Im using RB4011iGS+RM

However, I planned to route different bridge to different route.

I have 3 routes/Gateways connected to different ISPs (ISP A, ISP B, ISP C) through LAN..

and clients from range:
- IP 10.10.10.1/24 connected to route A (ISP A) through bridge-client1
- IP 10.10.11.1/24 connected to route B (ISP B) through bridge-client2
- IP 10.10.12.1/24 connected to route C (ISP C) through bridge-client3

the thing is, when I use mark routing in Routing and Mangle, it reduce the performances (can be say slow). Sometime not able to route.

Is there any best practice to route different bridge and/or IP range?

So basically, below are ether ports details:
eth1 - Route A, ISP A
eth2 - Route B, ISP B
eth3 - Route C, ISP C
eth4 - Bridge A (for client at bridge-client1)
eth5 - Bridge A (for client at bridge-client1)
eth6 - Bridge B (for client at bridge-client2)
eth7 - Bridge B (for client at bridge-client2)
eth8 - Bridge C (for client at bridge-client3)
eth9 - Bridge C (for client at bridge-client3)
eth10 - rsvd

IP Addresses:
eth1 - 10.30.0.10 connected to 10.30.0.1/24 gateway
eth2 - 10.30.0.20 connected to 10.30.0.2/24 gateway
eth3 - 10.30.0.30 connected to 10.30.0.3/24 gateway
bridge-client1 : DHCP Server with IP Address 10.30.10.1/24
bridge-client2 : DHCP Server with IP Address 10.30.11.1/24
bridge-client3 : DHCP Server with IP Address 10.30.12.1/24

https://wiki.mikrotik.com/wiki/Manual:L ... witch_chip

"Sometimes it is possible to restructure a network topology to use VLANs, which is the proper way to isolate Layer2 networks."

Keep in mind that RB4011 uses RTL8367 switch chip, which is (when used in Routerboard device) cripled the same way as MT7621 (used in e.g. hEX) and doesn't support VLANs in hardware. So when one configures VLANs on RB4011, everything will pass CPU (even intra-VLAN trafic between teo ports).

Keep in mind that RB4011 uses RTL8367 switch chip, which is (when used in Routerboard device) cripled the same way as MT7621 (used in e.g. hEX) and doesn't support VLANs in hardware. So when one configures VLANs on RB4011, everything will pass CPU (even intra-VLAN trafic between teo ports).

Always surprised that the higher numbered boxes are not a super set of the lower numbered ones.
RB3011 would have been a better choice for this setup then?

It really depends on expected traffic amount and pattern. The interconnect between CPU and each switch chip in RB4011 is 2.5Gbps ... this can be bottleneck or not depending on amount of intra-VLAN traffic. However, CPU in 4011 is much faster than CPU in 3011 and thus much more suitable for routing and firewalling tasks.

i was thinking about changing to VLANs method, but problem is, these Router A, Router B & Router C devices doesnt support VLAN.. and the clients also probably not use VLAN to connect to the RB4011..

anyway, i attach the diagram how I wanting to setup..

when I tested and connect the laptop direct-LAN to the Router A, B & C, I get 100Mbps from speedtest.net
however when I applied the mark routing & mangle with commands below, the speedtest.net from the laptop (direct LAN link to either one of bridge-client1, bridge-client2, bridge-client3), I just get 512kbps-2Mbps which I assumed it was affected by these settings..

Does your firewall still have the default "action=fasttrack chain=forward" rule? If yes, disable it.