I keep promising myself that I'll learn Policy Routing, but, I don't know why, I find it a little...intimidating, probably because I don't know exactly where and how to start to get it right. In particular, I don't understand what is the difference between using Mangle and Routing Rules to steer traffic. I have never understood when I should use one over the other. Maybe an advanced Mikrotik user could open an official topic to talk about different scenarios and setups as well.
Thanks

There is thread here that might have some background:
viewtopic.php?t=192006&hilit=mrz

Depending on how you do it, you still often need some mangle rule to mark-connection/mark-routing. You just can use /routing/rules to avoid some mangles. e.g. "input" traffic should still go out same interface it came in on & failover cases, which cannot be covered with multiple WAN using policy routing alone.

So I kinda view policy routing as quick way to adjust the routing table used by a client or VLAN/subnet. Let mangle do the marking based on what table the /routing/rule selected on output/forward. This is in opposition to letting something like PCC or other specific FW rules do the route table picking in mangle.

Flow diagrams are your friend.
https://help.mikrotik.com/docs/display/ ... n+RouterOS

Very True.

I was going to say it basically the Load Balance YT: https://www.youtube.com/watch?v=nlb7XAv57tw&t=467s

Just skip the 3 PCC lines in mangle & replace with LAN subnet(s) as dst-address to main as first rule(s) and whatever other rules to steer traffic.

You can also use it to drop certain IP/subnets from being routed in /routing/rules too.

Flow diagrams are your friend.
https://help.mikrotik.com/docs/display/ ... n+RouterOS

The docs starting here: https://help.mikrotik.com/docs/display/ ... CMP)routes
give some context too.

There is thread here that might have some background:
viewtopic.php?t=192006&hilit=mrz

Very interesting thread, thanks. However it can be a bit hard to make sense of information from different users, about specific cases.
As for the Flow diagrams, I didn't understand how they could be helpful to me.
I watched the video you linked, and I also found this other one:
https://www.youtube.com/watch?v=JWSfC_7p1yU
So, I am still trying to figure out what is the real difference between them, or if one method is better than the other.
Besides, the latter seems more straightforward and clear to me.
Thanks again

I think part of the problem is using term "policy routing". To me, that just means using /routing/rules in a configuration. And, does what winbox shows: you create a "filter" on top, and pick the action on bottom to select a route table. Now...that alone does NOT solve a "multi WAN" problem since you need /routing/table's to use them & those need to be configured with routes, connections marked, etc. etc. So it's the later things that need to be understood first (and /routing/rule would then make more sense). Basically /routing/rule does nothing... without a lot of other config in place.

Another way to think about is, in theory, you can do ALL routing in the firewall with mangle ALONE (e.g. action=route) using rich filters selectors & not bother adding routes/tables/rule at all. The same is not true with route selection using /routing/rules — your basically limited to using the src/dest address to select a /routing/table. Even then, the routing rule will still go through firewall rules after selection, just indirectly via a route table. So kinda need a grasp of /ip/firewall to even use policy routing in /routing/rules.

What's confusing, I think, is the firewall does more than filter – it also, critically, tracks connections (packet flows between a host and internet/lan) so very much involved in routing (despite be under "firewall") – which is same as Linux. But it's the mangle rules that add the critical "marks" in firewall's tracking (/ip/firewall/connections) to know which route was selected. You don't escape this marking step in RouterOS for ANY kinda of "multi WAN" routing! It's only the route selection part where there is even a choice between the "firewall" stuff like PCC, and using /routing/rule.

Is policy routing "better" than mangle?. The question turns on how often you update the route selection logic. If it never changes (e.g. two wan, primary and secondary), firewall be better. If you need a lot of host-specific rules or want easier way to "pick a WAN", /routing/rule can help. But it's just an "add on" to mangle – not a replacement.

I think part of the problem is using term "policy routing".

I used it because I started from here:
https://help.mikrotik.com/docs/display/ ... cy+Routing

Anyway, I partially understood what you wrote, mostly because I lack some basic knowledge about the specific topic, I guess. My fault, of course.
However, I still think that a brand new official article about the topic (like many others here about VLANs, Failover, atc written by @pcunite or @anav, just to name a few who I remember now) where beginners who have started tackling this matter can join in and ask questions, would do a world of good.
Thank you

Mikrotik's doc do leave you hanging on the "why". But it all comes down to what you're trying to do.

But @pcunite has an article on MultiWAN with example config using /routing/rule and /routing/table: viewtopic.php?t=192736

Mikrotik's doc do leave you hanging on the "why". But it all comes down to what you're trying to do.

But @pcunite has an article on MultiWAN with example config using /routing/rule and /routing/table: viewtopic.php?t=192736

Ok. I'll then be referring and posting to that thread if I need to get some help or ask something specific.
Thanks