Manual:Fast Path: Difference between revisions

From MikroTik Wiki
Jump to navigation Jump to search
Megis (talk | contribs)
No edit summary
No edit summary
 
(46 intermediate revisions by 7 users not shown)
Line 10: Line 10:


==List of devices with FastPath support==
==List of devices with FastPath support==
 
FastPath support on the specific devices.
Interface FastPath support can be checked by doing "/interface print detail" and seeing fast-path property value.
 


<table class="styled_table">
<table class="styled_table">
Line 24: Line 22:
</tr>
</tr>
<tr>
<tr>
   <td ><b>RB7xx series</b></td>
   <td ><b>Most of the RB7xx series</b></td>
   <td >all ethernets</td>
   <td >all Ethernet ports</td>
</tr>
</tr>
<tr>
<tr>
Line 33: Line 31:
<tr>
<tr>
   <td ><b>RB9xx series</b></td>
   <td ><b>RB9xx series</b></td>
   <td >all ethernets</td>
   <td >all Ethernet ports</td>
</tr>
</tr>
<tr>
<tr>
   <td ><b>RB1000</b></td>
   <td ><b>RB1000</b></td>
   <td >all ethernets</td>
   <td >all Ethernet ports</td>
</tr>
</tr>
<tr>
<tr>
   <td ><b>RB1100 series</b></td>
   <td ><b>RB1100 series</b></td>
   <td >ether1-10,11</td>
   <td >ether1-11</td>
</tr>
<tr>
  <td ><b>RB1100AHx4</b></td>
  <td >all Ethernet ports</td>
</tr>
</tr>
<tr>
<tr>
   <td ><b>RB2011 series</b></td>
   <td ><b>RB2011 series</b></td>
   <td >all ethernets and sfp</td>
   <td >all Ethernet ports</td>
</tr>
<tr>
  <td ><b>RB3011 series</b></td>
  <td >all Ethernet ports</td>
</tr>
<tr>
  <td ><b>RB4011 series</b></td>
  <td >all Ethernet ports</td>
</tr>
<tr>
  <td ><b>CRS series routers</b></td>
  <td >all Ethernet ports</td>
</tr>
</tr>
<tr>
<tr>
   <td ><b>CCR series routers</b></td>
   <td ><b>CCR series routers</b></td>
   <td >all ethernets and sfps</td>
   <td >all Ethernet ports</td>
</tr>
<tr>
  <td ><b>Other devices</b></td>
  <td >Not supported</td>
</tr>
</table>
 
==List of interfaces with FastPath support==
FastPath support on different types of interfaces
 
<table class="styled_table">
<tr>
  <th>Interface</th>
  <th>Supported</th>
  <th>Notes</th>
</tr>
<tr>
  <td ><b>Wireless</b></td>
  <td ><b>Yes</b></td>
  <td >If wireless-fp or wireless-cm2 package used</td>
</tr>
<tr>
  <td ><b>Bridge</b></td>
  <td ><b>Yes</b></td>
  <td >Since 6.29</td>
</tr>
 
<tr>
  <td ><b>VLAN, VRRP</b></td>
  <td ><b>Yes</b></td>
  <td >Since 6.30</td>
</tr>
 
<tr>
  <td ><b>Bonding</b></td>
  <td ><b>Yes</b></td>
  <td >RX only, since 6.30</td>
</tr>
</tr>
<tr>
<tr>
   <td ><b>All devices</b></td>
   <td ><b>EoIP, GRE, IPIP</b></td>
   <td >wireless interfaces, if wireless-fp or wireless-cm2 package used</td>
  <td ><b>Yes</b></td>
   <td >since 6.33. Interfaces have per interface setting "allow-fast-path". Interfaces have side effect of bypassing firewall, connection tracking, simple queues, queue tree with parent=global, IP accounting, IPsec, hotspot universal client, VRF assignment for encapsulated packets that go trough fastpath</td>
</tr>
</tr>
<tr>
<tr>
  <td ><b>L2TP, PPPoE</b></td>
  <td ><b>Yes</b></td>
  <td >Since 6.35</td>
</tr>
<tr>
  <td ><b>LTE</b></td>
  <td ><b>Yes</b></td>
   <td ></td>
   <td ></td>
  <td >bridge interfaces (since 6.29)</td>
</tr>
</tr>
<tr>
  <td ><b>Other</b></td>
  <td ><b>No</b></td>
  <td ></td>
</tr>
</table>
</table>
{{ Note | Allowing FastPath for tunnel interfaces does not guarantee that all packets will go FastPath, so for SlowPath packets regular processing happens as before. }}


==FastPath Handlers==
==FastPath Handlers==
Line 71: Line 138:
* bridge
* bridge


{{ Note | Packet can be forwarded by fast path handler only if at least source interface support fast path. For complete fast path forwarding destination interface support is also required. See the [[#List_of_RouterBoards_with_FastPath_support | list]] of supported interfaces.}}
{{ Note | Packet can be forwarded by fast path handler only if at least source interface support fast path. For complete fast path forwarding destination interface support is also required. See the [[Manual:Fast_Path#List_of_devices_with_FastPath_support | list]] of supported interfaces.}}


