So I recently purchased an RB2011UiAS-RM rackmount unit. I have configured the router to have 2 distinct WANs and 2 LANs, with each LAN being NATted out the corresponding WAN. Basically, ETH1 is WAN1, ETH2-5 is LAN1, ETH6 is WAN2, and ETH7-10 is LAN2. I have done this by adding separate default gateways based on source address & outbound interface, as well as adding ports 6-10 into a separate VRF queue. This is working great so far.
I have read that there is a new "fasttrack" feature in one of the more recent RouterOS firmwares that greatly improves NAT performance. I am wondering whether my setup can properly use it? I believe I have enabled it successfully, using the "ip firewall filter" option, since "ip settings print" shows the following:
Code: Select all
[admin@1176] > /ip settings print
ip-forward: yes
send-redirects: yes
accept-source-route: no
accept-redirects: no
secure-redirects: yes
rp-filter: no
tcp-syncookies: no
max-arp-entries: 8192
arp-timeout: 30s
icmp-rate-limit: 10
icmp-rate-mask: 0x1818
route-cache: yes
allow-fast-path: yes
ipv4-fast-path-active: no
ipv4-fast-path-packets: 0
ipv4-fast-path-bytes: 0
ipv4-fasttrack-active: yes
ipv4-fasttrack-packets: 810997
ipv4-fasttrack-bytes: 1151663730Also, is there any fasttrack support for IPv6? I only see ipv4 in the output above
(btw, I noticed that enabling the fasttrack broke my IPsec site-to-site tunnel. After lots of searching, I found the following link which said I have to remove IPsec from the fasttrack. I did so, and IPsec is working again.
https://schemen.me/mikrotik-fast-track- ... des-ipsec/