Main idea is to be able to distribute connections from a LAN to multiple WANs, using policy routes.
Something similar to [[ https://wiki.mikrotik.com/wiki/Manual:PCC | Mikrotik pcc ]]
A proposed cli could be:
```
set policy route <name> rule <number> connection-classifier selection-pattern <destination-address | destination-port| source-address | source-port>
set policy route <name> rule <number> connection-classifier rule 1 probability <0-100> jump-target <jump_target_01>
set policy route <name> rule <number> connection-classifier rule 2 probability <0-100> jump-target <jump_target_02>
...
```
Example: matching based on src and dst ip address:
```
set policy route LAN rule 30 connection-classifier selection-pattern source-address
set policy route LAN rule 30 connection-classifier selection-pattern destination-address
set policy route LAN rule 30 connection-classifier rule 1 probability 50 jump-target OUT_WAN01
set policy route LAN rule 30 connection-classifier rule 2 probability 50 jump-target OUT_WAN02
# Which should lead next nft command:
sudo nft add rule ip vyos_mangle VYOS_PBR_LAN ct mark 0 counter jhash ip saddr . ip daddr mod 100 vmap { 0-49 : jump VYOS_PBR_LAN-TO-WAN01 , 50-99 : jump VYOS_PBR_LAN-TO-WAN02 }
### Then also create both chains to associate previous selection to desired routing table
# LAN-TO-WAN01
set policy route LAN-TO-WAN01 rule 10 set table 111
# LAN-TO-WAN02
set policy route LAN-TO-WAN02 rule 10 set table 122
```
References:
https://manpages.debian.org/testing/nftables/nft.8.en.html#HASH_EXPRESSIONS
https://manpages.debian.org/testing/nftables/nft.8.en.html#VMAP_STATEMENT
https://manpages.debian.org/testing/nftables/nft.8.en.html#VERDICT_STATEMENT