Manual:IP/Fasttrack: Difference between revisions

From MikroTik Wiki
Jump to navigation Jump to search
SergejsB (talk | contribs)
Created page with "=== IPv4 FastTrack handler=== IPv4 FastTrack handler is automatically used for marked connections. Use firewall action "fasttrack-connection" to mark connections for fasttrac..."
 
SergejsB (talk | contribs)
No edit summary
Line 1: Line 1:
=== IPv4 FastTrack handler===
{{Versions|v6.29 +}}


__TOC__
== Fastrack ==
=== Description ===
IPv4 FastTrack handler is automatically used for marked connections. Use firewall action "fasttrack-connection" to mark connections for fasttrack. Currently only TCP and UDP connections can be actually fasttracked (even though any connection can be marked for fasttrack). IPv4 FastTrack handler supports NAT (SNAT, DNAT or both). FastTrack is supported on the specific [[M:Fast_Path#List_of_devices_with_FastPath_support | boards]].
IPv4 FastTrack handler is automatically used for marked connections. Use firewall action "fasttrack-connection" to mark connections for fasttrack. Currently only TCP and UDP connections can be actually fasttracked (even though any connection can be marked for fasttrack). IPv4 FastTrack handler supports NAT (SNAT, DNAT or both). FastTrack is supported on the specific [[M:Fast_Path#List_of_devices_with_FastPath_support | boards]].


Note that not all packets in a connection can be fasttracked, so it is likely to see some packets going through slow path even though connection is marked for fasttrack. Fasttracked packets bypass firewall, connection tracking, simple queues, queue tree with parent=global, <del>ip traffic-flow</del>(restriction removed in 6.33), ip accounting, ipsec, hotspot universal client, vrf assignment, so it is up to administrator to make sure fasttrack does not interfere with other configuration;
Note that not all packets in a connection can be fasttracked, so it is likely to see some packets going through slow path even though connection is marked for fasttrack. Fasttracked packets bypass firewall, connection tracking, simple queues, queue tree with parent=global, <del>ip traffic-flow</del>(restriction removed in 6.33), ip accounting, ipsec, hotspot universal client, vrf assignment, so it is up to administrator to make sure fasttrack does not interfere with other configuration;


=== Requirements ===
IPv4 FastTrack is active if following conditions are met:
IPv4 FastTrack is active if following conditions are met:


Line 13: Line 19:
* /tool ip-scan is not actively used;
* /tool ip-scan is not actively used;


=== Examples ===
==== Initial configuration ====
For example, in home routers with factory default configuration, you could Fasttrack all LAN traffic with this one rule placed at the top of the Firewall Filter. The same configuration accept rule is required:
For example, in home routers with factory default configuration, you could Fasttrack all LAN traffic with this one rule placed at the top of the Firewall Filter. The same configuration accept rule is required:



Revision as of 08:41, 27 November 2015

Applies to RouterOS: v6.29 +

Fastrack

Description

IPv4 FastTrack handler is automatically used for marked connections. Use firewall action "fasttrack-connection" to mark connections for fasttrack. Currently only TCP and UDP connections can be actually fasttracked (even though any connection can be marked for fasttrack). IPv4 FastTrack handler supports NAT (SNAT, DNAT or both). FastTrack is supported on the specific boards.

Note that not all packets in a connection can be fasttracked, so it is likely to see some packets going through slow path even though connection is marked for fasttrack. Fasttracked packets bypass firewall, connection tracking, simple queues, queue tree with parent=global, ip traffic-flow(restriction removed in 6.33), ip accounting, ipsec, hotspot universal client, vrf assignment, so it is up to administrator to make sure fasttrack does not interfere with other configuration;

Requirements

IPv4 FastTrack is active if following conditions are met:

  • no mesh, metarouter interface configuration;
  • sniffer, torch and traffic generator is not running;
  • no active mac-ping, mac-telnet or mac-winbox sessions restriction removed in 6.33;
  • /tool mac-scan is not actively used;
  • /tool ip-scan is not actively used;

Examples

Initial configuration

For example, in home routers with factory default configuration, you could Fasttrack all LAN traffic with this one rule placed at the top of the Firewall Filter. The same configuration accept rule is required:

/ip firewall filter add chain=forward action=fasttrack-connection connection-state=established,related
/ip firewall filter add chain=forward action=accept connection-state=established,related

Note, that this will break any filtering and Queues you apply for LAN traffic, you will have to mark traffic first, if you want to only fasttrack specific traffic.

This is how a default configuration looks with fastpath rule added on top (and auto-added dummy rule above it):