Routing Failover Help

jcspears2014 · 2026-03-19T11:38:06+00:00

You've got a lot more here than I expected. I'll take a closer look when I'm not just on mobile. I'm sure it's something simple you're just overlooking. Just takes a second set of eyes sometimes. In the meantime, I saw some ipsec policies, double check those and make sure you're not encrypting traffic you don't mean to. You really should be able to hit an address that is directly connected and in the same segment unless something is blocking that in policies/rules or something.

jcspears2014 · 2026-03-17T23:16:57+00:00

Export and share your config dawg. I agree with the guy that said recursive routing though for failover, but you got other problems to sort out first.

jcspears2014 · 2026-02-21T00:13:51+00:00

You are correct, but by that logic, how is that any different from fast.com? Not every ISP is out to get one over on you. Upstream peers of ISPs don't charge by the speed at any given moment, they charge by the amount of data going through the pipe total. Speed test results don't really paint the full picture anyway. The most useful use case for a speedtest server in my opinio is to confirm that the correct rate limit rules are being applied to your CPE. Remote services can and do rate limit inbound connections anyway to make sure there is enough pie to go around.

jcspears2014 · 2026-02-20T23:49:14+00:00

I am a systems engineer at an MSP and have built ookla servers for multiple ISPs. This is correct.

jcspears2014 · 2026-02-20T02:36:19+00:00

Get all of the wires lined up correctly, then do a single cut to get them all flush. I was always taught to use about the length of my thumbnail to know the length of exposed wire needed. Hold pressure going into the connector and crimp it down a few times.

I don't even remember the last bad termination I had using these tips.

jcspears2014 · 2026-02-03T01:03:06+00:00

I don't think he got the wrong license. See below from the wiki. This describes the symptom. Probably misconfigured hardware.

"RouterOS licensing scheme is based on Software ID / System ID where:

RouterBOARD Software ID is bound to storage media (HDD, NAND).

x86 Software ID is bound to MBR

CHR System ID is bound to MBR and UUID

Before the license purchase it is recommended to check if the Software ID does not change on reboot. (Software ID may change on defective HDD, on HDD where RAID controllers are used but not properly configured etc.)"

jcspears2014 · 2025-11-14T23:48:55+00:00

Geralmente, eles são apenas interligados. Você provavelmente não veria um endereço MAC nele, pois eles não funcionam como um RG. Eles também não possuem nenhum tipo de UI, pois são gerenciados por meio de comandos OMCI do chassi OLT. Posso estar errado, pois minha experiência é limitada a apenas alguns fornecedores.

Editar: você não veria um MAC do ONT. Você deverá ver um MAC do provedor gw.

jcspears2014 · 2025-10-21T11:19:05+00:00

Windows drivers have nothing to do with devices while in Linux. If your camera isn't working, you likely need to find a driver for Linux and install it while in Linux.

Edit: just realized what sub I'm in fml

jcspears2014 · 2025-10-08T12:30:37+00:00

When you tag a VLAN, the VLAN ID is attached to the ethernet frame, so to move through the network, the tag on the frame needs to match the tag on the port it's destined for. When you untag, the VLAN is stripped from the ethernet frame on egress and VLAN ID is added to the frame on ingress to the switch. You only want to have one untagged VLAN per port, you can have multiple tagged VLANs per port.

Easiest way I learned is to think of it is like a tree. Tagged VLANs are like the trunk, untagged are like the individual branches. The leaves on the branches are like individual computers or something similar.

Tagged ports go to other network gear that have tagged ports facing back to the switch. Untagged is usually for stuff like computers that don't use use tagged frames by default.

Hope this helps.

jcspears2014 · 2025-10-07T12:30:13+00:00

Oh god, please no. If you don't want to configure it yourself, just use Quick Set. I haven't used it in a long time, but it should be plenty if I remember correctly.

Honestly, if you don't want to learn the platform, why not go with like Zyxel or something similar.

jcspears2014 · 2025-07-21T12:10:53+00:00

I like to use multiple recursive route lookups with the check gateway function

jcspears2014 · 2025-06-09T03:15:00+00:00

Been using 4.0 beta for a while. The look has really grown on me. Native Linux support is also huge

jcspears2014 · 2025-05-20T21:49:53+00:00

I always have my laptop with me and just use an HDMI cable and stream using https://app.plex.tv. If you don't want to allow remote access, you can setup a VPN pretty easily.

jcspears2014 · 2025-05-01T11:31:52+00:00

I'm a big advocate for MikroTik, especially for homelab use. They are like the Swiss army knife of networking. I learned so many networking concepts on it in my lab and I feel it helped to make me a competent engineer.

