Manual:Fast Path: Difference between revisions

From MikroTik Wiki
Jump to navigation Jump to search
No edit summary
 
(60 intermediate revisions by 9 users not shown)
Line 9: Line 9:
For fast path to work, interface support and specific configuration conditions are required.
For fast path to work, interface support and specific configuration conditions are required.


==List of RouterBoards with FastPath support==
==List of devices with FastPath support==
 
FastPath support on the specific devices.


<table class="styled_table">
<table class="styled_table">
Line 22: Line 22:
</tr>
</tr>
<tr>
<tr>
   <td ><b>RB7xx series</b></td>
   <td ><b>Most of the RB7xx series</b></td>
   <td >all ethernets</td>
   <td >all Ethernet ports</td>
</tr>
</tr>
<tr>
<tr>
   <td ><b>RB8xx series</b></td>
   <td ><b>RB800</b></td>
   <td >ether1,2</td>
   <td >ether1,2</td>
</tr>
</tr>
<tr>
<tr>
   <td ><b>RB9xx series</b></td>
   <td ><b>RB9xx series</b></td>
   <td >all ethernets</td>
   <td >all Ethernet ports</td>
</tr>
</tr>
<tr>
<tr>
   <td ><b>RB1000</b></td>
   <td ><b>RB1000</b></td>
   <td >all ethernets</td>
   <td >all Ethernet ports</td>
</tr>
</tr>
<tr>
<tr>
   <td ><b>RB1100 series</b></td>
   <td ><b>RB1100 series</b></td>
   <td >ether1-10,11</td>
   <td >ether1-11</td>
</tr>
<tr>
  <td ><b>RB1100AHx4</b></td>
  <td >all Ethernet ports</td>
</tr>
</tr>
<tr>
<tr>
   <td ><b>RB2011 series</b></td>
   <td ><b>RB2011 series</b></td>
   <td >all ethernets and sfp</td>
   <td >all Ethernet ports</td>
</tr>
<tr>
  <td ><b>RB3011 series</b></td>
  <td >all Ethernet ports</td>
</tr>
<tr>
  <td ><b>RB4011 series</b></td>
  <td >all Ethernet ports</td>
</tr>
<tr>
  <td ><b>CRS series routers</b></td>
  <td >all Ethernet ports</td>
</tr>
</tr>
<tr>
<tr>
   <td ><b>CCR series routers</b></td>
   <td ><b>CCR series routers</b></td>
   <td >all ethernets and sfps</td>
   <td >all Ethernet ports</td>
</tr>
<tr>
  <td ><b>Other devices</b></td>
  <td >Not supported</td>
</tr>
</tr>
</table>
</table>
==List of interfaces with FastPath support==
FastPath support on different types of interfaces
<table class="styled_table">
<tr>
  <th>Interface</th>
  <th>Supported</th>
  <th>Notes</th>
</tr>
<tr>
  <td ><b>Wireless</b></td>
  <td ><b>Yes</b></td>
  <td >If wireless-fp or wireless-cm2 package used</td>
</tr>
<tr>
  <td ><b>Bridge</b></td>
  <td ><b>Yes</b></td>
  <td >Since 6.29</td>
</tr>
<tr>
  <td ><b>VLAN, VRRP</b></td>
  <td ><b>Yes</b></td>
  <td >Since 6.30</td>
</tr>
<tr>
  <td ><b>Bonding</b></td>
  <td ><b>Yes</b></td>
  <td >RX only, since 6.30</td>
</tr>
<tr>
  <td ><b>EoIP, GRE, IPIP</b></td>
  <td ><b>Yes</b></td>
  <td >since 6.33. Interfaces have per interface setting "allow-fast-path". Interfaces have side effect of bypassing firewall, connection tracking, simple queues, queue tree with parent=global, IP accounting, IPsec, hotspot universal client, VRF assignment for encapsulated packets that go trough fastpath</td>
</tr>
<tr>
  <td ><b>L2TP, PPPoE</b></td>
  <td ><b>Yes</b></td>
  <td >Since 6.35</td>
</tr>
<tr>
  <td ><b>LTE</b></td>
  <td ><b>Yes</b></td>
  <td ></td>
</tr>
<tr>
  <td ><b>Other</b></td>
  <td ><b>No</b></td>
  <td ></td>
</tr>
</table>
{{ Note | Allowing FastPath for tunnel interfaces does not guarantee that all packets will go FastPath, so for SlowPath packets regular processing happens as before. }}


==FastPath Handlers==
==FastPath Handlers==
Line 56: Line 133:


* ipv4
* ipv4
* ipv4 fasttrack
* traffic generator
* traffic generator
* mpls
* mpls
* bridge
* bridge


