Recently I added a mikrotik’s base netwatch script on a network to monitor WAN link , and if no ping received from the the WAN host (Example: 8.8.8.8), the down script changes the backup link route to take priority over primary link. But the issue is NETWATCH is kind of un reliable method to check internet connectivity, because it can check only single host at a time, also if your wan link is week or heavily used resulting in few ping timed out which is sometimes common (for example 3 out of 10 replies misses) Netwatch sometimes consider the target link DOWN. the Netwatch gives a “DOWN” status immediately upon a missed ping – irregardless of the Timeout setting.
So to prevent that we must use a method via which we can check at least two or more hosts on Internet like IPS Gateway IP and any other reliable host like 8.8.8.8 (or any other host in your particular region) , if it fails to receive at least 5 replies from each of host, then it will consider the link DOWN. If one host is working and second is down, it will also consider it as UP. kind of cross verification.If 2 out of 5 ping misses, it will still consider the link UP.
Multiple HOST check is recommended, Because if you are using single host check script or netwatch,then some times it can happen that 8.8.8.8 ping reply is not receiving dueto various reason (either its down or isp have blocked ), but rest of internet is working fine, but even then the script/netwatch will consider the LINK is down dueto its single host check. That’s why multi host check is recommended.
ROS SCRIPT CODE: (Script name= monitor)
# Following script is copied from the Mikrotik forum.
# Thanks to mainTAP and rextended for sharing
# http://forum.mikrotik.com/viewtopic.php?f=9&t=85505
# Modified few contents to suite local requirements and added descriptions
# Regard's / Syed Jahanzaib / http://aacable.wordpress.com
# Script Starts here...
# Internet Host to be checked You can modify them as per required, JZ
:local host1 "8.8.8.8"
:local host2 "208.67.222.123"
# Do not modify data below without proper understanding.
:local i 0;
:local F 0;
:local date;
:local time;
:global InternetStatus;
:global InternetLastChange;
# PING each host 5 times
:for i from=1 to=5 do={
if ([/ping $host1 count=1]=0) do={:set F ($F + 1)}
if ([/ping $host2 count=1]=0) do={:set F ($F + 1)}
:delay 1;
};
# If both links are down and all replies are timedout, then link is considered down
:if (($F=10)) do={
:if (($InternetStatus="UP")) do={
:log error "WARNING : The INTERNET link seems to be DOWN. Please Check";
:set InternetStatus "DOWN";
## ADD YOUR RULES HERE, LIKE ROUTE CHANGE OR WHAT EVER IS REQUIRED, Example is below ...
## /ip route set [find comment="Default Route"] distance=3
## /ip firewall nat disable [find comment="Your Rules, Example"]
:set date [/system clock get date];
:set time [/system clock get time];
:set InternetLastChange ($time . " " . $date);
} else={:set InternetStatus "DOWN";}
} else={
## If reply is received , then consider the Link is UP
:if (($InternetStatus="DOWN")) do={
:log warning "WARNING :The INTERNET link have been restored";
:set InternetStatus "UP";
## ADD YOUR RULES HERE, LIKE ROUTE CHANGE OR WHAT EVER IS REQUIRED, Example is below ...
## /ip route set [find comment="Default Route"] distance=1
## /ip firewall nat enable [find comment="Your Rules, Example"]
:set date [/system clock get date];
:set time [/system clock get time];
:set InternetLastChange ($time . " " . $date);
} else={:set InternetStatus "UP";}
}
# Script Ends Here.
# Thank you
.
Scheduler to run script auto
To add scheduler to run script after every 5 minutes (or as required), use following code
/system scheduler add disabled=no interval=5m name="Monitor WAN connectivity Scheduler / JZ" on-event=monitor policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api start-date=jun/12/2014 start-time=\ 00:00:00
Don’t forget to change the script name monitor in above scheduler to match the name you set for the script.
Example: on-event=monitor
.
Define Static Routes for Monitoring Host – for Route Changing
If you are using this script to change internet route to backup link, then you must define static routes for the host you are monitoring. So that your monitored hosts should always (forcefully) go via Primary Link.
/ip route add comment="Force this HOST via Primary Link" disabled=no distance=1 dst-address=8.8.8.8/32 gateway=192.168.1.1 scope=30 target-scope=10 add comment="Force this HOST via Primary Link" disabled=no distance=1 dst-address=208.67.222.123/32 gateway=192.168.1.1 scope=30 target-scope=10
Note: Make sure to change gateway 192.168.1.1 to primary internet link gateway.
.
.
Regard’s
Syed Jahanzaib
Filed under: Mikrotik Related
