/ip route rules and mangle load balancing issues

RouterOS General
1

We have been trying to stream-line the load balancing on some MTs we inheareted, however on some
/ip route rules were manually added and we would like to remove them (but are having issues removing).

There are 2x internet uplinks, of equal speed, both with Pub IPs. All local clients are on 192.168.40.0/23

(relevant config exports):
/ip route
add distance=1 gateway=48.22.41.45
add distance=1 gateway=27.2.25.17 routing-mark=isp2-secondary
add distance=1 gateway=48.22.41.45 routing-mark=isp1-primary

/ip route rule
add dst-address=192.168.0.0/16 table=main
add routing-mark=isp2-secondary table=isp2-secondary

/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1-mainISP
add action=masquerade chain=srcnat out-interface=ether2-2ndISP

/ip firewall mangle
add action=mark-connection chain=prerouting connection-state=new dst-address-type=!local new-connection-mark=conn-main passthrough=yes per-connection-classifier=both-addresses:2/0 src-address-list=use_balance
add action=mark-connection chain=prerouting connection-state=new dst-address-type=!local new-connection-mark=conn-secondary passthrough=yes per-connection-classifier=both-addresses:2/1 src-address-list=use_balance

add action=mark-routing chain=prerouting connection-mark=conn-main new-routing-mark=isp1-primary passthrough=no
add action=mark-routing chain=prerouting connection-mark=conn-secondary new-routing-mark=isp2-secondary passthrough=no

when i disable /ip route rule dst-address=192.168.0.0/16 table=main , all traffic slows/stops (as i assume router stops being able to route to 192.168.40.0/23 local clients). Re-enabling it, traffic picks right back up.

My issue / question is:
1- how do i get rid of this routing rule? (i dont want any /ip route rules , entries)

2- any ideas as to why they were there/used in the first place as proper mangle rules were already inplace for load balancing?

(again, these are on MTs we recently inheareted, so we are trying to optimized/standarize their configs)
thanks

2

By providing their functionality using some other means.


The second rule in my opinion is totally useless, as routing-mark and routing table name are the same thing so translating one to the other is effectively a NOP. Maybe it was not always like that, but I assume you have upgraded the machines to at least 6.40.8? So disabling that second routing rule should have no effect at all. First disable it and if the load balancing continues to work (you should see that by WAN interface traffic), delete it. But as said, if you run a contemporary version, there should be no issue.

The first rule is one of possible ways to make packets for LAN destinations be delivered while routing-marking controlled by connecton-marking is in use. The current marking rules assign routing-marks also to packets received via WAN, which makes the routing choose one of the user-defined routing tables and both of these contain only the default route, so these packets are sent back out via the WAN.

There are many other ways how to solve this:

  • you can add routes with dst-address=192.168.0.0/16 and gateway=your-LAN-interface-name to both user-defined routing tables
  • you can add a mangle rule action=accept dst-address=192.168.0.0/16 right before the first action=mark-routing one in mangle
  • you can add src-interface=your-LAN-interface-name to both action=mark-routing rules’ condition lists