=== IPv4 handler ===
=== IPv4 handler ===
Line 78: Line 145:


* [[M:IP/Firewall | firewal rules]] are not configured;
* [[M:IP/Firewall | firewal rules]] are not configured;
* Traffic flow is disabled <code>/ip traffic-flow enabled=no</code>;
* [[M:IP/Firewall | firewall address lists]] are not configured;
* <del>Traffic flow is disabled <code>/ip traffic-flow enabled=no</code></del> restriction removed in 6.33;
* Simple and [[Manual:Queue| queue]] trees with parent=global are not configured;
* Simple and [[Manual:Queue| queue]] trees with parent=global are not configured;
* no [[M:Interface/HWMPplus | mesh]], [[M:Metarouter | metarouter]] interface configuration;
* no [[M:Interface/HWMPplus | mesh]], [[M:Metarouter | metarouter]] interface configuration;
Line 87: Line 155:
* Hotspot is not used (/ip hostspot has no interfaces);
* Hotspot is not used (/ip hostspot has no interfaces);
* IpSec policies are not configured (ROS v6.8);
* IpSec policies are not configured (ROS v6.8);
* no active mac-ping, mac-telnet or mac-winbox sessions;
* <del>no active mac-ping, mac-telnet or mac-winbox sessions</del> restriction removed in 6.33;
* /tool mac-scan is not actively used;
* /tool mac-scan is not actively used;
* /tool ip-scan is not actively used;
* /tool ip-scan is not actively used;
* route cache must be enabled


<code>/ip firewall connection tracking set enabled</code> parameter has new <var>auto</var> value Which means that connection tracking is disabled by default until firewall rules are added.
<code>/ip firewall connection tracking set enabled</code> parameter has new <var>auto</var> value Which means that connection tracking is disabled by default until firewall rules are added.
Line 95: Line 164:
=== IPv4 FastTrack handler===
=== IPv4 FastTrack handler===


IPv4 FastTrack handler is automatically used for marked connections. Use firewall action "fasttrack-connection" to mark connections for fasttrack. Currently only TCP and UDP connections can be actually fasttracked (even though any connection can be marked for fasttrack). IPv4 FastTrack handler supports NAT (SNAT, DNAT or both).
FastTrack is available on the devices with FastPath support. FastTrack is FastPath+Connection Tracking.
 
Detailed information about the [[M:IP/Fasttrack | FastTrack]].
Note that not all packets in a connection can be fasttracked, so it is likely to see some packets going through slow path even though connection is marked for fasttrack. Fasttracked packets bypass firewall, simple queues, queue tree with parent=global, ip traffic-flow, ip accounting, ipsec, hotspot universal client, vrf assignment, so it is up to administrator to make sure fasttrack does not interfere with other configuration;
 
IPv4 FastTrack is active if following conditions are met:
 
* no [[M:Interface/HWMPplus | mesh]], [[M:Metarouter | metarouter]] interface configuration;
* [[M:Tools/Packet_Sniffer | sniffer]], [[M:Troubleshooting_tools#Torch_.28.2Ftool_torch.29 | torch]] and [[M:Tools/Traffic_Generator | traffic generator]] is not running;
* no active mac-ping, mac-telnet or mac-winbox sessions;
* /tool mac-scan is not actively used;
* /tool ip-scan is not actively used;
 
For example, in home routers with factory default configuration, you could Fasttrack all LAN traffic with this one rule placed at the top of the Firewall Filter:
 
/ip firewall filter add chain=forward action=fasttrack-connection connection-state=established,related
 
Note, that this will break any filtering and Queues you apply for LAN traffic, you will have to mark traffic first, if you want to only fasttrack specific traffic.
 
This is how a default configuration looks with fastpath rule added on top (and auto-added dummy rule above it):
 
[[File:fasttrack.png]]


===Traffic Generator handler===
===Traffic Generator handler===
Line 132: Line 182:
Bridge fast path is automatically used if following conditions are met:
Bridge fast path is automatically used if following conditions are met:


