mikrotik ROS 多网关 自动检测切换

|

家里的服务器放在墙角, 默默的服务了多年。
奈何光纤偶尔会被楼道里的老鼠咬坏,就会导致我在远程无法访问家里的服务器节点。

现在增加一个 LTE 路由器节点, 19元月租 26G全国通用流量。
LTE 用于备份路由,以便以紧急时刻保证墙角的服务器能够访问互联网。

重置 ROS 路由器

1
2
# ------------ Reset ROS Configure ------------
/system reset-configuration no-defaults=yes

重新配置 ROS 路由器

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
# ------------ New ROS Configure ------------
# ------------ New ROS Configure ------------
# ------------ New ROS Configure ------------

/password old-password="" new-password=Free confirm-new-password=Free

/system clock
set time-zone-name=Asia/Shanghai

/ip service
set telnet   disabled=yes
set ftp      disabled=yes
set ssh      disabled=yes
set api      disabled=yes
set api-ssl  disabled=yes

/interface ethernet
set [ find mac-address=00:88:3A:B8:33:C8 ] name=LAN_Only
set [ find mac-address=00:88:3A:B8:33:C9 ] name=GateWay_CMCC

# ------------ 网络接入 ------------
/ip dhcp-client
add add-default-route=yes dhcp-options=hostname,clientid disabled=no interface=GateWay_CMCC

# ------------ 管理接口 ------------
/ip address
add address=192.168.88.1/24 interface=LAN_Only network=192.168.88.0

# ------------ DHCP-Server ------------
/ip pool
add name=dhcp_pool ranges=192.168.88.200-192.168.88.254

/ip dhcp-server
add address-pool=dhcp_pool disabled=no interface=LAN_Only lease-time=5m name=DHCP_LAN

/ip dhcp-server option
add code=3 name=Free_Route value="'192.168.88.2'"
add code=6 name=Free_DNS   value="'192.168.88.2'"
add code=3 name=wg_gw      value="'192.168.88.99'"
add code=6 name=wg_dns     value="'192.168.88.99'"
add code=6 name=Debian_DNS value="'192.168.88.1'"
add code=3 name=Debian_GW  value="'192.168.88.1'"

/ip dhcp-server lease
add address=192.168.88.2                                      mac-address=52:54:00:92:69:4D server=DHCP_LAN
add address=192.168.88.97                                     mac-address=12:34:56:78:90:A2 server=DHCP_LAN
add address=192.168.88.101 dhcp-option=Free_DNS,Free_Route    mac-address=F0:76:1C:38:5A:64 server=DHCP_LAN
add address=192.168.88.102 dhcp-option=Free_DNS,Free_Route    mac-address=12:34:56:78:90:A1 server=DHCP_LAN
add address=192.168.88.122 dhcp-option=Free_DNS,Free_Route    mac-address=B8:41:A4:72:20:B0 server=DHCP_LAN
add address=192.168.88.103 dhcp-option=Free_DNS,Free_Route    mac-address=12:34:56:78:90:A3 server=DHCP_LAN
add address=192.168.88.234 dhcp-option=Free_DNS,Free_Route    mac-address=BC:83:85:0A:0F:F0 server=DHCP_LAN
add address=192.168.88.100 dhcp-option=Free_DNS,Free_Route    mac-address=AC:B5:7D:3B:9A:35 server=DHCP_LAN
add address=192.168.88.99  dhcp-option=Debian_DNS,Debian_GW   mac-address=98:90:96:D3:CD:AE server=DHCP_LAN
add address=192.168.88.239 dhcp-option=wg_dns,wg_gw           mac-address=12:34:56:78:90:A4 server=DHCP_LAN

/ip dhcp-server network
add address=192.168.88.0/24 dns-server=192.168.88.1 gateway=192.168.88.1

# Enable DNS Cache Service
/ip dns
set allow-remote-requests=yes cache-size=8192KiB

# Enable NAT
/ip firewall nat
add action=masquerade chain=srcnat out-interface=GateWay_CMCC

#-------- END ------------

NTP 时间同步

1
2
3
4
5
{
:local ntpServer  "pool.ntp.org"
:local primary    [resolve $ntpServer]
/system ntp client set enabled=yes primary-ntp $primary
}

多网关自动切换

当网络状态良好时,DHCP 通知所有节点 将 移动宽带作为主网关

当宽带服务不可用时,DHCP 通知 Server 将 LTE 节点作为网关节点
其他节点 的网关 DNS则保持不变。
因为LTE的流量是有限的,LTE流量仅作紧急时使用。

