Hi everyone, I need your help...
I use RB2011, I have two internet connections from two different ISPs (ISP1 & ISP2), one is using PPPoE via SFP port with dynamic Public IPs, and one is from a 5G router via port eth1, with totally different bandwidth.

Also I have two main LANs from two bridges (LAN 1 & LAN2 or Bridge1 & Bridge2) with no DHCP server enable, but both has VLANs enable.
I wanted each LAN/Bridge to use totally one ISP when both are up, when one ISP is down, they should share the bandwidth.

My current config is working fine but not really what I wanted. Now the bandwidth is shared when downloading but when uploading is used only from one ISP, also the Latency (one has very good latency and one has a bad latency) they are merged while using.
And when it comes to Failover, when the PPPoE link is down, the 5G router keeps running, but when the 5G router has no internet than the assigned LAN to it is also going down unless I unplug the eth1 from the mikrotik or I disable the interface, since the 5G routers gateway to the mikrotik is still up. (I have tried to ask the provider to give a bridge mode instead of router mode but it was not possible yet)

Thank you in advance.

/export file=anynameyouwish (minus router serial number, any public WANIP information, keys etc.)

To be clear what you want is
NORMAL ( no sharing )
LAN1 to use WAN1 for all traffic
LAN2 to use WAN2 for all traffic.

Failover ( share available WAN )
If WAN1 is down, LAN1 should use WAN2
if WAN2 is down LAN2 should use WAN1

Now the bandwidth is shared when downloading but when uploading is used only from one ISP, also the Latency (one has very good latency and one has a bad latency) they are merged while using.

A small side-note for clarification:
You need to look at connections as a bundle of 1 to many streams.
You can not split a single stream over multiple ISP links.

If a download or upload uses multiple streams, those can potentially be split. If that download or upload only uses 1 stream, you're stuck with the ISP it passes over.
And even with multiple streams, it will not always be possible (e.g. typically banking applications do not accept connections coming from multiple ISPs within the same session, for logical reasons).

@NaseerMalindi Here is my config, I've wrote under your comment in YT (Full MikroTik MTCRE - Recursive Routing (Easy Automatic failover)):

Change these to your's:
then apply config
Checking 4 different ip's, every pair have different route inside one ISP, to be sure it's totally down
This is for enable/disable mangle rules for routing traffic throught marked routing table or main, checking the second ip for each recursive ip rool (2) to execute for sure connection is down.

Looks like this

Do you have any VPNs ( such as wireguard ) in the mix via a specific WAN, and also any port forwarding to servers --> on either LAN??..........

Do you have any VPNs ( such as wireguard ) in the mix via a specific WAN, and also any port forwarding to servers --> on either LAN??..........

WG Is on demand (not using in failover).
Port forwarding only via one ISP, not critical for me.
Why?

When you become more forthcoming with requirements an optimal config can be designed.
What is wireguard on demand mean. ( your using a third party provider? you have wireguard vPS in the cloud? your MT is acting as a wireguard server and you as the admin login from away ? )
Which WAN is used for port forwarding.........

If you want a working config, then you need to be accurate and complete in detailing the user requirements.

When you become more forthcoming with requirements an optimal config can be designed.
What is wireguard on demand mean. ( your using a third party provider? you have wireguard vPS in the cloud? your MT is acting as a wireguard server and you as the admin login from away ? )
Which WAN is used for port forwarding.........

If you want a working config, then you need to be accurate and complete in detailing the user requirements.

My config is working. I'm not asking anyone anything.
Guess you're misunderstand.
My reply is the answer to author's post.

My question was for the OP, the originator, didnt realize it was you that had answered..........

/export file=anynameyouwish (minus router serial number, any public WANIP information, keys etc.)

To be clear what you want is
NORMAL ( no sharing )
LAN1 to use WAN1 for all traffic
LAN2 to use WAN2 for all traffic.

Failover ( share available WAN )
If WAN1 is down, LAN1 should use WAN2
if WAN2 is down LAN2 should use WAN1

Yes exactly.

Now the bandwidth is shared when downloading but when uploading is used only from one ISP, also the Latency (one has very good latency and one has a bad latency) they are merged while using.

A small side-note for clarification:
You need to look at connections as a bundle of 1 to many streams.
You can not split a single stream over multiple ISP links.

If a download or upload uses multiple streams, those can potentially be split. If that download or upload only uses 1 stream, you're stuck with the ISP it passes over.
And even with multiple streams, it will not always be possible (e.g. typically banking applications do not accept connections coming from multiple ISPs within the same session, for logical reasons).

What I wanted was, LAN1 to ISP1 & LAN2 to ISP2. but when it comes to one ISP is down, the other LAN traffic should be routed to the available ISP.

Do you have any VPNs ( such as wireguard ) in the mix via a specific WAN, and also any port forwarding to servers --> on either LAN??..........

No, I don't have any

@NaseerMalindi Here is my config, I've wrote under your comment in YT (Full MikroTik MTCRE - Recursive Routing (Easy Automatic failover)):

Change these to your's:

Code: Select all

<ISP1-IP>
<ISP2-IP>
<ISP1-GW-IP>
<ISP2-GW-IP>
WAN - my ISP1 interface name, change to your's  i.e. ether1, change it in mangle
LTE - my ISP2 interface name, change to your's  i.e. ether2, change it in mangle
LOCAL_NETS - it's my other networks list, for do not mangle and have access. Change it or delete from mangle rules
LAN - my LOCAL1 interface name, change to your's i.e. ether3
VLAN100 - my LOCAL2 interface name, change to your's i.e. ether4

then apply config

Code: Select all

/routing table 
add disabled=no fib name=ISP1-Fiber
add disabled=no fib name=ISP2-LTE

/ip firewall mangle 
add action=mark-connection chain=prerouting comment="FOR WAN" connection-mark=no-mark connection-state=new disabled=yes in-interface=WAN new-connection-mark=WAN_conn passthrough=yes
add action=mark-routing chain=output comment="FOR WAN" connection-mark=WAN_conn disabled=yes new-routing-mark=ISP1-Fiber passthrough=no
add action=mark-connection chain=prerouting comment="FOR LTE" connection-mark=no-mark connection-state=new in-interface=LTE new-connection-mark=LTE_conn passthrough=yes
add action=mark-routing chain=output comment="FOR LTE" connection-mark=LTE_conn new-routing-mark=ISP2-LTE passthrough=no
add action=mark-connection chain=prerouting comment="NET2 <-> ISP2-LTE" connection-mark=no-mark connection-state=new disabled=yes dst-address-list=!LOCAL_NETS dst-address-type=!local in-interface=LAN new-connection-mark=LTE_conn passthrough=yes
add action=mark-routing chain=prerouting comment="NET2 <-> ISP2-LTE" connection-mark=LTE_conn disabled=yes in-interface=LAN new-routing-mark=ISP2-LTE passthrough=yes
add action=mark-connection chain=prerouting comment="NET1 <-> ISP1-Fiber" connection-mark=no-mark connection-state=new disabled=yes dst-address-list=!LOCAL_NETS dst-address-type=!local in-interface=VLAN100 new-connection-mark=WAN_conn passthrough=yes
add action=mark-routing chain=prerouting comment="NET1 <-> ISP1-Fiber" connection-mark=WAN_conn disabled=yes in-interface=VLAN100 new-routing-mark=ISP1-Fiber passthrough=yes

Checking 4 different ip's, every pair have different route inside one ISP, to be sure it's totally down