* [[Manual:Interface/Bridge#Bridge_VLAN_Filtering | bridge VLAN filtering]] is disabled,
* [[Manual:Interface/Bridge#DHCP_Snooping_and_DHCP_Option_82 | bridge DHCP snooping]] is disabled,
* no [[M:Interface/Bridge#Bridge_Firewall | bridge firewall]] rules (<code>/interface bridge filter, /interface bridge nat</code>) are configured,
* no [[M:Interface/Bridge#Bridge_Firewall | bridge firewall]] rules (<code>/interface bridge filter, /interface bridge nat</code>) are configured,
* <code>/interface bridge settings use-ip-firwall=no</code>,
* <code>/interface bridge settings use-ip-firwall=no</code>,
* destination interface queue is set to [[Manual:Queue#Queue_Types | only-hw-queue]],
* no [[M:Interface/HWMPplus | mesh]], [[M:Metarouter | metarouter]] interface configuration,
* no [[M:Interface/HWMPplus | mesh]], [[M:Metarouter | metarouter]] interface configuration,
* [[M:Tools/Packet_Sniffer | sniffer]], [[M:Troubleshooting_tools#Torch_.28.2Ftool_torch.29 | torch]] and [[M:Tools/Traffic_Generator | traffic generator]] is not running,
* [[M:Tools/Packet_Sniffer | sniffer]], [[M:Troubleshooting_tools#Torch_.28.2Ftool_torch.29 | torch]] and [[M:Tools/Traffic_Generator | traffic generator]] is not running,
* if wireless is configured, then wireless-fp or wireless-cm2 package must be used in order to use FastPath
{{Note | Currently VLAN, PPP and Bonding interfaces does not support FastPath}}
{{Note | Starting from v6.1 added VRRP interface no longer disables fast path globally.
Ipv4 and bridge fast path handlers will not work only if source interface is vrrp slave interface.}}


{{cont}}
{{cont}}

Latest revision as of 09:11, 27 May 2020

Applies to RouterOS: v6.0rc2 +

Summary

Fast path allows to forward packets without additional processing in the Linux kernel. It improves forwarding speeds significantly.

For fast path to work, interface support and specific configuration conditions are required.

List of devices with FastPath support

FastPath support on the specific devices.

RouterBoard Interfaces
RB6xx series ether1,2
Most of the RB7xx series all Ethernet ports
RB800 ether1,2
RB9xx series all Ethernet ports
RB1000 all Ethernet ports
RB1100 series ether1-11
RB1100AHx4 all Ethernet ports
RB2011 series all Ethernet ports
RB3011 series all Ethernet ports
RB4011 series all Ethernet ports
CRS series routers all Ethernet ports
CCR series routers all Ethernet ports
Other devices Not supported

List of interfaces with FastPath support

FastPath support on different types of interfaces

Interface Supported Notes
Wireless Yes If wireless-fp or wireless-cm2 package used
Bridge Yes Since 6.29
VLAN, VRRP Yes Since 6.30
Bonding Yes RX only, since 6.30
EoIP, GRE, IPIP Yes since 6.33. Interfaces have per interface setting "allow-fast-path". Interfaces have side effect of bypassing firewall, connection tracking, simple queues, queue tree with parent=global, IP accounting, IPsec, hotspot universal client, VRF assignment for encapsulated packets that go trough fastpath
L2TP, PPPoE Yes Since 6.35
LTE Yes
Other No

Note: Allowing FastPath for tunnel interfaces does not guarantee that all packets will go FastPath, so for SlowPath packets regular processing happens as before.


FastPath Handlers

Currently RouterOS has following fast path handlers:

  • ipv4
  • ipv4 fasttrack
  • traffic generator
  • mpls
  • bridge

Note: Packet can be forwarded by fast path handler only if at least source interface support fast path. For complete fast path forwarding destination interface support is also required. See the list of supported interfaces.


IPv4 handler

IPv4 fast path is automatically used if following conditions are met:

  • firewal rules are not configured;
  • firewall address lists are not configured;
  • Traffic flow is disabled /ip traffic-flow enabled=no restriction removed in 6.33;
  • Simple and queue trees with parent=global are not configured;
  • no mesh, metarouter interface configuration;
  • sniffer, torch and traffic generator is not running;
  • connection tracking is not active;
  • ip accounting is disabled (/ip accounting enabled=no);
  • VRFs are not set (/ip route vrf is empty);
  • Hotspot is not used (/ip hostspot has no interfaces);
  • IpSec policies are not configured (ROS v6.8);
  • no active mac-ping, mac-telnet or mac-winbox sessions restriction removed in 6.33;
  • /tool mac-scan is not actively used;
  • /tool ip-scan is not actively used;
  • route cache must be enabled

/ip firewall connection tracking set enabled parameter has new auto value Which means that connection tracking is disabled by default until firewall rules are added.

IPv4 FastTrack handler

FastTrack is available on the devices with FastPath support. FastTrack is FastPath+Connection Tracking. Detailed information about the FastTrack.

Traffic Generator handler

Traffic Generator fast path is automatically used for interfaces that support this feature.

MPLS handler

MPLS fast path is automatically used for interfaces that support this feature.

Currently MPLS fast-path applies only to MPLS switched traffic (frames that enter router as MPLS and must leave router as MPLS) - MPLS ingress and egress (including VPLS tunnel endpoints that do VPLS encap/decap) will operate as before.


Bridge handler

Bridge fast path is automatically used if following conditions are met:

[ Top | Back to Content ]