we are doing a POC where we need to configure a multiple ISP configuration (2 ISP).
I've read several pages both on wiki about this configuration, but still miss the "theory" behind that.
To keep simple, let's assume rOS < 7.1 (I saw 7.1 contains several changes)
Here are the points I'd like to confirm/explain:
1) Mikrotik always does PBR. There is an "hidden" routing rule which force main table usage if no other rules apply
2) A different routing table can be selected via routing rules OR via mangle rules (we would like to use the latter)
3) Mangle rules with action=mark-routing seems to work only in PREROUTING or OUTPUT chains (not able to find an article in wiki)
4) in examples, I've always seen mark-connection first and then mark-routing, but I cannot figure out why we cannot simply use mark-routing
So we did this simple test with a routerboard connected to 2 different ISP (both public IPs, using private in example)
Code: Select all
/ip address add interface=ether1 address=10.10.10.1/24
/ip address add interface=ether2 address=192.168.10.1/24
/ip route add gateway=10.10.10.254 routing-mark=ISP1
/ip route add gateway=192.168.10.254 routing-mark=ISP2
/ip firewall mangle add chain=prerouting in-interface=ether1 connection-mark=no-mark action=mark-connection new-connection-mark=from_ISP1
/ip firewall mangle add chain=prerouting in-interface=ether2 connection-mark=no-mark action=mark-connection new-connection-mark=from_ISP2
/ip firewall mangle add chain=prerouting connection-mark=from_ISP1 action=mark-routing new-routing-mark=ISP1
/ip firewall mangle add chain=prerouting connection-mark=from_ISP2 action=mark-routing new-routing-mark=ISP2
In my mind, when packet arrives to routerboard, connection is marked (confirmed in firewall connections tab) and then packets belonging to same connection are forced to use ISP1 or ISP2 routing table which contains the proper "default route".
Needles to say, it didn't work, but I cannot understand the missing step in my flow.
Have read several articles on the forum, but was unable to join them in a single "packet flow", hence I'm asking your help.
Thanks in advance.