I am no expert with Mikrotik, but I’m trying to manage my things using online tutorials.
But this is little hard, so i need your help please.
I have 5 WAN links
I made ECMP for all of them.
5 Masquerade rules for the 5 of them and 1 default route with multiple gateways
Now I want to take one of them out, leaving 4 of them to be load balancing, and reserve the 5th one for one LAN subnet. how can I do this?
On mikrotik wiki it says to ass src-nat with source ip address, this didnt work.
Other tutorials says to use routing marks, if this is the solution then I need some help.
the config file is in the attachment configg.rsc (11.2 KB)
In broad concept terms…
Ensure your mangles includes marking connections coming in on WANS1-5 (prerouting) and marking routes (output chain) for any return traffic.
Ensure you dont include WAN5 in PCC mangle rules.
Ensure you create an interface list for all the LAN subnets that need to be part of the PCC mangling.
Ensure you use the interface list for the the pcc mangle rules marking connections.
++++++++++++++++++++++++++
for LAN subnet not involoved in PCC, create routing rule, ip route and table.
I have two ISPs I configured ECMP so that the two ISPs are used.
I know it is recommended to use mangles with prerouting policies.
And it does work, but the performance of my poor CRS125-24G drops dramatically.
I am wondering why when I create a flow from the LAN (in diagram 1,2). the flow follows a load balancing logic per flow and so if it leaves ISP1 the next packets belonging to that flow continue to ISP1.
So also with ISP2.
Whereas when there is an incoming flow from the Internet on ISP1, the reply packets are erroneously rerouted to ISP2. This cannot work since I have NAT on the border routers.
I know I could solve it with mangles with prerouting policies, but as mentioned the performance falls dramatically.
And anyway, I don’t understand this difference in behavior between enrolling flows, which respect the direction, and entering flows, which are transmitted on the wrong ISP.
I have “solved” by putting a policy routing for those hosts that have to accept accesses from outside, but this however means that these hosts cannot use the full bandwidth of the two ISPs.
Probably the solution is to put the routing function, on a better performing router?
