Ok, this one really is a liittle funny for me.
- I have 2 pptp connections gbetween two mikrotiks, routed over two physical links.
- I get aconstant UDP / TCP stream from an external provider.
- I use a two stage routing setup to apply nth routing.
So far so good.
Acording to my premarking rule, about 10-20 packets get premarked every second. This rule basically checks all packets that to go the pptp “combined” link and sets a packet mark. THis is because this rule is “expensive”.
add action=mark-packet chain=mlr-pmark comment="mlrt: fabric-00-01" disabled=no \
dst-address-list=fabric-00-01 new-packet-mark=fabric-00-01 passthrough=yes
Then, in a second list I apply routing marks based on this packet mark.
add action=mark-routing chain=mlr-rmark comment="split: fabric-00-01.1 n:1/2" \
disabled=no new-routing-mark=fabric-00-01.1 nth=2,1 packet-mark=fabric-00-01 \
passthrough=yes
add action=mark-routing chain=mlr-rmark comment="split: fabric-00-01.2 n:2/2" \
disabled=no new-routing-mark=fabric-00-01.2 nth=2,2 packet-mark=fabric-00-01 \
passthrough=yes
The idea isto have the expensive rules checked once (address list), then be flexible in the distribution in a separate poin tthat is as easy as it gets.
This seems t owork well. I jump into those two chains from both the rerouting as well as the output queue. The idea is to get an easier to manage setup and so far I like it 
I have a similar setup on the 450 in the office routing all traffic up, and there I get the expectedresults.
On the other side, down, traffic mostly flows through ONE connection regardless. I constantly see a large traffic stream down on the .2 link,0 on .1. THe link is active - incoming packets send upwards are aboutg 20 per second. The downlinnk handles about 120-140 packets per second.
It looks like a LOT of traffic is not being market at all. Notably the high performance feed coming in goes over one connection (ECMP seems to take precedence).
Looking at prerouting I have two jump commands there (tp mlk-pmark, mlk-rnark). pmark gets about 200 calls per second, rmark hardly any (20ish)… so obviously the first of my rules does not mark all traffic . Why?
If I torch the active interface (the one having all the traffic), I see a main tream (800kbit to 1mbit) that carries… a source address of my local receipient and a destination address on the internet. While the traffic is actually flowing TO my office. It seems, address list identifier does not seem to work. Anyone any idea?
Just to finalize, the address list in question is:
add address=10.255.0.1 disabled=no list=fabric-00-01
add address=172.20.0.0/16 disabled=no list=fabric-00-01
The traffic accoding to torch ON THE .2 interface (fabric-00-01.2) has a source of 172.20.200.11 and a destination of 38.99.228.117 which seems to be the wrong way (the traffic COMES from 38.99.228.117=
OS is 5.0
Any advice more than welcome. I am at a loss here. When I look at the same torch (interface .2) on my office local 450g… also running 5.0… the traffic is “correct” (incoming TO 172.20.200.11 FROM 38.99.228.117).