ACIM Personal Knowledgebase

User Tools

Site Tools

Trace:
mikrotik:fasttrack

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision 		Previous revision
mikrotik:fasttrack [2016/06/13 13:58]
admin created 		mikrotik:fasttrack [2016/06/13 14:15] (current)
admin
Line 1: Line 1:
 +====== Fasttrack ======
  
-=== Description === +===== Description =====
-IPv4 FastTrack handler is automatically used for marked connections. Use firewall action "​fasttrack-connection"​ to mark connections for fasttrack. Currently only TCP and UDP connections can be actually fasttracked (even though any connection can be marked for fasttrack). IPv4 FastTrack handler supports NAT (SNAT, DNAT or both). ​+
  
-Note that not all packets in a connection can be fasttracked,​ so it is likely to see some packets going through slow path even though connection is marked for fasttrack. This is the reason why fasttrack-connection is usually followed be identical action=accept rule. Fasttracked packets bypass firewall, connection tracking, simple queues, queue tree with parent=global, ​<del>ip traffic-flow</​del>​(restriction removed in 6.33), ip accounting, ipsec, hotspot universal client, vrf assignment, so it is up to administrator to make sure fasttrack does not interfere with other configuration;​+IPv4 FastTrack handler is automatically used for marked connections. Use firewall action "​fasttrack-connection"​ to mark connections for fasttrack. Currently only TCP and UDP connections can be actually fasttracked (even though any connection can be marked for fasttrack). IPv4 FastTrack handler supports NAT (SNAT, DNAT or both). 
 + 
 +Note that not all packets in a connection can be fasttracked,​ so it is likely to see some packets going through slow path even though connection is marked for fasttrack. This is the reason why fasttrack-connection is usually followed be identical action=accept rule. Fasttracked packets bypass firewall, connection tracking, simple queues, queue tree with parent=global,​ ip traffic-flow(restriction removed in 6.33), ip accounting, ipsec, hotspot universal client, vrf assignment, so it is up to administrator to make sure fasttrack does not interfere with other configuration;​ 
 + 
 + 
 +===== Requirements =====
  
-=== Requirements ===  
 IPv4 FastTrack is active if following conditions are met: IPv4 FastTrack is active if following conditions are met:
  
-* no [[M:​Interface/​HWMPplus | mesh]][[M:​Metarouter | metarouter]] interface configuration;​ +  ​* no mesh, metarouter interface configuration;​ 
-[[M:​Tools/​Packet_Sniffer | sniffer]][[M:​Troubleshooting_tools#​Torch_.28.2Ftool_torch.29 | torch]] and [[M:​Tools/​Traffic_Generator | traffic generator]] is not running; +  * sniffer, torch and traffic generator is not running; 
-* <​del>​no active mac-ping, mac-telnet or mac-winbox sessions</​del>​ restriction removed in 6.33; +  * /tool mac-scan is not actively used; 
-* /tool mac-scan is not actively used; +  * /tool ip-scan is not actively used;
-* /tool ip-scan is not actively used;+
  
  
-=== Supported hardware ===+===== Supported hardware ===== 
 Fasttrack is supported on the listed devices. Fasttrack is supported on the listed devices.
  
