=WAN1-21]\r\ \n/ip fire conn\r\ \n:foreach idc in=[find where timeout>60] do={\r\ \n remove [find where .id=\$idc]\r\ \n}" host=1.0.0.1 http-codes="" test-script="" thr-avg=700ms thr-jitter=2s thr-loss-count=26 thr-loss-percent=100% thr-max=2s thr-stdev=500ms type=icmp up-script=\ "/ip route enable [find where comment=WAN1-21]\r\ \n/ip fire conn\r\ \n:foreach idc in=[find where timeout>60] do={\r\ \n remove [find where .id=\$idc]\r\ \n}"Code:
add comment=WAN1 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.50.80.3add comment=WAN1-dns distance=1 dst-address=1.1.1.1/32 gateway=10.50.80.3add comment=WAN2 distance=2 dst-address=0.0.0.0/0 gateway=192.168.97.1add comment=WAN2-dns distance=1 dst-address=1.0.0.1/32 gateway=192.168.97.1add comment=WAN1-21 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.97.1 routing-table=WAN21 suppress-hw-offload=noadd comment=WAN2-21 disabled=no distance=2 dst-address=0.0.0.0/0 gateway=10.50.80.3 pref-src="" routing-table=WAN21 scope=30 suppress-hw-offload=no target-scope=10Code:
add action=lookup comment=10ApManagement disabled=yes dst-address=0.0.0.0/0 src-address=10.10.10.0/23 table=WAN21(I did steal the
/ip fire conn\r\
\n:foreach idc in=[find where timeout>60] do={\r\
\n remove [find where .id=\$idc]\r\
\n}"
from another post.. shoutout @rextended.. so maybe its ok.. but im not sure..
Statistics: Posted by joshhboss — Fri Jan 05, 2024 9:04 pm