{{ Note | Packet will be forwarded in fast path only if source and destination interfaces support fast path. See the [[#List_of_RouterBoards_with_FastPath_support | list]] of supported interfaces.}}
{{ Note | Packet can be forwarded by fast path handler only if at least source interface support fast path. For complete fast path forwarding destination interface support is also required. See the [[Manual:Fast_Path#List_of_devices_with_FastPath_support | list]] of supported interfaces.}}


 
=== IPv4 handler ===
'''IPv4 handler'''


IPv4 fast path is automatically used if following conditions are met:
IPv4 fast path is automatically used if following conditions are met:


* [[M:IP/Firewall | firewal rules]] are not configured,
* [[M:IP/Firewall | firewal rules]] are not configured;
* Traffic flow is disabled <code>/ip traffic-flow enabled=no</code>
* [[M:IP/Firewall | firewall address lists]] are not configured;
* Simple and [[Manual:Queue| queue]] trees with parent=global are not configured.
* <del>Traffic flow is disabled <code>/ip traffic-flow enabled=no</code></del> restriction removed in 6.33;
* source interface is not [[M:Interface/Bridge | bridge]] port or [[M:Interface/Bonding | bonding]] slave
* Simple and [[Manual:Queue| queue]] trees with parent=global are not configured;
* destination interface queue is set to [[Manual:Queue#Queue_Types | only-hw-queue]] and no queue tree entries with parent="dst interface"
* no [[M:Interface/HWMPplus | mesh]], [[M:Metarouter | metarouter]] interface configuration;
* no [[M:Interface/HWMPplus | mesh]], [[M:Metarouter | metarouter]] interface configuration,
* [[M:Tools/Packet_Sniffer | sniffer]], [[M:Troubleshooting_tools#Torch_.28.2Ftool_torch.29 | torch]] and [[M:Tools/Traffic_Generator | traffic generator]] is not running;
* [[M:Tools/Packet_Sniffer | sniffer]], [[M:Troubleshooting_tools#Torch_.28.2Ftool_torch.29 | torch]] and [[M:Tools/Traffic_Generator | traffic generator]] is not running
* connection tracking is not active;
* connection tracking is not active
* ip accounting is disabled (/ip accounting enabled=no);
* ip accounting is disabled (/ip accounting enabled=no);
* VRFs are not set (/ip route vrf is empty);
* VRFs are not set (/ip route vrf is empty);
* Hotspot is not used (/ip hostspot has no interfaces);
* Hotspot is not used (/ip hostspot has no interfaces);
 
* IpSec policies are not configured (ROS v6.8);
* <del>no active mac-ping, mac-telnet or mac-winbox sessions</del> restriction removed in 6.33;
* /tool mac-scan is not actively used;
* /tool ip-scan is not actively used;
* route cache must be enabled


<code>/ip firewall connection tracking set enabled</code> parameter has new <var>auto</var> value Which means that connection tracking is disabled by default until firewall rules are added.
<code>/ip firewall connection tracking set enabled</code> parameter has new <var>auto</var> value Which means that connection tracking is disabled by default until firewall rules are added.


=== IPv4 FastTrack handler===


{{Note | Starting from v6.1 added VRRP interface no longer disables fast path globally.
FastTrack is available on the devices with FastPath support. FastTrack is FastPath+Connection Tracking.
Ipv4 and bridge fast path handlers will not work only if source interface is vrrp slave interface.}}
Detailed information about the [[M:IP/Fasttrack | FastTrack]].


 
===Traffic Generator handler===
'''Traffic Generator handler'''


Traffic Generator fast path is automatically used for interfaces that support this feature.
Traffic Generator fast path is automatically used for interfaces that support this feature.


 
===MPLS handler===
'''MPLS handler'''


MPLS fast path is automatically used for interfaces that support this feature.
MPLS fast path is automatically used for interfaces that support this feature.
Line 99: Line 178:




'''Bridge handler'''
===Bridge handler===


Bridge fast path is automatically used if following conditions are met:
Bridge fast path is automatically used if following conditions are met:


