Do not forget to add routes with routing marks
In this article, we will look at another advanced method of failover using recursive routing and scopes from the routing section. Recursive routing occurs when a route (either static or dynamically learned) has a next-hop that is not directly connected to the local router. It is necessary to restrict a set of routes that can be used to look up immediate next-hops. Nexthop values of RIP or OSPF routes, for example, are supposed to be directly reachable and should be looked up only using connected routes. This is achieved using a scope and target-scope properties.
Let`s assume we have the following setup: our gateway device has two public network uplinks. Then we mark traffic in two parts, one with the name "ISP1" and the second as "ISP2" which goes through the ether1 and ether2 accordingly. In this setup, we want to monitor two hosts: Host1 and Host2. We will use Google DNS servers with IP 22.214.171.124 (Host1) and 126.96.36.199 (Host2), but it is not mandatory to use specifically these addresses.
Before a detailed example overview, in a setup where we have private IP addresses behind the public IP, we should configure source NAT:
Let`s start with marking traffic by configuring routing tables and firewall mangle rules, so we will have everything preconfigured when we go to the routing section:
We will split the routing configuration into three parts. First, we will configure Host1 and Host2 as destination addresses in the routing section:
Now configure routes that will be resolved recursively, so they will only be active when they are reachable with ping:
Configure similar recursive routes for the second gateway:
Adding Multiple Hosts
In the case where Host1 and Host2 fail, the corresponding link is considered failed too. In this section, we will use two additional hosts for redundancy. In our example, we will use OpenDNS servers Host1B (188.8.131.52) and Host2B (184.108.40.206):
Then, let's create destinations for "virtual" hops to use in further routes. We will use 10.10.10.1 and 10.20.20.2 as an example, but you can use different ones, be sure they do not override other configured IP addresses in your setup:
Do not forget to add routes with routing marks: