There is no information about if this requires to have already default routing added before proceed with this setup because in this article at the bottom we can see that they provided default routing from ISP providers ? I mean those one from
/ip dhcp-client add add-default-route=yes
or static one if the ip address is set manually or we don’t have to do that?
masquarade needs to be also added for both interfaces?
By principle there should be no other default routes than those via the monitored recursive gateways, as these would interfere with the very idea that only working routes shall be in use. The default routes you can see at the bottom of the article are exactly of this type, the gateway IPs there are the auxiliary ones for recursive next-hop search, not real ones.
In scenarios where you get the WAN addresses dynamically, you need to use the IP address of the default gateway provided by the DHCP as a gateway for the bottom-most individual routes to the monitored IPs; see how to use $“gateway-address” in the dhcp client lease script to update these individual routes each time an IP configuration is leased.
It depends on the overall network configuration, but normally yes, you need to src-nat the connections to the address of the interface actually used for the connection. However, there is a caveat - when an interface goes down, all connections src-nated by masquerade rules are removed; if the primary WAN interface does not go down but all addresses used to monitor that interface’s usability stop responding to pings because something is broken further in the network, your new connections get established via the secondary WAN interface (or, better to say, via the default route with higher distance) and src-nated to its IP address, but packets belonging to already established connections will be sent out via the secondary WAN interface but src-nated to the IP address of the primary one, so the ISP will most likely drop them.
When I remove dthe static router to 0.0.0.0/0 from one ISP and dynamic one from DHCP-CLIENT (add-default-route) I lost connection to mikrotik. You said that it shouldn’t be added.
It looks like a premium grade misunderstanding. What I had in mind, and insist on, is that you do not need the default routes directly using the WAN gateways (e.g. provided by DHCP), because these are functionally replaced by those using the recursive gateways. If you have lost access to the device by removing the direct static default route and the one provided by the dhcp-client, it was because the recursive default routes did not work properly.
It makes little sense to shoot into the darkness, show the actual configuration you use so that we can talk about something in particular.
There may be a couple of other misunderstandings.
a default route is one with dst-address=0.0.0.0/0 (or the dst-address parameter missing completely which means that a default value 0.0.0.0/0 is used), but in addition to “default” and “specific” routes, there are also “default” and “specific” routing tables. The gateway checking process (activated by check-gateway=ping) uses the default routing table, which is also called “main” and contains all routes which either have no routing-mark parameter or have routing-mark=main. However, there is no need that this default routing table would contain any default route(s) - it is enough if it contains all the routes necessary for the recursive next hop search. I don’t remember where the default scope and target-scope values are sufficient and where they must be modified, so this part is missing below:
The aux.ip.addr.1 and aux.ip.addr.2 above can be used as gateways for other routes with wider (shorter) dst-address prefixes. It depends on the intended usage whether it will be just two default routes in the default routing table like below:
dst-address=0.0.0.0/0 gateway=aux.ip.addr.1 #distance=1 by default
dst-address=0.0.0.0/0 gateway=aux.ip.addr.2 distance=2
or whether you use them for routes in non-default routing tables for some policy routing scenarios, like e.g.
dst-address=0.0.0.0/0 gateway=aux.ip.addr.1 routing-mark=prefer-ISP-1 #distance=1 by default
dst-address=0.0.0.0/0 gateway=aux.ip.addr.2 routing-mark=prefer-ISP-1 distance=2
dst-address=0.0.0.0/0 gateway=aux.ip.addr.2 routing-mark=use-only-ISP-2 #distance=1 by default
if each of the default routes you’ve configured has a routing-mark, i.e. if the default routing table contains no default route, you must make sure that every single outbound packet gets a routing-mark assigned, otherwise it cannot be delivered.
So e.g. if in such case you forget to assign routing-mark also using rules in chain=output of /ip firewall mangle, packets originated by the Mikrotik itself (pings, DNS queries) cannot be routed.