* [[Manual:Interface/Bridge#Bridge_VLAN_Filtering | bridge VLAN filtering]] is disabled,
* [[Manual:Interface/Bridge#DHCP_Snooping_and_DHCP_Option_82 | bridge DHCP snooping]] is disabled,
* no [[M:Interface/Bridge#Bridge_Firewall | bridge firewall]] rules (<code>/interface bridge filter, /interface bridge nat</code>) are configured,
* no [[M:Interface/Bridge#Bridge_Firewall | bridge firewall]] rules (<code>/interface bridge filter, /interface bridge nat</code>) are configured,
* <code>/interface bridge settings use-ip-firwall=no</code>,
* <code>/interface bridge settings use-ip-firwall=no</code>,
* destination interface queue is set to [[Manual:Queue#Queue_Types | only-hw-queue]],
* no [[M:Interface/HWMPplus | mesh]], [[M:Metarouter | metarouter]] interface configuration,
* no [[M:Interface/HWMPplus | mesh]], [[M:Metarouter | metarouter]] interface configuration,
* [[M:Tools/Packet_Sniffer | sniffer]], [[M:Troubleshooting_tools#Torch_.28.2Ftool_torch.29 | torch]] and [[M:Tools/Traffic_Generator | traffic generator]] is not running
* [[M:Tools/Packet_Sniffer | sniffer]], [[M:Troubleshooting_tools#Torch_.28.2Ftool_torch.29 | torch]] and [[M:Tools/Traffic_Generator | traffic generator]] is not running,
 
 


{{cont}}
{{cont}}

Latest revision as of 09:11, 27 May 2020

Applies to RouterOS: v6.0rc2 +

Summary

Fast path allows to forward packets without additional processing in the Linux kernel. It improves forwarding speeds significantly.

For fast path to work, interface support and specific configuration conditions are required.

List of devices with FastPath support

FastPath support on the specific devices.

RouterBoard Interfaces
RB6xx series ether1,2
Most of the RB7xx series all Ethernet ports
RB800 ether1,2
RB9xx series all Ethernet ports
RB1000 all Ethernet ports
RB1100 series ether1-11
RB1100AHx4 all Ethernet ports
RB2011 series all Ethernet ports
RB3011 series all Ethernet ports
RB4011 series all Ethernet ports
CRS series routers all Ethernet ports
CCR series routers all Ethernet ports
Other devices Not supported

List of interfaces with FastPath support

FastPath support on different types of interfaces

Interface Supported Notes
Wireless Yes If wireless-fp or wireless-cm2 package used
Bridge Yes Since 6.29
VLAN, VRRP Yes Since 6.30
Bonding Yes RX only, since 6.30
EoIP, GRE, IPIP Yes since 6.33. Interfaces have per interface setting "allow-fast-path". Interfaces have side effect of bypassing firewall, connection tracking, simple queues, queue tree with parent=global, IP accounting, IPsec, hotspot universal client, VRF assignment for encapsulated packets that go trough fastpath
L2TP, PPPoE Yes Since 6.35
LTE Yes
Other No

Note: Allowing FastPath for tunnel interfaces does not guarantee that all packets will go FastPath, so for SlowPath packets regular processing happens as before.


FastPath Handlers

Currently RouterOS has following fast path handlers:

  • ipv4
  • ipv4 fasttrack
  • traffic generator
  • mpls
  • bridge

Note: Packet can be forwarded by fast path handler only if at least source interface support fast path. For complete fast path forwarding destination interface support is also required. See the list of supported interfaces.


IPv4 handler

IPv4 fast path is automatically used if following conditions are met:

  • firewal rules are not configured;
  • firewall address lists are not configured;
  • Traffic flow is disabled /ip traffic-flow enabled=no restriction removed in 6.33;
  • Simple and queue trees with parent=global are not configured;
  • no mesh, metarouter interface configuration;
  • sniffer, torch and traffic generator is not running;
  • connection tracking is not active;
  • ip accounting is disabled (/ip accounting enabled=no);
  • VRFs are not set (/ip route vrf is empty);
  • Hotspot is not used (/ip hostspot has no interfaces);
  • IpSec policies are not configured (ROS v6.8);
  • no active mac-ping, mac-telnet or mac-winbox sessions restriction removed in 6.33;
  • /tool mac-scan is not actively used;
  • /tool ip-scan is not actively used;
  • route cache must be enabled

/ip firewall connection tracking set enabled parameter has new auto value Which means that connection tracking is disabled by default until firewall rules are added.

IPv4 FastTrack handler

FastTrack is available on the devices with FastPath support. FastTrack is FastPath+Connection Tracking. Detailed information about the FastTrack.

Traffic Generator handler

Traffic Generator fast path is automatically used for interfaces that support this feature.

MPLS handler

MPLS fast path is automatically used for interfaces that support this feature.

Currently MPLS fast-path applies only to MPLS switched traffic (frames that enter router as MPLS and must leave router as MPLS) - MPLS ingress and egress (including VPLS tunnel endpoints that do VPLS encap/decap) will operate as before.


Bridge handler

Bridge fast path is automatically used if following conditions are met:

[ Top | Back to Content ]