ROS_多网关.pptx

网关检测 脚本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
/system scheduler
add interval=1m name=GateWay_Switch on-event="{\r\
    \n:local PingCount     10\r\
    \n:local Master        \"'192.168.88.1'\"\r\
    \n:local Backup        \"'192.168.88.4'\"\r\
    \n:local NameServer    180.76.76.76\r\
    \n:local NowDebianDNS  [/ip dhcp-server option get  [find name=\"Debian_DNS\"] value ]\r\
    \n:local NowDebianGW   [/ip dhcp-server option get  [find name=\"Debian_GW\"]  value ]\r\
    \n:local PingCode      [/ping \$NameServer interval=1 count=\$PingCount]\r\
    \n\r\
    \nput (\"Master \".\$Master)\r\
    \nput (\"Backup \".\$Backup)\r\
    \nput (\"NowDebianDNS \".\$NowDebianDNS)\r\
    \nput (\"NowDebianGW \".\$NowDebianGW)\r\
    \nput (\"NowDebianGW \".\$NowDebianGW)\r\
    \nput (\"PingCode \".\$PingCode)\r\
    \n\r\
    \n# \CF\DF\C2\B7\D5\FD\B3\A3\r\
    \nif (\$PingCount = \$PingCode) do={\r\
    \n    # \C3\BB\D3\D0\B1\E4\BB\B5\r\
    \n    if (\$Master = \$NowDebianDNS && \$Master = \$NowDebianGW) do={\r\
    \n        :return 1 \r\
    \n    }\r\
    \n    \r\
    \n    # \CF\DF\C2\B7\BB\D6\B8\B4\r\
    \n    /beep\r\
    \n    /ip dhcp-server option set [find name=Debian_DNS] value=\$Master \r\
    \n    /ip dhcp-server option set [find name=Debian_GW]  value=\$Master\r\
    \n    :return 2   \r\
    \n} else={\r\
    \n    /beep length=3 frequency=1500\r\
    \n\r\
    \n    # \C3\BB\D3\D0\B1\E4\BA\C3\r\
    \n    if (\$Backup = \$NowDebianDNS && \$Backup = \$NowDebianGW) do={\r\
    \n        :return 3 \r\
    \n    }\r\
    \n\r\
    \n    # \B1\B8\D3\C3\CD\F8\B9\D8\r\
    \n    /ip dhcp-server option set [find name=Debian_DNS] value=\$Backup \r\
    \n    /ip dhcp-server option set [find name=Debian_GW]  value=\$Backup\r\
    \n    :return 4  \r\
    \n    }\r\
    \n}\r\
    \n\r\
    \n"
# --end --

网关检测 脚本(文本)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
{
:local PingCount     10
:local Master        "'192.168.88.1'"
:local Backup        "'192.168.88.4'"
:local NameServer    180.76.76.76
:local NowDebianDNS  [/ip dhcp-server option get  [find name="Debian_DNS"] value ]
:local NowDebianGW   [/ip dhcp-server option get  [find name="Debian_GW"]  value ]
:local PingCode      [/ping $NameServer interval=1 count=$PingCount]

put ("Master ".$Master)
put ("Backup ".$Backup)
put ("NowDebianDNS ".$NowDebianDNS)
put ("NowDebianGW ".$NowDebianGW)
put ("NowDebianGW ".$NowDebianGW)
put ("PingCode ".$PingCode)

# 线路正常
if ($PingCount = $PingCode) do={
    # 没有变坏
    if ($Master = $NowDebianDNS && $Master = $NowDebianGW) do={
        :return 1
    }

    # 线路恢复
    /beep
    /ip dhcp-server option set [find name=Debian_DNS] value=$Master
    /ip dhcp-server option set [find name=Debian_GW]  value=$Master
    :return 2
} else={
    /beep length=3 frequency=1500

    # 没有变好
    if ($Backup = $NowDebianDNS && $Backup = $NowDebianGW) do={
        :return 3
    }

    # 备用网关
    /ip dhcp-server option set [find name=Debian_DNS] value=$Backup
    /ip dhcp-server option set [find name=Debian_GW]  value=$Backup
    :return 4
    }
}

测试

拔掉光猫的 光纤

手机使用LTE网络, 访问家里局域网的连通性
会自动切换到备用路由

恢复光猫光纤

手机使用LTE网络, 访问家里局域网的连通性
会自动切换到光纤宽带

在服务器上观测 网关与DNS变化

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
root@debian:~# cat /etc/resolv.conf ; route -n
nameserver 192.168.88.4
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.88.4    0.0.0.0         UG    0      0        0 br0
172.20.2.0      0.0.0.0         255.255.255.0   U     0      0        0 client
192.168.88.0    0.0.0.0         255.255.255.0   U     0      0        0 br0
192.168.175.0   0.0.0.0         255.255.255.0   U     0      0        0 client
root@debian:~#

root@debian:~# cat /etc/resolv.conf ; route -n
nameserver 192.168.88.1
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.88.1    0.0.0.0         UG    0      0        0 br0
172.20.2.0      0.0.0.0         255.255.255.0   U     0      0        0 client
192.168.88.0    0.0.0.0         255.255.255.0   U     0      0        0 br0
192.168.175.0   0.0.0.0         255.255.255.0   U     0      0        0 client
root@debian:~#

结束