New Packet flow diagram
RouterOS general discussion

73 posts   •   Page 1 of 2   •   1, 2
User avatar
normis
MikroTik Support
MikroTik Support
 
Posts: 19286
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

New Packet flow diagram

by normis » Fri May 17, 2013 1:21 pm

We have a new concept for the packet flow diagram, applying to RouterOS v6. Please make suggestions for more example drawings, or other comments.

UPDATED

PacketFlowDiagram_v6_page1.jpg
PacketFlowDiagram_v6_page1.jpg (97.22 KiB) Viewed 22822 times


PacketFlowDiagram_v6_page2.jpg
PacketFlowDiagram_v6_page2.jpg (97.11 KiB) Viewed 22822 times


PacketFlowDiagram_v6_page3.jpg
PacketFlowDiagram_v6_page3.jpg (51.86 KiB) Viewed 22822 times


PacketFlowDiagram_v6_example1.2.jpg
PacketFlowDiagram_v6_example1.2.jpg (112.34 KiB) Viewed 22822 times


PacketFlowDiagram_v6_example2.1.jpg
PacketFlowDiagram_v6_example2.1.jpg (110.15 KiB) Viewed 22822 times


PacketFlowDiagram_v6_example3.1.jpg
PacketFlowDiagram_v6_example3.1.jpg (119.83 KiB) Viewed 22822 times
No answer to your question? How to write posts

cheeze
Frequent Visitor
Frequent Visitor
 
Posts: 78
Joined: Tue Jul 31, 2012 7:44 am

Re: New Packet flow diagram

by cheeze » Fri May 17, 2013 7:08 pm

I think they're great :)

However, I don't know what the letters/numbers mean.

Otherwise, awesome.

rkau045
just joined
 
Posts: 18
Joined: Mon Jun 25, 2012 9:14 pm

Re: New Packet flow diagram

by rkau045 » Fri May 17, 2013 9:12 pm

The letters in the circles are jumps. So, for example, the output from mpls chart at H goes back into the main loop at H.

Sent from my XT912 using Tapatalk 2

blingblouw
Member Candidate
Member Candidate
 
Posts: 108
Joined: Wed Aug 25, 2010 9:43 am

Re: New Packet flow diagram

by blingblouw » Fri May 17, 2013 10:51 pm

please please please can we do something before hotspot in, maybe like pre-hotspot-in or move it after mangel pre-routing so that we don't have to count all traffic in a hotspot users sessions.

I really need to allow some sites not to be accounted for in a hotspot session!

User avatar
normis
MikroTik Support
MikroTik Support
 
Posts: 19286
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: New Packet flow diagram

by normis » Mon May 20, 2013 8:22 am

cheeze wrote:I think they're great :)

However, I don't know what the letters/numbers mean.

Otherwise, awesome.


letters are transition points from the first main diagram to more detailed ones. This way we reduced amount of information in main diagram
numbers are used to show packet path through router
No answer to your question? How to write posts

User avatar
nz_monkey
Forum Guru
Forum Guru
 
Posts: 1110
Joined: Mon Jan 14, 2008 2:53 pm
Location: 新西蘭

Re: New Packet flow diagram

by nz_monkey » Mon May 20, 2013 1:05 pm

The new diagram is really good.

It is clearer than the previous diagram.
http://www.mikrotik-routeros.com | Mikrotik MTCNA, MTCRE, MTCINE | Fortinet FTCNA, FCNSP, FCT | Extreme Networks ENA

User avatar
JJCinAZ
Member
Member
 
Posts: 413
Joined: Fri Oct 22, 2004 8:03 am
Location: Tucson, AZ

Re: New Packet flow diagram

by JJCinAZ » Mon May 20, 2013 8:08 pm

Like the new diagrams. One suggestion is to add detail on the "Use MPLS?" and "Use Route?". If you compare these decisions in the flow chart to the first decision after physical input, "In-Interface Bridge Port?", it seems to me that the first decision is much more self describing than the others -- "Is the in-interface in a bridge?" vs. "Are we going to use MPLS?" If it was more clear as to the logic for "Use MPLS" or "Use Route", then it might be more useful in learning RouterOS.

gregsowell
Member Candidate
Member Candidate
 
Posts: 120
Joined: Tue Aug 28, 2007 1:24 am

Re: New Packet flow diagram

by gregsowell » Tue May 21, 2013 6:27 am

Looks clean guys. Nice work.
Hit my blog for video tutorials of Mikrotik and Cacti.
Just so I look as cool as everyone else ->CCNA / CCNP / CCIE W / MCNA / MCRE / Certified Trainer / A+ / N+ / Partridge in pear tree<- man I love being pretentious! :P

