Mikrotik ROS v7.1 и два провайдера.

Стартовые настройки
• Интерфейсы в провайдеров добавлены в интерфейс
лист WAN
• Развешаны IP
• Включен masquerading для WAN

# Базовые настройки:
[bash title=»код»]/interface ethernet
set [ find default-name=ether1 ] comment=ISP1
set [ find default-name=ether2 ] comment=ISP2[/bash]

[bash title=»код»]/interface list
add name=WAN[/bash]

[bash title=»код»]/interface list member
add interface=ether1 list=WAN
add interface=ether2 list=WAN[/bash]

[bash title=»код»]/ip address
add address=198.51.100.6/29 interface=ether1
add address=203.0.113.6/29 interface=ether2
add address=192.168.88.254/24 interface=br-lan[/bash]

[bash title=»код»]/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN[/bash]

Routing tables
# Создать дополнительные роутинг таблицы
[bash title=»код»]
/routing table add disabled=no fib name=rtab-1
/routing table add disabled=no fib name=rtab-2[/bash]

Route defaults

# Добавить дефолты в новые таблицы
[bash title=»код»]
/ip route add distance=251 gateway=198.51.100.1
/ip route add distance=252 gateway=203.0.113.1
/ip route add gateway=198.51.100.1 routing-table=rtab-1
/ip route add gateway=203.0.113.1 routing-table=rtab-2[/bash]

Маркировки (mangle)
# Добавить маркировки
[bash title=»код»]/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether1 new-connection-mark=con-isp1 passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether2 new-connection-mark=con-isp2 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=con-isp1 in-interface-list=!WAN new-routing-mark=rtab-1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=con-isp2 in-interface-list=!WAN new-routing-mark=rtab-2 passthrough=yes
add action=mark-routing chain=output connection-mark=con-isp1 new-routing-mark=rtab-1 passthrough=yes
add action=mark-routing chain=output connection-mark=con-isp2 new-routing-mark=rtab-2 passthrough=yes[/bash]

При таких маркировках будут работать оба провайдера.
DST-NAT так же будет работать

Route Recursive failover
# Отказоустойчивость через рекурсивные маршруты
[bash title=»код»]/ip route
add distance=251 gateway=198.51.100.1
add distance=252 gateway=203.0.113.1
add gateway=198.51.100.1 routing-table=rtab-1
add gateway=203.0.113.1 routing-table=rtab-2
add dst-address=4.2.2.1/32 gateway=198.51.100.1 scope=11
add dst-address=4.2.2.2/32 gateway=203.0.113.1 scope=11
add check-gateway=ping distance=10 gateway=4.2.2.1 targetscope=11
add check-gateway=ping distance=20 gateway=4.2.2.2 targetscope=11[/bash]

Route recursive

Route recursive. Fail ISP1