原文:
https://wiki.mikrotik.com/wiki/Manual:IP/Fasttrack
需要兩條命令來執行:
/ip firewall filter add chain=forward action=fasttrack-connection connection-state=established,related /ip firewall filter add chain=forward action=accept connection-state=established,related
描述
IPv4 FastTrack處理程序自動用於標記的連接。使用防火牆操作“ fasttrack-connection”來標記FastTrack的連接。當前,只有TCP和UDP連接實際上可以被快速跟蹤(即使可以將任何連接標記為快速跟蹤)。IPv4 FastTrack處理程序支持NAT(SNAT和/或DNAT)。
請注意,並非連接中的所有數據包都可以被FastTracked,因此即使將連接標記為FastTrack,也有可能看到某些數據包通過慢速路徑。這就是為什么快速跟蹤連接通常遵循相同的action = accept規則的原因。FastTracked數據包繞過防火牆,連接跟蹤,簡單隊列,parent = global的隊列樹,IP流量(在6.33中取消了限制),IP accounting,IPSec,熱點通用客戶端,VRF分配,因此管理員應確保FastTrack不干擾其他配置;
要求
如果滿足以下條件,則IPv4 FastTrack處於活動狀態:
- 沒有網狀,元路由器接口配置;
- sniffer, torch and traffic generator is not running;
沒有活動的mac-ping,mac-telnet或mac-winbox會話限制已在6.33中刪除;- / tool mac-scan沒有被積極使用;
- / tool ip-scan沒有被積極使用;
- 在IP /Settings 下啟用了FastPath和路由緩存
Supported hardware
FastTrack is supported on the listed devices.
| RouterBoard | Interfaces |
|---|---|
| RB6xx series | ether1,2 |
| RB7xx series | all ports |
| RB800 | ether1,2 |
| RB9xx series | all ports |
| RB1000 | all ports |
| RB1100, RB1000AHx2 | ether1-11 |
| RB1000AHx2 | all ports |
| RB2011 series | all ports |
| RB3011 series | all ports |
| RB4011 series | all ports |
| CRS series routers | all ports except management interface (if the device has one) |
| CCR series routers | all ports except management interface (if the device has one) |
| All devices | wireless interfaces, if wireless-fp, wireless-cm2, wireless-rep or wireless (starting from 6.37) package used |
Examples
Initial configuration
For example, in home routers with factory default configuration, you could FastTrack all LAN traffic with this one rule placed at the top of the Firewall Filter. The same configuration accept rule is required:
/ip firewall filter add chain=forward action=fasttrack-connection connection-state=established,related /ip firewall filter add chain=forward action=accept connection-state=established,related
View of simple FastTrack rules in the firewall, it is important to have other filter or mangle rules to get the advantage of the FastTrack:
- /ip firewall filter
- /ip firewall mangle
Warning: Queues (except Queue Trees parented to interfaces), firewall filter and mangle rules will not be applied for FastTracked traffic.
- Connection is FastTracked until connection is closed, timed-out or router is rebooted.
- Dummy rules will dissapear only after FastTrack firewall rules will be deleted/disabled and router rebooted.
FastTrack on RB2011
FastTrack is enabled on RB2011 at chain=forward with the rule from previous example. Bandwidth test with single TCP stream is sent,