User avatar
normis
MikroTik Support
MikroTik Support
 
Posts: 19286
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: New Packet flow diagram

by normis » Tue May 21, 2013 10:33 am

Thanks for the suggestions. First post has been updated with new images. Please make more suggestions, what more examples would you need in the manual?
No answer to your question? How to write posts

andriys
Member Candidate
Member Candidate
 
Posts: 185
Joined: Thu Nov 24, 2011 2:59 pm
Location: Kharkiv, Ukraine

Re: New Packet flow diagram

by andriys » Tue May 21, 2013 11:24 am

Not quite clear where the entrance/exit points are. In my opinion, it would be better if physical interface nodes were visually "open" (not frame-bounded to each other).

User avatar
normis
MikroTik Support
MikroTik Support
 
Posts: 19286
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: New Packet flow diagram

by normis » Tue May 21, 2013 11:25 am

andriys wrote:Not quite clear where the entrance/exit points are. In my opinion, it would be better if physical interface nodes were visually "open" (not frame-bounded to each other).


they are indicated by green/red color
No answer to your question? How to write posts

ener
Frequent Visitor
Frequent Visitor
 
Posts: 62
Joined: Fri May 10, 2013 4:47 pm

Re: New Packet flow diagram

by ener » Tue May 21, 2013 12:05 pm

very nice. maybe soon i could understand hope so

User avatar
omidkosari
Long time Member
Long time Member
 
Posts: 561
Joined: Fri Sep 01, 2006 4:18 pm
Location: Iran , Karaj

Re: New Packet flow diagram

by omidkosari » Thu Jun 13, 2013 8:36 am

Very nice but unfortunately still no place for old feature request Umetered Content for PPP viewtopic.php?f=1&t=45934&start=50#p235456
MTCNA , MTCRE, MTCWE, Mikrotik Certified Trainer

majkel
Frequent Visitor
Frequent Visitor
 
Posts: 67
Joined: Sat Feb 16, 2013 9:23 am

Re: New Packet flow diagram

by majkel » Mon Jun 17, 2013 11:04 pm

When it will be use in 6.x ? ;)

User avatar
Chupaka
Forum Guru
Forum Guru
 
Posts: 7229
Joined: Mon Jun 19, 2006 11:15 pm
Location: Home Network Ltd., Minsk, Belarus

Re: New Packet flow diagram

by Chupaka » Tue Jun 18, 2013 10:24 am

majkel wrote:When it will be use in 6.x ? ;)

it IS, just like the previous one. it's just a look from another point. like a map VS globe - the Earth is still the same :)
For every complex problem, there is a solution that is simple, neat, and wrong.

¡ɹǝ|SOɹǝʇnoɹ ʞıʇoɹʞıW ɯ‚|

MikroTik. Your life. Your routing.

skype: pavel.skuratovich

mknnoc
Member Candidate
Member Candidate
 
Posts: 227
Joined: Thu Feb 28, 2008 7:40 am
Location: cambodia

Re: New Packet flow diagram

by mknnoc » Wed Jun 26, 2013 8:44 am

I am not sure if I understand it correctly. If possible, can you write some explanation under each packet flow diagram?

User avatar
normis
MikroTik Support
MikroTik Support
 
Posts: 19286
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: New Packet flow diagram

by normis » Wed Jun 26, 2013 9:26 am

mknnoc wrote:I am not sure if I understand it correctly. If possible, can you write some explanation under each packet flow diagram?


traffic goes into the "green" physical interface. then follow the arrows and answer questions.
No answer to your question? How to write posts

tomaskir
Forum Veteran
Forum Veteran
 
Posts: 877
Joined: Sat Sep 24, 2011 2:32 pm
Location: Slovakia

Re: New Packet flow diagram

by tomaskir » Wed Jun 26, 2013 1:49 pm

How do trunks (LACP) come into this?

Or are they "transparent" as far as the packet flow diagram is concerned?

ekkas
Long time Member
Long time Member
 
Posts: 560
Joined: Mon Sep 26, 2005 1:01 pm
Location: South Africa

Re: New Packet flow diagram

by ekkas » Wed Aug 14, 2013 10:46 pm

Please help me understand as I'm obviously missing something here...
In ROS 5 you could double-QoS by:
1)Mangle in prerouting, prioritise in Global-In HTB (all in prerouting sub-section)
2)Mark in forward/postrouting, shape in Interface HTB

Now in ROS 6 the global HTB resides in the Input chain, not the prerouting chain!?
So how do I achieve double-QoS with ROS6 then?

