Hi all,

I'm struggling. Please help me if you could or just point me in the right direction.

Here is what I'm doing:
wlan1 is connected to ISP1 - 2.4GHz chain
wlan2 is connected to ISP2 - 5GHz chain
[routes, dhcp client, DNS - 8.8.8.8 and 8.8.4.4 pushed to clients]

Three scenarios:
1. I have the connectivity when I'm using only one interface (let's say wlan1 is on and wlan2 is down and vice versa) - it works just fine.
2. When I'm turning both on - only one interface is being used. Period. Almost no traffic on other interface.
3. When I'm trying to use both on + load balancing (PCC doesn't work and same with just 2 simple subnets - 192.168.86.1-126 is Group A - wlan1 and 192.168.86.129-253 is Group B-wlan2) - it doesn't work.

What's happening: the DNS (or routes) works on only one interface. So when I'm on scenario 3 and I'm in Group B - I can't ping anything except the gateway of wlan2. Unless I will create a static route to let's say 8.8.4.4 - this way I can ping 8.8.4.4 from wlan2.

Clients on wlan1 are fine. They can go anywhere.

Please let me know if you need any additional info (configs or something else) - I will be happy to post it.

You will need to properly setup load balancing using Mangle.
Check out this presentation, it should cover what you need to know:
https://youtu.be/67Dna_ffCvc

Feel free to skip to around 6:30 - that's when the Mangle stuff starts.

tomaskir - great slides, but actually I've been doing it accordingly to your slides even before you posted the link... So I guess I'm doing something wrong.

https://mum.mikrotik.com/presentations/US12/steve.pdf also I've tried that approach. Still nothing.

Most probably it's an issue in your Mangle config.

Please post your Mangle export.

Mangle:

3 X chain=prerouting action=mark-routing new-routing-mark=Group_A
passthrough=yes src-address=192.168.86.0/25 log=no log-prefix=""

4 X chain=prerouting action=mark-routing new-routing-mark=Group_B
passthrough=yes src-address=192.168.86.128/25 log=no log-prefix=""

/ip route> print
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 S 0.0.0.0/0 192.168.1.254 1 <-----Group A mark
1 A S 0.0.0.0/0 192.168.0.1 1 <----- Group B mark
2 ADS 0.0.0.0/0 192.168.0.1 1
3 A S 8.8.4.4/32 wlan2 1
4 ADC 192.168.0.0/24 192.168.0.13 wlan2 0
5 ADC 192.168.86.0/24 192.168.86.1 bridge_local 0

That Mangle config is quite simple - I'm using it for testing...

That config is completely wrong, so no wonder it doesn't work

Implement proper Mangle as in either of the presentations, then test.
If it still doesn't work after, please post the Mangle export and what doesn't work.

Does it look right? What doesn't work: load balancing is not happening. wlan1 can't ping, but wlan2 can... Same story.
Mangle:

1 chain=prerouting action=accept src-address-list=Connected dst-address-list=Connected
2 chain=input action=mark-connection new-connection-mark=WAN1->ROS connection-mark=no-mark in-interface=wlan1
3 chain=input action=mark-connection new-connection-mark=WAN2->ROS connection-mark=no-mark in-interface=wlan2
4 chain=output action=mark-routing new-routing-mark=ISP1_Route connection-mark=WAN1->ROS
5 chain=output action=mark-routing new-routing-mark=ISP2_Route connection-mark=WAN2->ROS
6 chain=forward action=mark-connection new-connection-mark=WAN1->LANs connection-mark=no-mark in-interface=wlan1
7 chain=forward action=mark-connection new-connection-mark=WAN2->LANs connection-mark=no-mark in-interface=wlan2
8 chain=prerouting action=mark-routing new-routing-mark=ISP1_Route src-address-list=LAN connection-mark=WAN1->LANs
9 chain=prerouting action=mark-routing new-routing-mark=ISP2_Route src-address-list=LAN connection-mark=WAN2->LANs
10 chain=prerouting action=mark-connection new-connection-mark=LAN->WAN passthrough=yes dst-address-type=local src-address-list=LAN dst-address-list=Connected connection-mark=no-mark log=no log-prefix=""
11 chain=prerouting action=mark-routing new-routing-mark=ISP1_Route passthrough=yes src-address-list=LAN connection-mark=LAN->WAN log=no log-prefix=""
12 chain=prerouting action=mark-connection new-connection-mark=Sticky_ISP1 routing-mark=ISP1_Route connection-mark=LAN->WAN
13 chain=prerouting action=mark-connection new-connection-mark=Sticky_ISP2 routing-mark=ISP2_Route connection-mark=LAN->WAN
14 chain=prerouting action=mark-routing new-routing-mark=ISP1_Route src-address-list=LAN connection-mark=Sticky_ISP1
15 chain=prerouting action=mark-routing new-routing-mark=ISP2_Route src-address-list=LAN connection-mark=Sticky_ISP2