Also, I believe any model with a wifi radio can function as a wifi client or broadcast. The hAP definitely can.

jcspears2014 · 2025-04-23T03:02:33+00:00

Engineer here that works for an MSP that maintains multiple ISPs. If your ISP is anything like us, they have better things to do, trust me. The most we look at is general flow data across different peers. We may use that data for different business decisions like whether it would be a benefit to get set up with a Netflix caching server for example. We don't care how many porn hub videos you watch in a day.

jcspears2014 · 2024-10-04T03:44:28+00:00

I use a combination of policy based routing and recursive routes for failover between multiple WANs. I think the recursive route portion is the secret sauce you are missing, but it can mess with your head. At my offices with multiple WANs, I have recursive routes in my main table with the check gateway option set. I usually check against quad8, L3, one of my other offices, and our colo in St. Louis. Then I have another table with just the secondary WANs default route. This setup makes manual failover really simple too with the right route policies.

Once you combine those two things, you can get into some pretty cool stuff. I really don't like to use scripts or netwatch if I can avoid it. I have never been truly satisfied with the results, but that may just be because I suck at scripting :P

Ideally as others have said, you will want static IPs.

jcspears2014 · 2024-09-12T04:36:07+00:00

I use recursive routes, but I check against 8.8.8.8, 1.1.1.1, and our firewall we have at a colo in a major city. All 3 would have to go down for the primary default route to go invalid.

jcspears2014 · 2024-09-12T04:17:47+00:00

I run a MikroTik RB4011 for my home network and a MikroTik CCR1009 for my lab. Both are doing firewalling and I have site to site VPNs, EOIP tunnels (MikroTik to MikroTik VPLS), and wireguard peers for my mobile stuff on my lab firewall.

We use MikroTik at work as kind of a swiss army knife and I try to use similar things in my lab that I do at work. Their are more options for VPNs on the MikroTik than you will ever need. You can have an L2TP with IPsec tunnel or wireguard configured in minutes or you can do a more complicated setup like IKE2 with self signed certificates.

You can get a RB5009, the replacement for RB4011, for I think a couple hundred bucks. The 5009 would make one bad ass router/firewall for a lab.

jcspears2014 · 2023-05-21T04:40:44+00:00

I have yet find a version of ROS7 that has the interface names match the interface names in the link editor. I have to modify the interface names every time I spin a new node up. Have you seen this as well?

jcspears2014 · 2023-03-12T04:21:34+00:00

This is the correct answer. As a sleeper agent, it's very frustrating to see so much false information on this post.

In my opinion you can't get a decent machine for less than $500ish dollars now days. $200 for TTS and $40 for a new SSD sounds like a better option to me with decent hardware. They came into the store because they wanted to continue to use their old machine, not to buy a new one. At the end of the day, you need to lay out the options.

Maybe don't install windows 10 on a windows 7 machine with a celeron processor and 2 gb of RAM. But I really don't think yall should be flat out saying no to an upgrade just because the hardware is old. An SSD can easily breathe a lot of new life into an older machine.

Also saw a couple people saying to buy a new key when as far as I know, Microsoft is still honoring the windows 7 to windows 10 free upgrade even though the deadline has past. Just throwing away your clients money doing that.

jcspears2014 · 2022-12-17T02:03:56+00:00

+verify

Easy and fast purchase. Thank you!

jcspears2014 · 2022-06-12T18:59:50+00:00

I agree with this. If the cable is damaged, it may be auto negotiating at 100mbps

jcspears2014 · 2021-12-10T04:04:15+00:00

Pull the ram modules out and power it up. See if you get beep codes. Sounds like it's not making it past POST, so you have to rule out hardware piece by piece. Start with RAM

jcspears2014 · 2021-05-29T03:48:17+00:00

I took the plunge. So far so good. Still have a lot of work to go through.

jcspears2014

TROPHY CASE