Back…
So your mangles to be on the safe for most situations.
A. Ensure any traffic coming in on a particular WAN leaves the same WAN. This is valid for traffic going to servers or to the routers themselves. This is comprised of two sets of rules, traffic coming in and then traffic leaving. Note the chains used ( prerouting and output ). One should be aware that return traffic from the router ( for traffic sent to the router ) does not go through prerouting on the way back out and thus we need to use the output chain.
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=PPPoE_WAN1 new-connection-mark=In_through_WAN1 passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=PPPoE_WAN2 new-connection-mark=In_through_WAN2 passthrough=yes
add action=mark-routing chain=output connection-mark=In_through_WAN1 new-routing-mark=out_through_WAN1 passthrough=No
add action=mark-routing chain=output connection-mark=In_through_WAN2 new-routing-mark=out_through_WAN2 passthrough=no
B. Ensure any traffic leaving the LAN gets marked and assigned PCC according to the admins wishes… This consists of two sets of rules. One to mark and PCC and the second set to ensure the traffic goes out the assigned route.
add action=mark-connection chain=prerouting dst-address-type=!local in-interface=bridge-LAN new-connection-mark=In_through_WAN1
passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting dst-address-type=!local in-interface=bridge-LAN new-connection-mark=In_through_WAN2
passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1
*add action=mark-routing chain=prerouting connection-mark=In_through_WAN1 in-interface=bridge-LAN
new-routing-mark=out_through_WAN1 passthrough=no \
add action=mark-routing chain=prerouting connection-mark=In_through_WAN2 in-interface=bridge-LAN
new-routing-mark=out_through_WAN2 passthrough=no *
DONE…
++++++++++++++++++++++++++++++++++++++++
Tables are fine…
/routing table
add disabled=no fib name=out_through_WAN1
add disabled=no fib name=out_through_WAN2
Assuming sourcenat is done…
/ip firewall nat
add action=masquerade chain=srcnat out-interface=PPPoE-WAN1
add action=masquerade chain=srcnat out-interface=PPPoE-WAN2
++++++++++++++++++++++++++++++++++++++++++++++
Thus assuming issue if not above is with routing.
I am assuming you have selected add default route to both of your pppoe settings… if thats the case no worries.
If not then you need to add manual routes.
add dst=address=0.0.0.0/0 gwy=PPPoE-WAN1 routing-table=main
add dst=address=0.0.0.0/0 gwy=PPPoE-WAN2 routing-table=main
NOW to have failover there are shortcut methods but will apply the methodology that works if you want to add a third or more WANs… bulletproof.
This uses recursive routing which ensures that outside connectivity is discovered ( which seems to be most comment and avoids the scenario where the ISP modem talks to the ISP but the ISP is not connected to the internet ).
Establish the farthest hop
/ip route
add check-gateway=ping dst-address=0.0.0.0/0 gateway=1.1.1.1 scope=10 target-scope=14 { main table } will be used for WAN1
add check-gateway=ping dst-address=0.0.0.0/0 gateway=9.9.9.9 scope=10 target-scope=14 {main table } will be used for WAN2
Add Cases for Failure.… ( W1–>2) and then a second set for W2–>1)
distance=1 dst-address=0.0.0.0/0 gateway=1.1.1.1 scope=10 target-scope=14 routing-table=out_through_WAN1
distance=2 dst-address=0.0.0.0/0 gateway=9.9.9.9 scope=10 target-scope=14 routing-table=out_through_WAN1
distance=1 dst-address=0.0.0.0/0 gateway=9.9.9.9 scope=10 target-scope=14 routing-table=out_through_WAN2
distance=2 dst-address=0.0.0.0/0 gateway=1.1.1.1 scope=10 target-scope=14 routing-table=out_through_WAN2
Establish the next hop (direct link).
/ip route
add dst-address=1.1.1.1/32 gateway=PPPoE-WAN1 scope=10 target-scope=13
add dst-address=9.9.9.9/32 gateway=PPPoE-WAN2 scope=10 target-scope=13