-<table class="​styled_table">​ +RouterBoard ​    ^ Interfaces 
-<​tr>​ +RB6xx series ​       ​| ​ether1,​2 ​    |  
-   <​th width="​100">​RouterBoard</​th>​ +RB7xx series ​      | all ports       |  
-   <​th width="​300">​Interfaces</th> +RB800       | ether1,​2 ​      |  
-</​tr>​ +RB9xx series     | all ports  | 
-<​tr>​ +RB1000       | all ports  | 
-   <​td ><​b>​RB6xx series</​b></​td>​ +RB1100 series      ​| ​ether1-11 ​ |  
-   <​td >ether1,2</td> +RB2011 ​    | series all ports |  
-</​tr>​ +RB3011 series       | all ports   | 
-<​tr>​ +CRS series routers ​       ​| ​all ports  | 
-   <​td ><​b>​RB7xx series</​b></​td>​ +CCR series routers        ​| ​all ports  | 
-   <​td >all ports</td> +All devices ​wireless interfaces, if wireless-fp or wireless-cm2 package used  | 
-</​tr>​ + 
-<​tr>​ + 
-   <​td ><​b>​RB800</​b></​td>​ + 
-   <​td >ether1,2</td> +===== Examples =====
-</​tr>​ +
-<​tr>​ +
-   <​td ><​b>​RB9xx series</​b></​td>​ +
-   <​td >all ports</td> +
-</​tr>​ +
-<​tr>​ +
-   <​td ><​b>​RB1000</​b></​td>​ +
-   <​td >all ports</td> +
-</​tr>​ +
-<​tr>​ +
-   <​td ><​b>​RB1100 series</​b></​td>​ +
-   <​td >ether1-11</td> +
-</​tr>​ +
-<​tr>​ +
-   <​td ><​b>​RB2011 series</​b></​td>​ +
-   <​td >all ports</td> +
-</​tr>​ +
-<​tr>​ +
-   <​td ><​b>​RB3011 series</​b></​td>​ +
-   <​td >all ports</td> +
-</​tr>​ +
-<​tr>​ +
-   <​td ><​b>​CRS series routers</​b></​td>​ +
-   <​td >all ports</td> +
-</​tr>​ +
-<​tr>​ +
-   <​td ><​b>​CCR series routers</​b></​td>​ +
-   <​td >all ports</td> +
-</​tr>​ +
-<​tr>​ +
-   <​td ><​b>​All devices</​b></​td>​ +
-   <​td >wireless interfaces, if wireless-fp or wireless-cm2 package used</td> +
-</tr> +
-</​table>​+
  
-=== Examples === 
 ==== Initial configuration ==== ==== Initial configuration ====
 +
 For example, in home routers with factory default configuration,​ you could Fasttrack all LAN traffic with this one rule placed at the top of the Firewall Filter. The same configuration accept rule is required: For example, in home routers with factory default configuration,​ you could Fasttrack all LAN traffic with this one rule placed at the top of the Firewall Filter. The same configuration accept rule is required:
  
 +<code bash>
  /ip firewall filter add chain=forward action=fasttrack-connection connection-state=established,​related  /ip firewall filter add chain=forward action=fasttrack-connection connection-state=established,​related
  /ip firewall filter add chain=forward action=accept connection-state=established,​related  /ip firewall filter add chain=forward action=accept connection-state=established,​related
 +</​code>​
  
 View of simple FastTrack rules in the firewall, it is important to have other filter or mangle rules to get the advantage of the FastTrack: View of simple FastTrack rules in the firewall, it is important to have other filter or mangle rules to get the advantage of the FastTrack:
-* /ip firewall filter + 
-[[File:Fasttrack1_example.png|center|frame]] +  ​* /ip firewall filter 
-* /ip firewall mangle +{{ :mikrotik:fasttrack1_example.png?​nolink ​|}} 
-[[File:Screenshot 2015-11-27 09.40.09.png|center|frame]] +  * /ip firewall mangle 
-{{ Warning | <b> Queues, firewall filter and mangle rules will not be applied for FastTracked traffic.</​b>}} +{{ :mikrotik:screenshot_2015-11-27_09.40.09.png?​nolink ​|}} 
-* Connection is FastTracked until connection is closed, timed-out or router is rebooted. +<note warning> 
-* Dummy rules will dissapear only after FastTrack firewall rules will be deleted/​disabled and router rebooted.+Queues, firewall filter and mangle rules will not be applied for FastTracked traffic. 
 +</note
 +  * Connection is FastTracked until connection is closed, timed-out or router is rebooted. 
 +  * Dummy rules will dissapear only after FastTrack firewall rules will be deleted/​disabled and router rebooted.
  
 ==== FastTrack on RB2011 ==== ==== FastTrack on RB2011 ====
 +
 FastTrack is enabled on RB2011 at chain=forward with the rule from previous example. Bandwidth test with single TCP stream is sent, FastTrack is enabled on RB2011 at chain=forward with the rule from previous example. Bandwidth test with single TCP stream is sent,
-[[File:​Fasttrackon2011.png|center|frame]] 
  
-[[Category:Manual|Fast]] +{{ :mikrotik:fasttrackon2011.png?​nolink ​|}} 
-[[Category:Routerboard|Fast]] +
-[[Category:​Hardware|Fast]] +
-[[Category:​Interface|Fast]] +
-[[Category:​Case Studies|Fast]]+
  
mikrotik/fasttrack.1465819127.txt.gz · Last modified: 2016/06/13 13:58 by admin

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki