I set up policy routing in a dual WAN config and the connection initiation and packets in general via the route that matches policy seem to be slowed down in the router. For instance it can take several seconds or more to establish a ssh session with hosts on the route that matches policy and then once the session is established, it can take a few seconds to get what you entered in the console echoed back. Traffic is routing as desired and the traffic to the non-policy route is performing normally.
Code: Select all
/routing/table print
D name="main" fib
name="ArouteTable" fib
/ip/firewall/mangle> print detail
;;; Mark A routing
chain=prerouting action=mark-routing new-routing-mark=ArouteTable passthrough=yes src-address-list="" dst-address-list=Alist
connection-mark="" in-interface-list=LAN log=no log-prefix=""
/ip route print detail
As dst-address=0.0.0.0/0 routing-table=main pref-src="" gateway=10.18.18.17 immediate-gw=10.18.18.17%ether5 distance=1 scope=30
target-scope=10 suppress-hw-offload=no
As dst-address=0.0.0.0/0 routing-table=ArouteTable pref-src="" gateway=192.168.0.1 immediate-gw=192.168.0.1%ether1 distance=1
scope=30 target-scope=10 suppress-hw-offload=no
If I add the following, traffic to 1.2.3.4 performs normally and the rest of the Alist host traffic continues to perform poorly.
Code: Select all
/routing/rule print
0 dst-address=1.2.3.4 action=lookup-only-in-table table=ArouteTable
Am I missing something in config? Am I expecting too much our of a tiny single-core processor? I really don't want to add a rule for each entry in the Alist, that kind of obviates policy routing and might as well just add individual routes. I see nothing interesting in the logs. Ideas? Am I missing something or mis-interpreting documentation?