Hello,
i’ve pre-configured 2 links load-sharing via PCC and i’d like to have router connectivity to the internet but basically it’s not working now. i can’t ping public internet nor update packages because my setup is working normally just via marked RIBs. if i add default route to the main RIB connections that are prerouted to gateway that is different to default route gateway are much slower and for example speedtest.net results are delay more than 1000ms download speed something more than 0 but just slight and upload is similar to download.
example:
0.0.0.0/0 gateway 10.1.1.1 mark ISP1
0.0.0.0/0 gateway 10.2.2.2 mark IPS2
0.0.0.0/0 gateway 10.1.1.1 (main RIB)
connections “classified” to ISP1 are normal but connections “classified” to IPS2 are too slow.
i’m mangling inside and outside connections to the router from outside world and also outside to LAN and LAN-Outside, LAN access list contain just LAN subnet and Connected access list all connected networks.
/ip firewall mangle
add action=accept chain=prerouting dst-address-list=Connected src-address-list=Connected
add action=mark-connection chain=input comment="outside to router - mark conn" connection-mark=no-mark in-interface=WAN1 new-connection-mark=WAN1-ROS_conn passthrough=yes
add action=mark-connection chain=input comment="outside to router - mark conn" connection-mark=no-mark in-interface=WAN2 new-connection-mark=WAN2-ROS_conn passthrough=yes
add action=mark-routing chain=output comment="router to outside - routing mark" connection-mark=WAN1-ROS_conn new-routing-mark=to_ISP1 passthrough=yes
add action=mark-routing chain=output comment="router to outside - routing mark" connection-mark=WAN2-ROS_conn new-routing-mark=to_ISP2 passthrough=yes
add action=mark-connection chain=forward comment="outside to inside mark WAN1" connection-mark=no-mark in-interface=WAN1 new-connection-mark=WAN1-LAN_conn passthrough=yes
add action=mark-connection chain=forward comment="outside to inside mark WAN2" connection-mark=no-mark in-interface=WAN2 new-connection-mark=WAN2-LAN_conn passthrough=yes
add action=mark-connection chain=prerouting comment="inside to outside hash mark WAN1" connection-mark=no-mark dst-address-list=!Connected dst-address-type=!local new-connection-mark=WAN1-LAN_conn passthrough=yes per-connection-classifier=both-addresses:3/0 src-address-list=LAN
add action=mark-connection chain=prerouting comment="inside to outside hash mark WAN1" connection-mark=no-mark dst-address-list=!Connected dst-address-type=!local new-connection-mark=WAN1-LAN_conn passthrough=yes per-connection-classifier=both-addresses:3/2 src-address-list=LAN
add action=mark-connection chain=prerouting comment="inside to outside hash mark WAN2" connection-mark=no-mark dst-address-list=!Connected dst-address-type=!local new-connection-mark=WAN2-LAN_conn passthrough=yes per-connection-classifier=both-addresses:3/1 src-address-list=LAN
add action=mark-routing chain=prerouting comment="WAN to LAN routing mark" connection-mark=WAN1-LAN_conn new-routing-mark=to_ISP1 passthrough=yes src-address-list=LAN
add action=mark-routing chain=prerouting comment="WAN to LAN routing mark" connection-mark=WAN2-LAN_conn new-routing-mark=to_ISP2 passthrough=yes src-address-list=LAN
/ip route
add check-gateway=ping distance=1 gateway=192.168.7.1 routing-mark=to_ISP1
add distance=20 gateway=10.10.10.1 routing-mark=to_ISP1
add distance=34 gateway=192.168.7.1 scope=31
add distance=35 gateway=10.10.10.1 scope=31
i tried to disable all firewall filter rules and problem disappeared i went then one by one and looks like problem is with fasttrack. i’m assuming that fasttrack prebuild packets to have quicker response time so is there any way how to enable also fasttrack on top of my setup?
Thanks
HW - CCR1016-12G