Dual Wan via PCC Issue

Napoca · May 16, 2025, 5:47am

Good Day, I recently tried to fix my PCC Configuration after noticing that my WAN 2 is struggling to load the websites normally when my WAN 1 is down.
I disabled the PCC configuration only running on ECMP with recursive routes at IP/Routes and they are working normally so I am sure I did something wrong with PCC. I hope someone could assist me to do this correctly.
All of the LAN’s runs in through VLAN Bridge.

/ip firewall address-list
add address=10.174.128.0/19 list=WAN
add address=100.75.80.0/22 list=WAN
add address=10.0.0.0/8 list=WAN

add address=192.168.70.0/26 list=Local-Network
add address=172.16.0.128/26 list=Local-Network
add address=192.168.70.64/26 list=Local-Network
add address=192.168.99.0/24 list=Local-Network
add address=172.16.0.0/25 list=Local-Network
add address=192.168.70.128/27 list=Local-Network


/ip firewall mangle
add action=accept chain=prerouting dst-address-list=WAN
add action=accept chain=prerouting dst-address-list=Local-Network
add action=mark-connection chain=input connection-mark=no-mark \
    connection-state=new in-interface=Converge-ether1 new-connection-mark=\
    Converge_Mark passthrough=yes
add action=mark-connection chain=input connection-mark=no-mark \
    connection-state=new in-interface=Globe-ether2 new-connection-mark=\
    Globe_Mark passthrough=yes
add action=mark-connection chain=input connection-mark=no-mark \
    connection-state=new in-interface=LTE-ether3 new-connection-mark=LTE_Mark \
    passthrough=yes
add action=mark-routing chain=output connection-mark=Converge_Mark \
    new-routing-mark=via_Converge passthrough=no
add action=mark-routing chain=output connection-mark=Globe_Mark \
    new-routing-mark=via_Globe passthrough=no
add action=mark-routing chain=output connection-mark=LTE_Mark \
    new-routing-mark=via_LTE passthrough=no
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=JunoCoreBridge new-connection-mark=Converge_Mark \
    passthrough=yes per-connection-classifier=both-addresses:3/0
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=JunoCoreBridge new-connection-mark=Converge_Mark \
    passthrough=yes per-connection-classifier=both-addresses:3/1
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=JunoCoreBridge new-connection-mark=Globe_Mark passthrough=\
    yes per-connection-classifier=both-addresses:3/2
add action=mark-packet chain=postrouting connection-mark=Converge_Mark \
    new-packet-mark=Converge_Packet_Up out-interface=Converge-ether1 \
    passthrough=no
add action=mark-packet chain=postrouting connection-mark=Globe_Mark \
    new-packet-mark=Globe_Packet_Up out-interface=Globe-ether2 passthrough=no
add action=mark-packet chain=postrouting connection-mark=LTE_Mark \
    new-packet-mark=LTE_Packket_Up out-interface=LTE-ether3 passthrough=no
add action=mark-packet chain=forward in-interface=Converge-ether1 \
    new-packet-mark=Converge_Packet_Down passthrough=no
add action=mark-packet chain=forward in-interface=Globe-ether2 \
    new-packet-mark=Globe_Packet_Down passthrough=no
add action=mark-packet chain=forward in-interface=LTE-ether3 new-packet-mark=\
    LTE_Packet_Down passthrough=no
add action=mark-routing chain=prerouting connection-mark=Converge_Mark \
    new-routing-mark=via_Converge passthrough=yes
add action=mark-routing chain=prerouting connection-mark=Globe_Mark \
    new-routing-mark=via_Globe passthrough=yes
    
    /ip route
add comment="Default Route" disabled=yes distance=1 dst-address=0.0.0.0/0 \
    gateway=10.174.128.1 pref-src="" routing-table=main scope=10 \
    suppress-hw-offload=no target-scope=10
add disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=100.75.80.1 \
    pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
    target-scope=10
add disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=192.168.1.1 \
    routing-table=main scope=10 suppress-hw-offload=no target-scope=10
add disabled=no dst-address=1.1.1.1/32 gateway=100.75.80.1 routing-table=main \
    scope=10 suppress-hw-offload=no
add disabled=no distance=1 dst-address=9.9.9.9/32 gateway=10.0.0.1 \
    routing-table=main scope=10 suppress-hw-offload=no target-scope=10
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=\
    9.9.9.9 routing-table=main scope=30 suppress-hw-offload=no target-scope=\
    11
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
    1.1.1.1 pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
    target-scope=11
add disabled=no dst-address=8.8.8.8/32 gateway=10.174.128.1 routing-table=\
    main scope=10 suppress-hw-offload=no
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
    8.8.8.8 routing-table=main scope=30 suppress-hw-offload=no target-scope=\
    11

anav · May 16, 2025, 4:36pm

Why use PCC if ECMP is working fine???

Also, I have to laugh, if you know where the problem is, since you have not provided the full config, then why ask for help here??
I usually never even bother looking at snippets, 90% of the time, doesnt provide all the information required for rectification.

curious though why do you consider 10.x.x.x.x WAN address??
and why do you have such strange 192.168.70.0 issues???

/ip firewall address-list
add address=10.174.128.0/19 list=WAN
add address=100.75.80.0/22 list=WAN
add address=10.0.0.0/8 list=WAN

add address=192.168.70.0/26 list=Local-Network
add address=172.16.0.128/26 list=Local-Network
add address=192.168.70.64/26 list=Local-Network
add address=192.168.99.0/24 list=Local-Network
add address=172.16.0.0/25 list=Local-Network
add address=192.168.70.128/27 list=Local-Network

Do you have VPNs coming in any wans?
Do you forward ports coming in any wans?
Never seen post-routing rules for PCC …thus its for another reason???

Napoca · May 30, 2025, 12:21am

Why use PCC if ECMP is working fine???

I need sticky connections and I am not confident to apply ECMP for my asymmetrical connection.

curious though why do you consider 10.x.x.x.x WAN address??
and why do you have such strange 192.168.70.0 issues???

It’s really some skill issues. I didn’t grew up browsing in forums so my bad…
I bridge mode the modem and let DHCP obtain the gateway IP.
The 192.168.70.0 is fine. That is for our Wi-Fi clients.

I found out that my recursive routing will not gonna work when I use a custom routing-table. Is it working fine with main routing-table.

0  As   dst-address=0.0.0.0/0 routing-table=via_Converge gateway=8.8.8.8 immediate-gw=10.174.128.1x%Converge-ether1 check-gateway=ping distance=1 scope=30 target-scope=11 suppress-hw-offload=no

Do you have VPNs coming in any wans?
Do you forward ports coming in any wans?
Never seen post-routing rules for PCC .......thus its for another reason????

I don’t have VPN’s from WAN
I don’t use port forward
I removed it for now because I am still figuring out on how to make the custom-routing table working in recursive failover configuration.

anav · May 30, 2025, 2:00am

When you have a coherent plan, post the full config.