Routing Mark stopped working properly

Good day,

For a few days now I have noticed some funniness with users routed over our second uplink.

What happens is they get error connection reset messages when trying to access sites like twitter/speedtest.net

First i thought it may be a mss or mtu issue but it was not the case.

Yesterday I discovered that the traffic would enter the correct interface but all outgoing traffic leaves the where the default gateway is setup, its like its ignoring the routing mark one way.

 chain=prerouting action=mark-routing new-routing-mark=ISP2 passthrough=yes src-address-list=IS2_Clients dst-address-list=!LAN log=no log-prefix=""

The dst-address list is used so that clients can still reach the internal dns server.

I think fasttrack may be causing the issue here

If you are using fasttrack, as you can see, we can not apply it to rules of filter or mangle.

https://wiki.mikrotik.com/wiki/Manual:IP/Fasttrack

Warning: Queues (except Queue Trees parented to interfaces), firewall filter and mangle rules will not be applied for FastTracked traffic.

Thanks,

I see this issue only happens with TCP traffic.

udp sends and receives on the same correct interface

I tested with iperf3

Ok,

Problem solved.

For some reason fasttrack broke my marked tcp packets causing this.

Disabling fast track fixed the problem.

But now, how do i fast track these tcp packets and let them go over the correct interface

You cannot.
Remember fasttrack is not some magic option that removes the handbrake on packet processing to just make everything go faster.
Fasttrack is based on reduction of functionality: short-circuit part of the code (software) that has to process each packet so the simple case can be handled quicker.
When you want advanced features, at some point you will have to give up fasttrack.