Code: Select all

/ip route 
add disabled=no distance=1 dst-address=8.8.8.8/32 gateway=<ISP1-GW-IP> routing-table=ISP1-Fiber scope=10 suppress-hw-offload=no
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=8.8.8.8 routing-table=ISP1-Fiber suppress-hw-offload=no target-scope=11
add disabled=no distance=1 dst-address=9.9.9.9/32 gateway=<ISP2-GW-IP> routing-table=ISP2-LTE scope=10 suppress-hw-offload=no target-scope=11
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=9.9.9.9 pref-src="" routing-table=ISP2-LTE scope=30 suppress-hw-offload=no target-scope=12
add disabled=no dst-address=1.1.1.1/32 gateway=<ISP1-GW-IP> routing-table=main scope=10 suppress-hw-offload=no
add disabled=no dst-address=8.8.8.8/32 gateway=<ISP1-GW-IP> routing-table=main scope=10 suppress-hw-offload=no
add check-gateway=ping disabled=no dst-address=0.0.0.0/0 gateway=1.1.1.1 routing-table=main suppress-hw-offload=no target-scope=11
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=8.8.8.8 routing-table=main scope=30 suppress-hw-offload=no target-scope=11
add disabled=no distance=1 dst-address=1.1.1.2/32 gateway=<ISP2-GW-IP> routing-table=main scope=10 suppress-hw-offload=no target-scope=11
add disabled=no distance=1 dst-address=9.9.9.9/32 gateway=<ISP2-GW-IP> routing-table=main scope=10 suppress-hw-offload=no target-scope=11
add check-gateway=ping disabled=no distance=3 dst-address=0.0.0.0/0 gateway=1.1.1.2 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=12
add check-gateway=ping disabled=no distance=4 dst-address=0.0.0.0/0 gateway=9.9.9.9 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=12

This is for enable/disable mangle rules for routing traffic throught marked routing table or main, checking the second ip for each recursive ip rool (2) to execute for sure connection is down.

Code: Select all

/tool netwatch
add comment="ISP1-FIBER GW CHECK" disabled=yes down-script="::log warning (\"GW1 Fiber is DOWN\");\r\
    \nip firewall/mangle/disable [find comment=\"NET1 <-> ISP1-Fiber\"]  \r\
    \nip firewall/mangle/disable ([find comment~\"FOR WAN\"])\r\
    \n:delay 3;\r\
    \nip firewall/connection/remove ([find reply-dst-address~\"<ISP1-IP>\"])" host=\
    8.8.8.8 http-codes="" interval=10s packet-count=3 packet-interval=2s packet-size=56 test-script="" timeout=2s type=\
    icmp up-script=":local time [/sys clock get time]\r\
    \n:log warning (\"GW1 Fiber is UP\");\r\
    \nip firewall/mangle/enable [find comment=\"NET1 <-> ISP1-Fiber\"]  \r\
    \nip firewall/mangle/enable ([find comment~\"FOR WAN\"])\r\
    \n:delay 3;\r\
    \nip firewall/connection/remove ([find reply-dst-address~\"<ISP2-IP>\"])"
add comment="ISP2-LTE GW CHECK" disabled=yes down-script=":log warning (\"GW2 LTE is DOWN\");\r\
    \nip firewall/mangle/disable [find comment=\"NET2 <-> ISP2-LTE\"]\r\
	\nip firewall/mangle/disable ([find comment~\"FOR LTE\"])\r\
    \n:delay 3;\r\
    \nip firewall/connection/remove ([find reply-dst-address~\"<ISP2-IP>\"])" host=9.9.9.9 http-codes="" interval=10s \
    packet-count=3 packet-interval=2s packet-size=56 test-script="" timeout=2s type=icmp up-script=":log warning (\"GW2 LTE is UP\");\r\
    \nip firewall/mangle/enable [find comment=\"NET2 <-> ISP2-LTE\"]\r\
	\nip firewall/mangle/enable ([find comment~\"FOR LTE\"])\r\
    \n:delay 3;\r\
    \nip firewall/connection/remove ([find reply-dst-address~\"<ISP1-IP>\"])"

Looks like this

Thank you very much for your Help, I remember that from YT, I have done it after another search and both the config looks almost similar, but I will verify yours with the one I did to make it better ( I did mine yesterday since I was out of town for a few weeks)
I did not do the netwatch one! what is it for?

Thank you again