From the beginning with MikroTik, I saw that everyone creates mangle rules to mark connections in dual ISP scenarios when there are services hosted inside the infrastructure for the outside world, and we have 2 ISPs.
Coming back to a MikroTik course I took a while ago, the instructor said that the ECMP algorithm might send a packet coming from one WAN interface through another interface on its way out. Wanting to test this, I ran a CHR on Proxmox in my home lab and made 10,000 requests with a bash script to a PHP script listening on some random port, dstnated through the WAN side to a test Linux VM.
The result… all of the requests returned a valid 200 OK, and the CHR had no mangle rules or any other firewall rules.
My question is: Is it really necessary to do this? Or does ECMP only work with packets originating from the LAN network to the WAN network?
Second question: Isn’t it supposed that MikroTik or any other router tracks the connection and returns the traffic to the same interface from which it came?
ECMP is perfectly fine to use for dual or more wans. Its the least complicated approach. With version 7 firmware it should be the first go to approach.
Mangling and PCC come into play for more complex user needs or if the admin has wan throughputs that are wildly dissimilar
Yes, ECMP will distribute outbound packets across all of the interfaces with the same route and distance metric. If ISPs don’t implement BCP 38, which suggests that any packet from a client with a source address not provided by the ISP is discarded, then you can often get away with traffic arriving via one interface and leaving via another, but it may break if the ISP changes things.
Second question: Isn’t it supposed that MikroTik or any other router tracks the connection and returns the traffic to the same interface from which it came?
Not inherently. IP connection tracking is used by NAT and stateful firewall, picking an explicit interface is down to policy based-routing by routing rules or connection/packet and route marking.
If you keep changing the requirements and questions of course the answers will change.
The original question was about load balancing the use of the WANs NOT external users access to the LANs or to the routers for config.
Vague request beget general answers.
Well detailed articulated requirements beget accurate specific answers.
In ECMP, like PCC, we have to ensure the router avoids using the ECMP decided routing for traffic originating outside the router ( and dealing with the return traffic out the router ).
In this case mangling is required to
a. ensure traffic to each WAN goes back out each WAN
b. traffic going to a server goes back out the same WAN it came in on.