Manual:Fast Path: Difference between revisions
No edit summary |
|||
(62 intermediate revisions by 9 users not shown) | |||
Line 9: | Line 9: | ||
For fast path to work, interface support and specific configuration conditions are required. | For fast path to work, interface support and specific configuration conditions are required. | ||
==List of | ==List of devices with FastPath support== | ||
FastPath support on the specific devices. | |||
<table class="styled_table"> | <table class="styled_table"> | ||
Line 16: | Line 16: | ||
<th width="100">RouterBoard</th> | <th width="100">RouterBoard</th> | ||
<th width="300">Interfaces</th> | <th width="300">Interfaces</th> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
Line 26: | Line 22: | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td ><b>RB7xx series</b></td> | <td ><b>Most of the RB7xx series</b></td> | ||
<td >all | <td >all Ethernet ports</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td ><b> | <td ><b>RB800</b></td> | ||
<td >ether1,2</td> | <td >ether1,2</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td ><b>RB9xx series</b></td> | <td ><b>RB9xx series</b></td> | ||
<td >all | <td >all Ethernet ports</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td ><b>RB1000</b></td> | <td ><b>RB1000</b></td> | ||
<td >all | <td >all Ethernet ports</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td ><b>RB1100 series</b></td> | <td ><b>RB1100 series</b></td> | ||
<td >ether1- | <td >ether1-11</td> | ||
</tr> | |||
<tr> | |||
<td ><b>RB1100AHx4</b></td> | |||
<td >all Ethernet ports</td> | |||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td ><b>RB2011 series</b></td> | <td ><b>RB2011 series</b></td> | ||
<td >all | <td >all Ethernet ports</td> | ||
</tr> | |||
<tr> | |||
<td ><b>RB3011 series</b></td> | |||
<td >all Ethernet ports</td> | |||
</tr> | |||
<tr> | |||
<td ><b>RB4011 series</b></td> | |||
<td >all Ethernet ports</td> | |||
</tr> | |||
<tr> | |||
<td ><b>CRS series routers</b></td> | |||
<td >all Ethernet ports</td> | |||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td ><b>CCR series routers</b></td> | <td ><b>CCR series routers</b></td> | ||
<td >all | <td >all Ethernet ports</td> | ||
</tr> | |||
<tr> | |||
<td ><b>Other devices</b></td> | |||
<td >Not supported</td> | |||
</tr> | |||
</table> | |||
==List of interfaces with FastPath support== | |||
FastPath support on different types of interfaces | |||
<table class="styled_table"> | |||
<tr> | |||
<th>Interface</th> | |||
<th>Supported</th> | |||
<th>Notes</th> | |||
</tr> | |||
<tr> | |||
<td ><b>Wireless</b></td> | |||
<td ><b>Yes</b></td> | |||
<td >If wireless-fp or wireless-cm2 package used</td> | |||
</tr> | |||
<tr> | |||
<td ><b>Bridge</b></td> | |||
<td ><b>Yes</b></td> | |||
<td >Since 6.29</td> | |||
</tr> | |||
<tr> | |||
<td ><b>VLAN, VRRP</b></td> | |||
<td ><b>Yes</b></td> | |||
<td >Since 6.30</td> | |||
</tr> | |||
<tr> | |||
<td ><b>Bonding</b></td> | |||
<td ><b>Yes</b></td> | |||
<td >RX only, since 6.30</td> | |||
</tr> | |||
<tr> | |||
<td ><b>EoIP, GRE, IPIP</b></td> | |||
<td ><b>Yes</b></td> | |||
<td >since 6.33. Interfaces have per interface setting "allow-fast-path". Interfaces have side effect of bypassing firewall, connection tracking, simple queues, queue tree with parent=global, IP accounting, IPsec, hotspot universal client, VRF assignment for encapsulated packets that go trough fastpath</td> | |||
</tr> | </tr> | ||
<tr> | |||
<td ><b>L2TP, PPPoE</b></td> | |||
<td ><b>Yes</b></td> | |||
<td >Since 6.35</td> | |||
</tr> | |||
<tr> | |||
<td ><b>LTE</b></td> | |||
<td ><b>Yes</b></td> | |||
<td ></td> | |||
</tr> | |||
<tr> | |||
<td ><b>Other</b></td> | |||
<td ><b>No</b></td> | |||
<td ></td> | |||
</tr> | |||
</table> | </table> | ||
{{ Note | Allowing FastPath for tunnel interfaces does not guarantee that all packets will go FastPath, so for SlowPath packets regular processing happens as before. }} | |||
==FastPath Handlers== | ==FastPath Handlers== | ||
Line 60: | Line 133: | ||
* ipv4 | * ipv4 | ||
* ipv4 fasttrack | |||
* traffic generator | * traffic generator | ||
* mpls | * mpls | ||
* bridge | * bridge | ||
{{ Note | Packet | {{ Note | Packet can be forwarded by fast path handler only if at least source interface support fast path. For complete fast path forwarding destination interface support is also required. See the [[Manual:Fast_Path#List_of_devices_with_FastPath_support | list]] of supported interfaces.}} | ||
