MikroTik

Hello.
I have the following setup on a mikrotik:
ETH1 is my Primary internet gateway, connected to a chateu providing 5g internet. CHATEAU is running a DHCP server at 192.168.118.0/24 and my mikrotik gets an address with its DHCP CLient. It provides internet to both the following Bridges.
ETH3-6 are within a BRIDGE with DHCP Server on 192.168.88.0/24
ETH7-10 are within a BRIDGE2 with DHCP server on 192.168.99.0/24

I want to connect a secondary ISP on ETH2, and forward all the traffic of BRIDGE2 there. trying to find the simplest solution there is to that.
What i tried is this:
Open a DHCP Client on ETH2 with "add default route" set to "NO"
create a ip>route to fowrard all the traffic of the bridge directly to that gateway with
/ip route add disabled=no dst-address=192.168.99.0/24 gateway=192.168.1.1

This doesn't work. Mangle is the only way to go?

You can use either:
- mangle with route mark
- route rules depending on source address
- VRF

What is "simple" depends on your insight in the matter, and what you can use depends on some other factors.
E.g. VRF is really easy to setup (add a VRF and put ether2 and bridge2 into it, and just set the default route from DHCP), however it is limited because all services provided by the router itself (like admin, NTP etc) can only be provided in one VRF. So your second subnet is "on its own", but maybe that aligns well with what you want (e.g. a guest network).

Wouldn't a routing rule do?
https://help.mikrotik.com/docs/display/ ... cy+Routing

See this example:
viewtopic.php?t=192365

I think you can use "interface" (which is the in-interface) set to bridge2 instead of source IP's.

create table.
/routing table
add fib name=useWAN2

add route
/ip route
add dst address=0.0.0.0/0 gwy=ISP2 gateway routing-table=useWAN2

add routing rule
/routing rule
add action=lookup-only-in-table table=useWAN2 interface=bridge2

Yes, that is another way to do it.
Maybe in this case you also want a firewall rule that prevents traffic between the bridges (when that is wanted).
With a VRF that would not be required.

Since the second device is acting as a router getting a private LANIP from the chateau.
What I would do is only use one bridge and two vlans, easy peasy, and firewall rules easily applied.

The question needing answering is what happens when WAN2 is not available do you want the users dedicated to that WAN, to be able to access internet off of WAN1.
Next question the reverse, the other users are using WAN1, do you want them to be able to use WAN2 if WAN1 is not available.

Now I am assuming those not being directed to WAN2 should be using WAN1, but it is possible you want those users not dedicated to WAN2,
to load balance between WAN1 and WAN2, ( aka access both at the same time). This is probably a stretch but as stated your requirements are not completely described.
Would want to have that before proposing any config designs.

Further to that,]
Do you do any port forwarding from external users to any of your LANs.......?
Do you do any VPN services that connect to the router like wireguard.

A config should be built with the context of the whole in mind.
My esteemed colleagues are eager to make conclusions and jump to solutions without such knowledge.
I am not as skilled or perceptive and am much slower.