PSY IT Runbooks

MikroTik Multi-WAN Failover (Safe Configuration)

by

GDanu
in

Overview

Multi-WAN failover ensures uninterrupted internet access when a primary ISP fails. This guide implements a conservative, production-safe failover using route distance and gateway monitoring.

Environment

  • MikroTik RouterOS v7.x

  • Two WAN connections (static or PPPoE)

  • No policy routing required

Design Principles

  • No traffic marking

  • No scripting dependencies

  • Predictable rollback

  • Minimal impact on existing firewall/NAT rules

Configuration Steps (SAFE)

Step 1: Identify Active Gateways

/ip route print where dst-address=0.0.0.0/0

Step 2: Configure Default Routes

/ip route
add dst-address=0.0.0.0/0 gateway=ISP1_GW distance=1 check-gateway=ping comment="Primary WAN"
add dst-address=0.0.0.0/0 gateway=ISP2_GW distance=2 check-gateway=ping comment="Backup WAN"

Step 3: Confirm Route State

/ip route print detail where dst-address=0.0.0.0/0

The active route should show:

reachable=yes active=yes

Verification

/tool traceroute 8.8.8.8

Disconnect WAN1 physically or logically. Traffic must automatically switch to WAN2.

Common Issues

  • NAT rules bound to a single interface

  • FastTrack hiding failover behavior

  • DNS servers reachable only via primary ISP

Rollback

/ip route remove [find comment="Primary WAN"]
/ip route remove [find comment="Backup WAN"]

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *