I just started supporting an ISP that uses Mikrotik. I have experience with other vendors, but not Mikrotik.
I am trying to use policy based routing via mangle to route one network of public IPs out of ISP2, and all the other IPs out of ISP1. ISP1 and ISP2 announce via BGP only the IPs that I want routed via them.
When I implemented this configuration last night, I was able to ping the IPs that I am routing out via ISP2 (my_ips) and I assumed that everything was working. I saw connections in the connection tab of the firewall, and traffic on the ISP2 egress interface. This morning when customers started getting online, they could not reach webpages. I don't have a local PC at this site to troubleshoot from yet, so I don't have traceroutes. I was hoping someone could take a look at the mangle portion of my config and see if they see an issue. I currently have the route and rules disabled.
[admin@luc-gw0] > ip firewall mangle print
Flags: X - disabled, I - invalid, D - dynamic
0 X chain=prerouting action=mark-connection new-connection-mark=my_conn
passthrough=yes connection-state=new dst-address=0.0.0.0/0
src-address-list=my_ips log=no log-prefix=""
1 X chain=prerouting action=mark-routing new-routing-mark=my_uplink
passthrough=yes connection-mark=my_conn log=no log-prefix=""
[admin@luc-gw0] > ip firewall address-list print
Flags: X - disabled, D - dynamic
# LIST ADDRESS TIMEOUT
0 my_ips 199.xxx.yyy.zzz/23
[admin@luc-gw0] > ip route print detail
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
0 X S dst-address=0.0.0.0/0 gateway=sfp1-ISP2
gateway-status=sfp1-ISP2 inactive distance=1 scope=30 target-scope=10
routing-mark=my_uplink
1 A S dst-address=0.0.0.0/0 gateway=162.xxx.yyy.zzz
gateway-status=162.xxx.yyy.zzz reachable via sfp4-ISP1 distance=1
scope=30 target-scope=10
