Like most people, my domestic ISP goes down sometimes. I work from home most of the time and the most common solution when this problem occurs is to ’tether’ a phone to use it’s 4G connection. This is OK, but a solution which allowed my entire home network to switch over to a backup internet connection would be much better… As well as my laptop maintaining a connection, movies could still be streamed (backup connection bandwith permitting) and IoT devices would keep working - you get the general idea.
My primary ISP at home is provided by Virgin Media. All ISPs experience outages from time to time and they are no exception. I suppose you could therefore describe them as “not exceptional” ;)
Hardware
Rather than use the provided hardware in it’s default mode which provides network routing and WiFi, I use the device in modem mode and use a MikroTik rb4011 as a router which sits between my home network and the internet connection which is provided by Virgin Media.
This is a simplification of my setup but is enough for the purposes of this explanation. I found a cheap-ish Netgear 4G modem which looked as if it might fit the bill. This particular device had both a WAN and LAN port on the rear, which I found intruiging:
The idea behind this additional port is that you can put this device inline between your normal internet connection and your router, which means that the 4G connection becomes active when it detects that the primary internet connection is down, something like this:
I did try this approach and it did work, but I abandoned it for a few reasons:
- Speed tests on my regular ISP (Virgin Media) gave poorer results with the device inline
- Having a device inline didn’t seem like good network design - If the LM1200 lost power, then both connections would likely die
- I wanted to learn about “doing it properly”, using recursive routing in RouterOS
The final network design therefore would be like this:
The ports on the Mikrotik RB4011 router can be summarised like this:
- ether1: connection to Virgin Media router
- ether2: connection to the Netgear 4g modem
- ether3: connection to the Netgear switch (for wired clients)
Again, this is a simplification of the actual network layout but it is adequate for this explanation.
With the devices connected like this, the rb4011 needed to be configured to handle the failover in the event that the main ISP’s internet connectivity failed. Here is the config to setup recursive routing to achieve this.
Mikrotik Config
1 - Add Routing Tables
/routing table
add fib name=VM_RT
add fib name=4G_RT
2 - Set the DHCP Clients to “Add Default Route” (No) and add the following routes on the command line
:global VMGW [/ip/dhcp-client/get [find interface=ether1] gateway]
/ip/route/add dst-address=0.0.0.0/0 gateway=$VMGW distance=1 scope=30 target-scope=10 vrf-interface=ether1 routing-table=main comment="VirginMediaDefRoute"
:global 4GGW [/ip/dhcp-client/get [find interface=ether2] gateway]
/ip/route/add dst-address=0.0.0.0/0 gateway=$4GGW distance=254 scope=30 target-scope=10 vrf-interface=ether2 routing-table=main comment="Netgear4GDefRoute"
3 - Create the following scripts in each of the Advanced DHCP client settings for both the Virgin Media and Netgear 4G connections
#Just wait a second!
:delay 1000ms;
#Set the variable VMGW to the IP of the VM Gateway
:global VMGW [/ip/dhcp-client/get [find interface=ether1] gateway]
#Refresh the Gateway if it isn't the 192. address that the VM Hub has when it first comes online
:if ( !($VMGW in 192.168.0.0/16 ) ) do={/ip route set [find comment="VirginMediaDefRoute"] gateway="$VMGW" disabled=no}
#/ip route set [find comment="VirginMediaDefRoute"] gateway="$VMGW" disabled=no
--
#Just wait a second!
:delay 1000ms;
#Set the IP of the 4G Modem's Internet Gateway into a variable called 4GGW
:global 4GGW [/ip/dhcp-client/get [find interface=ether2] gateway]
# Refresh the Gateway
/ip route set [find comment="Netgear4GDefRoute"] gateway="$4GGW" disabled=no
------
4 - Create Firewall Mangle Rules
/ip firewall mangle
add action=mark-connection chain=output connection-mark=no-mark connection-state=new new-connection-mark=VM_CONN out-interface=ether1
add action=mark-connection chain=output connection-mark=no-mark connection-state=new new-connection-mark=4G_CONN out-interface=ether2
add action=mark-routing chain=output connection-mark=VM_CONN new-routing-mark=VM_RT out-interface=ether1
add action=mark-routing chain=output connection-mark=4G_CONN new-routing-mark=4G_RT out-interface=ether2
Add routes to external hosts using scope=10 (intended to monitor test if ISP is up or down)
/ip/route
add dst-address=8.8.8.8 scope=10 gateway=$VMGW
add dst-address=8.8.4.4 scope=10 gateway=$4GGW
/ip/route/
add distance=1 gateway=8.8.8.8 routing-table=VM_RT target-scope=11 check-gateway=ping
add distance=2 gateway=8.8.4.4 routing-table=VM_RT target-scope=11 check-gateway=ping
/ip/route/
add distance=1 gateway=8.8.4.4 routing-table=4G_RT target-scope=11 check-gateway=ping
add distance=2 gateway=8.8.8.8 routing-table=4G_RT target-scope=11 check-gateway=ping
Notes:
This configuration makes use of something called recursive routing . This means that the Mikrotik will actually have a valid test for internet connectivity which is used to decide if failover is necessary. In this case, connectivity to public DNS servers 8.8.8.8 and 8.8.4.4 are used for this test. Simpler configurations (without recursive routing configured) will failover simply if the link between the Mikrotik and Virgin Media is down - This is quite an unlikely failure scenario as internet failover are much more likely to happen somewhere upstream on the ISP’s network.
Some addition code has been added above which is specific to virgin media. In the configuration above, the following code can be found:
#Refresh the Gateway if it isn't the 192. address that the VM Hub has when it first comes online
:if ( !($VMGW in 192.168.0.0/16 ) ) do={/ip route set [find comment="VirginMediaDefRoute"] gateway="$VMGW" disabled=no}
This code is added to the dhcp startup script. It is designed to ignore the first IP address given by Virgin Media on modem startup, which is always in the 192.168.0.0/16 range. This address is only used by Virgin on modem powerup and does not provide a route to the internet. This line of code therefore ensures that a route is not created on the Mikrotik when this IP is allocated. The DHCP client script will then run again when the ‘proper’ IP address is given (which will fall outside of the 192.168.0.0/16 range) and this will be added to the Mikrotik’s routing table.