Regards
Ekkas

User avatar
Chupaka
Forum Guru
Forum Guru
 
Posts: 7229
Joined: Mon Jun 19, 2006 11:15 pm
Location: Home Network Ltd., Minsk, Belarus

Re: New Packet flow diagram

by Chupaka » Thu Aug 15, 2013 12:32 am

in v6:
1) mark in prerouting/forward/postrouting, prioritize in Global HTB in Queue Tree
2) shape in Simple Queues
For every complex problem, there is a solution that is simple, neat, and wrong.

¡ɹǝ|SOɹǝʇnoɹ ʞıʇoɹʞıW ɯ‚|

MikroTik. Your life. Your routing.

skype: pavel.skuratovich

ekkas
Long time Member
Long time Member
 
Posts: 560
Joined: Mon Sep 26, 2005 1:01 pm
Location: South Africa

Re: New Packet flow diagram

by ekkas » Thu Aug 15, 2013 10:14 am

Thanks for that, but what I do not understand is if the diagram shows Global HTB in Input chain, then it's not supposed to get any forwarding traffic?

According to diagrams:
A) Traffic to Router(v5):
PreRouting (ConnTrack, Mangle, DstNAT, Global HTB)
Input (Mangle, Filter)Traffic to Router(v5):

B)Traffic forwarded(v5):
PreRouting (ConnTrack, Mangle, DstNAT, Global HTB)
Forward (Mangle, Filter)

C)Traffic to Router(v6):
PreRouting (ConnTrack, Mangle, DstNAT)
Input (Mangle, Filter, Global HTB)

D)Traffic forwarded(v6):
PreRouting (ConnTrack, Mangle, DstNAT)
Forward (Mangle, Filter,?)
....

In scenario D, there is no Global HTB in prerouting, according to diagram it is now in Input chain, but Input chain is not used if it is forwarded traffic.
I'm not suggesting ROS is broken, I'm suggesting that possibly the diagram is wrong, or does ROS6 process Input chain for forwarded traffic as well now?

Regards
Ekkas

andriys
Member Candidate
Member Candidate
 
Posts: 185
Joined: Thu Nov 24, 2011 2:59 pm
Location: Kharkiv, Ukraine

Re: New Packet flow diagram

by andriys » Thu Aug 15, 2013 11:31 am

ekkas wrote:the diagram shows Global HTB in Input chain


It shows it not only in Input chain, but in the Postrouting chain as well.
See above the last two blocks in postrouting.

ekkas
Long time Member
Long time Member
 
Posts: 560
Joined: Mon Sep 26, 2005 1:01 pm
Location: South Africa

Re: New Packet flow diagram

by ekkas » Thu Aug 15, 2013 11:39 am

It shows it not only in Input chain, but in the Postrouting chain as well.

I'm talking about prerouting.
Global has always been in postrouting(before Src-NAT, now after src-NAT), but seems to moved from prerouting to input, that's the point I'm trying to make.
V5:
Image

V6:
Image

andriys
Member Candidate
Member Candidate
 
Posts: 185
Joined: Thu Nov 24, 2011 2:59 pm
Location: Kharkiv, Ukraine

Re: New Packet flow diagram

by andriys » Thu Aug 15, 2013 1:11 pm

Any kind of traffic first hits Global HTB, then Simple Tree, and it does it only once. Input traffic hits them in the Input, while Output and Forward traffic - in the Postrouting. The packet flow has changed and you will need to adopt to it.

ekkas
Long time Member
Long time Member
 
Posts: 560
Joined: Mon Sep 26, 2005 1:01 pm
Location: South Africa

Re: New Packet flow diagram

by ekkas » Thu Aug 15, 2013 2:40 pm

Any kind of traffic first hits Global HTB, then Simple Tree, and it does it only once.

Ok, that makes sense.

The packet flow has changed and you will need to adopt to it.

I need to understand before I can adapt. :)

Where would you want QueueTree or Simple Queues in Input chain, except for web proxy maybe? Control is outbound?
Anyways...

Let me put it this way...
For normal unbridged, routed traffic a packed would travel roughly.(#=PacketMark *=Queue)

ROS 5
1-)Prerouting
1a)Mangle Prerouting #1
1b)Dst NAT
1c)Global-In Global-Total HTB *1
2-)Forward
2a)Mangle forward #2
2b)Filter forward
3-)PostRouting
3a)Mangle Postrouting #2
3b)Global-Out Global-Total HTB *2
3c)Src-NAT
4-)Interface HTB *2

So here (if I understand it correctly), you could:
new-packet-mark @ ManglePrerouting(1a), then queue @ Global-In/Global-total(1c)
Then re-mark the packet @ MangleForward(2a) or ManglePostrouting(3a), then queue @Global-out(3b) or Interface HTB(4-)
Correct?

