← Back

RouterOS Dynamic WAN Failover

Simple method for configuring WAN failover with dynamic ISP addressing on RouterOS.

Prerequisites

This is assuming you have 2 ISPs, of which the primary one provides its addressing dynamically, whether that be PPPoE or DHCP. This also assumes you have some basic knowledge of networking, RouterOS, and the Internet.

Note: I do not have a variant of this for IPv6 yet, but the concept should be the same. It is still debated which method to use for IPv6 failover, but RouterOS does not appear to support the primary contender, NPT.

Note: This failover is basic and will only account for certain failures, but it definitely will work for last-mile failures on FTTP.

Initial Configuration

The initial configuration is to create a DHCP server or PPP client to get an address and a default route. The secondary ISP's dynamic route must have a higher default route distance. Check your routing table under IP/Routes and respectively. It should show 2 default routes with different distances, as below:

It is also important to have 2 NAT masquerade items set up under IP/Firewall/NAT, as below:

From here, you should be able to check you are able to get online using the primary ISP.

Netwatch

This section is where the actual failover will be configured. RouterOS is clever in that it allows multiple masquerades (PAT) in the NAT configuration at the same time and then bases which one to use on the routing table. We can use this to our advantage.

Under Tools/Netwatch, add a new item with the following configuration. It is up to you which IP address you test against. This example is using CloudFlare DNS.

In the Down section of this page, configure actions to be performed when the host is down.

DHCP Client

For a DHCP client, use the following:

/ip dhcp-client release ether1
/ip dhcp-client renew ether1

Where ether1 is the name of the WAN interface.

PPPoE Client

For a PPPoE client, use the following:

/interface pppoe-client disable pppoe-interface
/interface pppoe-client enable pppoe-interface

Where pppoe-interface is the name of the WAN interface.

This will instantly remove the default route from the routing table and force the interface to start looking for a new address and default route, independently of the interface status. When the route is found, it will fail back to the primary ISP.

Copyright 1999-2021