Manual:Fast Path: Difference between revisions

From MikroTik Wiki
Jump to navigation Jump to search
No edit summary
 
(69 intermediate revisions by 9 users not shown)
Line 5: Line 5:
==Summary==
==Summary==


Fast path allows to forward packets without additional processing in the Linux kernel. It improves forwarding speeds significantly.


==List of RouterBoards with FastPath support==
For fast path to work, interface support and specific configuration conditions are required.


==List of devices with FastPath support==
FastPath support on the specific devices.


<table class="styled_table">
<table class="styled_table">
Line 13: Line 16:
   <th width="100">RouterBoard</th>
   <th width="100">RouterBoard</th>
   <th width="300">Interfaces</th>
   <th width="300">Interfaces</th>
</tr>
<tr>
  <td ><b>RB3xx series</b></td>
  <td >ether1,2</td>
</tr>
</tr>
<tr>
<tr>
Line 23: Line 22:
</tr>
</tr>
<tr>
<tr>
   <td ><b>RB7xx series</b></td>
   <td ><b>Most of the RB7xx series</b></td>
   <td >all ethernets</td>
   <td >all Ethernet ports</td>
</tr>
</tr>
<tr>
<tr>
   <td ><b>RB8xx series</b></td>
   <td ><b>RB800</b></td>
   <td >ether1,2</td>
   <td >ether1,2</td>
</tr>
</tr>
<tr>
<tr>
   <td ><b>RB9xx series</b></td>
   <td ><b>RB9xx series</b></td>
   <td >all ethernets</td>
   <td >all Ethernet ports</td>
</tr>
</tr>
<tr>
<tr>
   <td ><b>RB1000</b></td>
   <td ><b>RB1000</b></td>
   <td >all ethernets</td>
   <td >all Ethernet ports</td>
</tr>
</tr>
<tr>
<tr>
   <td ><b>RB1100 series</b></td>
   <td ><b>RB1100 series</b></td>
   <td >ether1-10,11</td>
   <td >ether1-11</td>
</tr>
<tr>
  <td ><b>RB1100AHx4</b></td>
  <td >all Ethernet ports</td>
</tr>
</tr>
<tr>
<tr>
   <td ><b>RB2011 series</b></td>
   <td ><b>RB2011 series</b></td>
   <td >all ethernets and sfp</td>
   <td >all Ethernet ports</td>
</tr>
<tr>
  <td ><b>RB3011 series</b></td>
  <td >all Ethernet ports</td>
</tr>
<tr>
  <td ><b>RB4011 series</b></td>
  <td >all Ethernet ports</td>
</tr>
<tr>
  <td ><b>CRS series routers</b></td>
  <td >all Ethernet ports</td>
</tr>
</tr>
<tr>
<tr>
   <td ><b>CCR series routers</b></td>
   <td ><b>CCR series routers</b></td>
   <td >all ethernets and sfps</td>
   <td >all Ethernet ports</td>
</tr>
<tr>
  <td ><b>Other devices</b></td>
  <td >Not supported</td>
</tr>
</table>
 
==List of interfaces with FastPath support==
FastPath support on different types of interfaces
 
<table class="styled_table">
<tr>
  <th>Interface</th>
  <th>Supported</th>
  <th>Notes</th>
</tr>
<tr>
  <td ><b>Wireless</b></td>
  <td ><b>Yes</b></td>
  <td >If wireless-fp or wireless-cm2 package used</td>
</tr>
<tr>
  <td ><b>Bridge</b></td>
  <td ><b>Yes</b></td>
  <td >Since 6.29</td>
</tr>
 
<tr>
  <td ><b>VLAN, VRRP</b></td>
  <td ><b>Yes</b></td>
  <td >Since 6.30</td>
</tr>
 
<tr>
  <td ><b>Bonding</b></td>
  <td ><b>Yes</b></td>
  <td >RX only, since 6.30</td>
</tr>
<tr>
  <td ><b>EoIP, GRE, IPIP</b></td>
  <td ><b>Yes</b></td>
  <td >since 6.33. Interfaces have per interface setting "allow-fast-path". Interfaces have side effect of bypassing firewall, connection tracking, simple queues, queue tree with parent=global, IP accounting, IPsec, hotspot universal client, VRF assignment for encapsulated packets that go trough fastpath</td>
</tr>
 
<tr>
  <td ><b>L2TP, PPPoE</b></td>
  <td ><b>Yes</b></td>
  <td >Since 6.35</td>
</tr>
<tr>
  <td ><b>LTE</b></td>
  <td ><b>Yes</b></td>
  <td ></td>
</tr>
<tr>
  <td ><b>Other</b></td>
  <td ><b>No</b></td>
  <td ></td>
</tr>
</tr>
</table>
</table>
{{ Note | Allowing FastPath for tunnel interfaces does not guarantee that all packets will go FastPath, so for SlowPath packets regular processing happens as before. }}