ROS 6:
1-)Prerouting
1a)Mangle Prerouting #1
1b)Dst NAT
2-)Forward
2a)Mangle forward
2b)Filter forward
3-)PostRouting
3a)Mangle Postrouting
3b)src-NAT
3c)Global HTB *1?
3d)Simple queues
4-)Interface HTB

Here, the first queue that you reach, is only in Global HTB(3c), after prerouting, forward, postrouting Mangles. There is no mangle opportunity after that to re-mark the packet before Interface HTB(4-)?
I guess my question is then, can a packet carry more than one mark? Otherwise, how does a packet get remarked if the sequence above is correct?

Thanks for your patience
Ekkas

User avatar
Chupaka
Forum Guru
Forum Guru
 
Posts: 7229
Joined: Mon Jun 19, 2006 11:15 pm
Location: Home Network Ltd., Minsk, Belarus

Re: New Packet flow diagram

by Chupaka » Thu Aug 15, 2013 3:40 pm

ekkas wrote:There is no mangle opportunity after that to re-mark the packet before Interface HTB(4-)?

no opportunity

ekkas wrote:can a packet carry more than one mark?

it cannot
For every complex problem, there is a solution that is simple, neat, and wrong.

¡ɹǝ|SOɹǝʇnoɹ ʞıʇoɹʞıW ɯ‚|

MikroTik. Your life. Your routing.

skype: pavel.skuratovich

ekkas
Long time Member
Long time Member
 
Posts: 560
Joined: Mon Sep 26, 2005 1:01 pm
Location: South Africa

Re: New Packet flow diagram

by ekkas » Thu Aug 15, 2013 5:30 pm

Thanks Chupaka,
it would seem then a big downgrade from ROS5?
How can you do double-control QoS, i.e. shape by client type and QoS by traffic type on one router?

User avatar
Chupaka
Forum Guru
Forum Guru
 
Posts: 7229
Joined: Mon Jun 19, 2006 11:15 pm
Location: Home Network Ltd., Minsk, Belarus

Re: New Packet flow diagram

by Chupaka » Fri Aug 16, 2013 1:17 am

you may use dynamic Simple Queues for shaping, one queue per user - they are speedy now :)
For every complex problem, there is a solution that is simple, neat, and wrong.

¡ɹǝ|SOɹǝʇnoɹ ʞıʇoɹʞıW ɯ‚|

MikroTik. Your life. Your routing.

skype: pavel.skuratovich

ekkas
Long time Member
Long time Member
 
Posts: 560
Joined: Mon Sep 26, 2005 1:01 pm
Location: South Africa

Re: New Packet flow diagram

by ekkas » Fri Aug 16, 2013 3:15 am

That is all fine and well, but the question is how to do it twice.
1)Per user (Throttling)
2)Total outgoing (QoS)
Where to mark and queue it second time?

Regards
Ekkas

User avatar
macgaiver
Forum Guru
Forum Guru
 
Posts: 1137
Joined: Wed May 18, 2005 5:57 pm
Location: Sol III, Sol system, Sector 001, Alpha Quadrant

Re: New Packet flow diagram

by macgaiver » Fri Aug 16, 2013 9:33 am

1) mark by traffic type in any mangle chain... - i suggest "forward"
2) prioritize traffic by traffic type in HTB global
3) use simple queues to apply individual user limits (use target as individual IP, or network and PCQ queue type)
I know what i don't know, do you?

infused
Member Candidate
Member Candidate
 
Posts: 200
Joined: Fri Dec 28, 2012 3:33 pm

Re: New Packet flow diagram

by infused » Mon Sep 02, 2013 2:34 am

Can anyone chuck this in a nice, printable pdf?

Toby7
newbie
 
Posts: 45
Joined: Thu Jan 05, 2012 1:53 am

Re: New Packet flow diagram

by Toby7 » Tue Sep 03, 2013 6:39 pm

One addon from my point of view: I would like to have colours in the picture, they make the boxes much more clearer! :)
PDF is also a good point. Please publish a vector graphics inside the PDF so that we can enjoy a real wallpaper :D

Thank you!

User avatar
ojsa
Member Candidate
Member Candidate
 
Posts: 179
Joined: Tue Jan 27, 2009 9:53 pm
Location: Norway

Re: New Packet flow diagram

by ojsa » Tue Sep 03, 2013 11:27 pm

Is it possible to get this flow chart pictures in SVG or other vectorbased picture format?
Network professional - Certified MTCNA, MTCWE MTCTCE, MTCRE, MTCUME and MTCINE. - Wiki Profile

User avatar
normis
MikroTik Support
MikroTik Support
 
Posts: 19286
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: New Packet flow diagram

by normis » Thu Sep 05, 2013 9:33 am

ojsa wrote:Is it possible to get this flow chart pictures in SVG or other vectorbased picture format?