=== IPv4 handler === | |||
IPv4 fast path is automatically used if following conditions are met: | IPv4 fast path is automatically used if following conditions are met: | ||
* [[M:IP/Firewall | firewal rules]] are not configured | * [[M:IP/Firewall | firewal rules]] are not configured; | ||
* Traffic flow is disabled <code>/ip traffic-flow enabled=no</code> | * [[M:IP/Firewall | firewall address lists]] are not configured; | ||
* Simple and [[Manual:Queue| queue]] trees with parent=global are not configured | * <del>Traffic flow is disabled <code>/ip traffic-flow enabled=no</code></del> restriction removed in 6.33; | ||
* Simple and [[Manual:Queue| queue]] trees with parent=global are not configured; | |||
* no [[M:Interface/HWMPplus | mesh]], [[M:Metarouter | metarouter]] interface configuration; | |||
* no | * [[M:Tools/Packet_Sniffer | sniffer]], [[M:Troubleshooting_tools#Torch_.28.2Ftool_torch.29 | torch]] and [[M:Tools/Traffic_Generator | traffic generator]] is not running; | ||
* [[M:Tools/Packet_Sniffer | sniffer]], [[M:Troubleshooting_tools#Torch_.28.2Ftool_torch.29 | torch]] and [[M:Tools/Traffic_Generator | traffic generator]] is not running | * connection tracking is not active; | ||
* connection tracking is not active | * ip accounting is disabled (/ip accounting enabled=no); | ||
* VRFs are not set (/ip route vrf is empty); | |||
* Hotspot is not used (/ip hostspot has no interfaces); | |||
* IpSec policies are not configured (ROS v6.8); | |||
* <del>no active mac-ping, mac-telnet or mac-winbox sessions</del> restriction removed in 6.33; | |||
* /tool mac-scan is not actively used; | |||
* /tool ip-scan is not actively used; | |||
* route cache must be enabled | |||
<code>/ip firewall connection tracking set enabled</code> parameter has new <var>auto</var> value Which means that connection tracking is disabled by default until firewall rules are added. | <code>/ip firewall connection tracking set enabled</code> parameter has new <var>auto</var> value Which means that connection tracking is disabled by default until firewall rules are added. | ||
=== IPv4 FastTrack handler=== | |||
FastTrack is available on the devices with FastPath support. FastTrack is FastPath+Connection Tracking. | |||
Detailed information about the [[M:IP/Fasttrack | FastTrack]]. | |||
===Traffic Generator handler=== | |||
Traffic Generator fast path is automatically used for interfaces that support this feature. | Traffic Generator fast path is automatically used for interfaces that support this feature. | ||
===MPLS handler=== | |||
MPLS fast path is automatically used for interfaces that support this feature. | MPLS fast path is automatically used for interfaces that support this feature. | ||
Line 95: | Line 178: | ||
===Bridge handler=== | |||
Bridge fast path is automatically used if following conditions are met: | Bridge fast path is automatically used if following conditions are met: | ||
* [[Manual:Interface/Bridge#Bridge_VLAN_Filtering | bridge VLAN filtering]] is disabled, | |||
* [[Manual:Interface/Bridge#DHCP_Snooping_and_DHCP_Option_82 | bridge DHCP snooping]] is disabled, | |||
* no [[M:Interface/Bridge#Bridge_Firewall | bridge firewall]] rules (<code>/interface bridge filter, /interface bridge nat</code>) are configured, | * no [[M:Interface/Bridge#Bridge_Firewall | bridge firewall]] rules (<code>/interface bridge filter, /interface bridge nat</code>) are configured, | ||
* <code>/interface bridge settings use-ip-firwall=no</code>, | * <code>/interface bridge settings use-ip-firwall=no</code>, | ||
* no [[M:Interface/HWMPplus | mesh]], [[M:Metarouter | metarouter]] interface configuration, | |||
* no | * [[M:Tools/Packet_Sniffer | sniffer]], [[M:Troubleshooting_tools#Torch_.28.2Ftool_torch.29 | torch]] and [[M:Tools/Traffic_Generator | traffic generator]] is not running, | ||
* [[M:Tools/Packet_Sniffer | sniffer]], [[M:Troubleshooting_tools#Torch_.28.2Ftool_torch.29 | torch]] and [[M:Tools/Traffic_Generator | traffic generator]] is not running | |||
{{cont}} | {{cont}} |
Latest revision as of 09:11, 27 May 2020
Applies to RouterOS: v6.0rc2 +
Summary
Fast path allows to forward packets without additional processing in the Linux kernel. It improves forwarding speeds significantly.
For fast path to work, interface support and specific configuration conditions are required.
List of devices with FastPath support
FastPath support on the specific devices.
RouterBoard | Interfaces |
---|---|
RB6xx series | ether1,2 |
Most of the RB7xx series | all Ethernet ports |
RB800 | ether1,2 |
RB9xx series | all Ethernet ports |
RB1000 | all Ethernet ports |
RB1100 series | ether1-11 |
RB1100AHx4 | all Ethernet ports |
RB2011 series | all Ethernet ports |
RB3011 series | all Ethernet ports |
RB4011 series | all Ethernet ports |
CRS series routers | all Ethernet ports |
CCR series routers | all Ethernet ports |
Other devices | Not supported |
List of interfaces with FastPath support
FastPath support on different types of interfaces
Interface | Supported | Notes |
---|---|---|
Wireless | Yes | If wireless-fp or wireless-cm2 package used |
Bridge | Yes | Since 6.29 |
VLAN, VRRP | Yes | Since 6.30 |
Bonding | Yes | RX only, since 6.30 |
EoIP, GRE, IPIP | Yes | since 6.33. Interfaces have per interface setting "allow-fast-path". Interfaces have side effect of bypassing firewall, connection tracking, simple queues, queue tree with parent=global, IP accounting, IPsec, hotspot universal client, VRF assignment for encapsulated packets that go trough fastpath |
L2TP, PPPoE | Yes | Since 6.35 |
LTE | Yes | |
Other | No |
Note: Allowing FastPath for tunnel interfaces does not guarantee that all packets will go FastPath, so for SlowPath packets regular processing happens as before.
FastPath Handlers
Currently RouterOS has following fast path handlers:
- ipv4
- ipv4 fasttrack
- traffic generator
- mpls
- bridge
Note: Packet can be forwarded by fast path handler only if at least source interface support fast path. For complete fast path forwarding destination interface support is also required. See the list of supported interfaces.
IPv4 handler
IPv4 fast path is automatically used if following conditions are met:
- firewal rules are not configured;
- firewall address lists are not configured;
Traffic flow is disabledrestriction removed in 6.33;/ip traffic-flow enabled=no
- Simple and queue trees with parent=global are not configured;
- no mesh, metarouter interface configuration;
- sniffer, torch and traffic generator is not running;
- connection tracking is not active;
- ip accounting is disabled (/ip accounting enabled=no);
- VRFs are not set (/ip route vrf is empty);
- Hotspot is not used (/ip hostspot has no interfaces);
- IpSec policies are not configured (ROS v6.8);
no active mac-ping, mac-telnet or mac-winbox sessionsrestriction removed in 6.33;- /tool mac-scan is not actively used;
- /tool ip-scan is not actively used;
- route cache must be enabled
/ip firewall connection tracking set enabled
parameter has new auto value Which means that connection tracking is disabled by default until firewall rules are added.
IPv4 FastTrack handler
FastTrack is available on the devices with FastPath support. FastTrack is FastPath+Connection Tracking. Detailed information about the FastTrack.
Traffic Generator handler
Traffic Generator fast path is automatically used for interfaces that support this feature.
MPLS handler
MPLS fast path is automatically used for interfaces that support this feature.
Currently MPLS fast-path applies only to MPLS switched traffic (frames that enter router as MPLS and must leave router as MPLS) - MPLS ingress and egress (including VPLS tunnel endpoints that do VPLS encap/decap) will operate as before.
Bridge handler
Bridge fast path is automatically used if following conditions are met:
- bridge VLAN filtering is disabled,
- bridge DHCP snooping is disabled,
- no bridge firewall rules (
/interface bridge filter, /interface bridge nat
) are configured, /interface bridge settings use-ip-firwall=no
,- no mesh, metarouter interface configuration,
- sniffer, torch and traffic generator is not running,
[ Top | Back to Content ]