==FastPath Handlers==
==FastPath Handlers==


Currently RouterOS has three fast path handlers:
Currently RouterOS has following fast path handlers:


* ipv4
* ipv4
* ipv4 fasttrack
* traffic generator
* traffic generator
* mpls
* mpls
* bridge
* bridge


{{ Note | Packet will be forwarded in fast path only if source and destination interfaces support fast path. See the [[#List_of_RouterBoards_with_FastPath_support | list]] of supported interfaces.}}
{{ Note | Packet can be forwarded by fast path handler only if at least source interface support fast path. For complete fast path forwarding destination interface support is also required. See the [[Manual:Fast_Path#List_of_devices_with_FastPath_support | list]] of supported interfaces.}}


 
=== IPv4 handler ===
'''IPv4 handler'''


IPv4 fast path is automatically used if following conditions are met:
IPv4 fast path is automatically used if following conditions are met:


* [[M:IP/Firewall | firewal rules]] are not configured,
* [[M:IP/Firewall | firewal rules]] are not configured;
* [[Manual:Queue| queues]] are not configured
* [[M:IP/Firewall | firewall address lists]] are not configured;
* source interface is not [[M:Interface/Bridge | bridge]] or [[M:Interface/Bonding | bonding]] slave
* <del>Traffic flow is disabled <code>/ip traffic-flow enabled=no</code></del> restriction removed in 6.33;
* destination interface have configured [[Manual:Queue#Queue_Types | only-hw-queue]],
* Simple and [[Manual:Queue| queue]] trees with parent=global are not configured;
* no [[M:Interface/VRRP | vrrp]], [[M:Interface/HWMPplus | mesh]], [[M:Metarouter | metarouter]] interface configuration,
* no [[M:Interface/HWMPplus | mesh]], [[M:Metarouter | metarouter]] interface configuration;
* [[M:Tools/Packet_Sniffer | sniffer]], [[M:Troubleshooting_tools#Torch_.28.2Ftool_torch.29 | torch]] or [[M:Tools/Traffic_Generator | traffic generator]] is not running
* [[M:Tools/Packet_Sniffer | sniffer]], [[M:Troubleshooting_tools#Torch_.28.2Ftool_torch.29 | torch]] and [[M:Tools/Traffic_Generator | traffic generator]] is not running;
* connection tracking is not active
* connection tracking is not active;
* ip accounting is disabled (/ip accounting enabled=no);
* VRFs are not set (/ip route vrf is empty);
* Hotspot is not used (/ip hostspot has no interfaces);
* IpSec policies are not configured (ROS v6.8);
* <del>no active mac-ping, mac-telnet or mac-winbox sessions</del> restriction removed in 6.33;
* /tool mac-scan is not actively used;
* /tool ip-scan is not actively used;
* route cache must be enabled


<code>/ip firewall connection tracking set enabled</code> parameter has new <var>auto</var> value Which means that connection tracking is disabled by default until firewall rules are added.
<code>/ip firewall connection tracking set enabled</code> parameter has new <var>auto</var> value Which means that connection tracking is disabled by default until firewall rules are added.


=== IPv4 FastTrack handler===


'''Traffic Generator handler'''
FastTrack is available on the devices with FastPath support. FastTrack is FastPath+Connection Tracking.
Detailed information about the [[M:IP/Fasttrack | FastTrack]].
 
===Traffic Generator handler===


Traffic Generator fast path is automatically used for interfaces that support this feature.
Traffic Generator fast path is automatically used for interfaces that support this feature.


===MPLS handler===


'''Bridge handler'''
MPLS fast path is automatically used for interfaces that support this feature.


Bridge fast path is automatically used if following conditions are met:
Currently MPLS fast-path applies only to MPLS switched traffic (frames that enter router as MPLS and must leave router as MPLS) - MPLS ingress and egress (including VPLS tunnel endpoints that do VPLS encap/decap) will operate as before.