/ip firewall address-list
add address=192.168.1.254/24 list=Connected
add address=192.168.0.1/24 list=Connected
add address=192.168.86.0/24 list=Connected
add address=192.168.86.0/24 list=LAN

Route:

/ip route
add gateway=192.168.1.254 distance=1
add gateway=192.168.0.1 distance=2
add gateway=192.168.1.254 routing-mark=ISP1_Route distance=1
add gateway=192.168.0.1 routing-mark=ISP2_Route distance=1

wlan1 GW - 192.168.1.254
wlan2 GW - 192.168.0.1
LAN - 192.168.86.0/24

1) Mangle miss-configuration
Rule 10 - you are missing negation signs.
"dst-address-type=!local" and "dst-address-list=!Connected"

If you are doing bandwidth-based load-balancing, you will also need the Traffic Monitors which switch the routing mark on the main load-balancing Mangle rule.

2) Pings
You can't just select interface for ping.
You have to select the right interface AND the right routing table (it's in the Advanced tab).

1) Mangle miss-configuration
Rule 10 - you are missing negation signs.
"dst-address-type=!local" and "dst-address-list=!Connected"

If you are doing bandwidth-based load-balancing, you will also need the Traffic Monitors which switch the routing mark on the main load-balancing Mangle rule.

2) Pings
You can't just select interface for ping.
You have to select the right interface AND the right routing table (it's in the Advanced tab).

Thank you Tomas! I fixed mangle rule #10, now there is no connection on my clients... (e.g. no ping to anywhere except 2 gateways). I guess I'm going in the right direction, but my initial issue is still there... Also thank you for heads-up regarding pings (am I doing it wrong again? pinging from wlan1... ) Please have a look at 2 screenshots below.

Screenshot one - 0 counters on some rules...
Screenshot two - pings.

When I'm pining from clients I got "request timed out" but DNS seems to be fine...

Seems to me that route between wlan1<->-bridge_local<->wlan2 is broken or... What the hell?

As I mentioned previously, you will need to have the Traffic Monitor scripts in place to load balancing using bandwidth-based load-balancing.
Refer to the presentation.

Another note - do not use FastTrack with this.
FastTrack on purpose doesn't let packets into Mangle (and multiple other RouterOS facilities), that's how it achieves perf. improvements.

In ping, do not set source address.
Just set interface, and routing table.

As I mentioned previously, you will need to have the Traffic Monitor scripts in place to load balancing using bandwidth-based load-balancing.
Refer to the presentation.

Another note - do not use FastTrack with this.
FastTrack on purpose doesn't let packets into Mangle (and multiple other RouterOS facilities), that's how it achieves perf. improvements.

In ping, do not set source address.
Just set interface, and routing table.

Thank you for your help sir, I guess FastTrack was causing that. I will check and update the post accordingly a bit later. I haven't really used traffic monitor because I couldn't get any traffic. If disabling FastTrack will solve the riddle - will do for sure.

Thank you again.

As I mentioned previously, you will need to have the Traffic Monitor scripts in place to load balancing using bandwidth-based load-balancing.
Refer to the presentation.

Another note - do not use FastTrack with this.
FastTrack on purpose doesn't let packets into Mangle (and multiple other RouterOS facilities), that's how it achieves perf. improvements.

In ping, do not set source address.
Just set interface, and routing table.

So FastTrack disabled, still no connection, clients can't go anywhere, but 2 GWs

Can't ping from "sub-ordinary interface". Only from "main" - wlan2

Weird part:
wlan1 set as interface, can ping from routing table ISP1_route AND ISP2_route, main
wlan2 set as interface, can't ping at all. ISP1_route, ISP2_route, main.
I have no idea how and why wlan2 has become "dominant" interface. So when wlan2 is down, wlan1 is being used. When I'm turning "dominant" wlan2 on, wlan1 is not active. Is that because of my route list?

With FastTrack being turned off the following counters are at "0": - screenshot.

My goal for now is to fix that crap, I will take care of load balancing and traffic mon a bit later - when my clients would have connectivity...

All the things highlighted in your screenshot have different meanings, the 0 are fine.

Highlighted rule 1 simply says there is no WAN->LAN traffic through wlan1.

Highlighted rules 2 and 3 are 0 because the main load-balancing rule isn't routing any traffic through wlan2.
You can see that in the config - it's marking all the traffic into 'ISP1_Route' routing table.

Your Mangle is fine - to me it seems like your issue will be somewhere else in the config.
How does the firewall filter and NAT look like?

Even better - post your full '/export hide-sensitive'.

Tomas,

thank you for your time and help - I really appreciate it. You're the only one who decided to give me a hand. Please have a look at my config (attached)... I know it doesn't look good, but please let me know if I'm doing something weird or stupid

anyone, please?

anyone, please?

bump