*) [[M:Interface/Bridge#Bridge_Firewall | bridge filter]] rules are not configured,
*) <code>/interface bridge settings use-ip-firwall=no</code>,
*) destination interface has configured [[Manual:Queue#Queue_Types | only-hw-queue]],
* no [[M:Interface/VRRP | vrrp]], [[M:Interface/HWMPplus | mesh]], [[M:Metarouter | metarouter]] interface configuration,
* [[M:Tools/Packet_Sniffer | sniffer]], [[M:Troubleshooting_tools#Torch_.28.2Ftool_torch.29 | torch]] or [[M:Tools/Traffic_Generator | traffic generator]] is not running


===Bridge handler===


Bridge fast path is approximately twice as fast.
Bridge fast path is automatically used if following conditions are met:


* [[Manual:Interface/Bridge#Bridge_VLAN_Filtering | bridge VLAN filtering]] is disabled,
* [[Manual:Interface/Bridge#DHCP_Snooping_and_DHCP_Option_82 | bridge DHCP snooping]] is disabled,
* no [[M:Interface/Bridge#Bridge_Firewall | bridge firewall]] rules (<code>/interface bridge filter, /interface bridge nat</code>) are configured,
* <code>/interface bridge settings use-ip-firwall=no</code>,
* no [[M:Interface/HWMPplus | mesh]], [[M:Metarouter | metarouter]] interface configuration,
* [[M:Tools/Packet_Sniffer | sniffer]], [[M:Troubleshooting_tools#Torch_.28.2Ftool_torch.29 | torch]] and [[M:Tools/Traffic_Generator | traffic generator]] is not running,


{{cont}}
{{cont}}

Latest revision as of 09:11, 27 May 2020

Applies to RouterOS: v6.0rc2 +

Summary

Fast path allows to forward packets without additional processing in the Linux kernel. It improves forwarding speeds significantly.

For fast path to work, interface support and specific configuration conditions are required.

List of devices with FastPath support

FastPath support on the specific devices.

RouterBoard Interfaces
RB6xx series ether1,2
Most of the RB7xx series all Ethernet ports
RB800 ether1,2
RB9xx series all Ethernet ports
RB1000 all Ethernet ports
RB1100 series ether1-11
RB1100AHx4 all Ethernet ports
RB2011 series all Ethernet ports
RB3011 series all Ethernet ports
RB4011 series all Ethernet ports
CRS series routers all Ethernet ports
CCR series routers all Ethernet ports
Other devices Not supported

List of interfaces with FastPath support

FastPath support on different types of interfaces

Interface Supported Notes
Wireless Yes If wireless-fp or wireless-cm2 package used
Bridge Yes Since 6.29
VLAN, VRRP Yes Since 6.30
Bonding Yes RX only, since 6.30
EoIP, GRE, IPIP Yes since 6.33. Interfaces have per interface setting "allow-fast-path". Interfaces have side effect of bypassing firewall, connection tracking, simple queues, queue tree with parent=global, IP accounting, IPsec, hotspot universal client, VRF assignment for encapsulated packets that go trough fastpath
L2TP, PPPoE Yes Since 6.35
LTE Yes
Other No

Note: Allowing FastPath for tunnel interfaces does not guarantee that all packets will go FastPath, so for SlowPath packets regular processing happens as before.


FastPath Handlers

Currently RouterOS has following fast path handlers:

  • ipv4
  • ipv4 fasttrack
  • traffic generator
  • mpls
  • bridge

Note: Packet can be forwarded by fast path handler only if at least source interface support fast path. For complete fast path forwarding destination interface support is also required. See the list of supported interfaces.


IPv4 handler

IPv4 fast path is automatically used if following conditions are met:

  • firewal rules are not configured;
  • firewall address lists are not configured;
  • Traffic flow is disabled /ip traffic-flow enabled=no restriction removed in 6.33;
  • Simple and queue trees with parent=global are not configured;
  • no mesh, metarouter interface configuration;
  • sniffer, torch and traffic generator is not running;
  • connection tracking is not active;
  • ip accounting is disabled (/ip accounting enabled=no);
  • VRFs are not set (/ip route vrf is empty);
  • Hotspot is not used (/ip hostspot has no interfaces);
  • IpSec policies are not configured (ROS v6.8);
  • no active mac-ping, mac-telnet or mac-winbox sessions restriction removed in 6.33;
  • /tool mac-scan is not actively used;
  • /tool ip-scan is not actively used;
  • route cache must be enabled

/ip firewall connection tracking set enabled parameter has new auto value Which means that connection tracking is disabled by default until firewall rules are added.

IPv4 FastTrack handler

FastTrack is available on the devices with FastPath support. FastTrack is FastPath+Connection Tracking. Detailed information about the FastTrack.

Traffic Generator handler

Traffic Generator fast path is automatically used for interfaces that support this feature.

MPLS handler

MPLS fast path is automatically used for interfaces that support this feature.

Currently MPLS fast-path applies only to MPLS switched traffic (frames that enter router as MPLS and must leave router as MPLS) - MPLS ingress and egress (including VPLS tunnel endpoints that do VPLS encap/decap) will operate as before.


Bridge handler

Bridge fast path is automatically used if following conditions are met:

[ Top | Back to Content ]