The original is in Open Office, so no. You could re-draw it as vector and share :)
No answer to your question? How to write posts

sergey
just joined
 
Posts: 14
Joined: Wed Dec 19, 2012 2:28 pm

Re: New Packet flow diagram

by sergey » Thu Sep 05, 2013 11:43 am

Guys

Thank you very much for for the diagram. They are very useful and clear. Well done!

Questions:
1. Could you add they to official documentation (WiKi)?
2. Is it possible to get originals for personal use? I'd want to add comments to the diagrams and print.

Thank you.

sohag
just joined
 
Posts: 2
Joined: Tue Sep 24, 2013 9:08 am

Re: New Packet flow diagram

by sohag » Tue Sep 24, 2013 9:53 am

hi,
thank you so much for helpful post.

User avatar
mrz
MikroTik Support
MikroTik Support
 
Posts: 4080
Joined: Wed Feb 07, 2007 1:45 pm
Location: Latvia

Re: New Packet flow diagram

by mrz » Wed Sep 25, 2013 4:01 pm

Svg files for those who requested:
Image
Image
Image

AlArenal
Member Candidate
Member Candidate
 
Posts: 131
Joined: Thu Aug 01, 2013 5:24 pm
Location: Iserlohn, Germany

Re: New Packet flow diagram

by AlArenal » Wed Sep 25, 2013 5:05 pm

Great, thx alot!

P.S.:
This would should go into the wiki ;-)

User avatar
mrz
MikroTik Support
MikroTik Support
 
Posts: 4080
Joined: Wed Feb 07, 2007 1:45 pm
Location: Latvia

Re: New Packet flow diagram

by mrz » Wed Sep 25, 2013 5:19 pm

It is already there. Images you see here are linked to wiki :)

User avatar
macgaiver
Forum Guru
Forum Guru
 
Posts: 1137
Joined: Wed May 18, 2005 5:57 pm
Location: Sol III, Sol system, Sector 001, Alpha Quadrant

Re: New Packet flow diagram

by macgaiver » Thu Sep 26, 2013 9:45 am

Yes, thanks, finally i can replace my old packet flow diagram printouts that hangs on the wall just across the workplace.

Added PDF that i will use if someone wants to do the same :)
Attachments
Packet Flow Diagram v6.pdf
3 A4 page PDF of Packet flow diagram that you can print out and glue together in one nice diagram. (2nd upload with fixes)
(204.25 KiB) Downloaded 502 times
I know what i don't know, do you?

arahim52
just joined
 
Posts: 1
Joined: Thu Nov 07, 2013 6:13 pm
Location: Bangladesh

Re: New Packet flow diagram

by arahim52 » Thu Nov 07, 2013 6:16 pm

Thanks for sharing this post to us. This is really nice information.
IT Network Support

HaPe
Member Candidate
Member Candidate
 
Posts: 224
Joined: Fri Feb 10, 2012 11:24 pm
Location: Poland

Re: New Packet flow diagram

by HaPe » Sat Nov 23, 2013 3:30 pm

What is the name of software used to create this diagrams?
In anticipation on new The Dude release.

User avatar
ohara
Member
Member
 
Posts: 360
Joined: Mon Jun 13, 2011 11:30 pm
Location: Warsaw

Re: Odp: New Packet flow diagram

by ohara » Sat Nov 23, 2013 5:17 pm

MS Visio

User avatar
Chupaka
Forum Guru
Forum Guru
 
Posts: 7229
Joined: Mon Jun 19, 2006 11:15 pm
Location: Home Network Ltd., Minsk, Belarus

Re: New Packet flow diagram

by Chupaka » Sun Nov 24, 2013 11:33 am

normis wrote:The original is in Open Office
For every complex problem, there is a solution that is simple, neat, and wrong.

¡ɹǝ|SOɹǝʇnoɹ ʞıʇoɹʞıW ɯ‚|

MikroTik. Your life. Your routing.

skype: pavel.skuratovich

User avatar
siscom
Member Candidate
Member Candidate
 
Posts: 181
Joined: Tue May 26, 2009 6:37 pm
Location: Malta, EU.

Re: New Packet flow diagram

by siscom » Wed Jan 08, 2014 2:13 pm

Hi,

In the wiki the following files seem to be missing from the page titled 'Manual:Packet Flow v6' -

http://wiki.mikrotik.com/index.php?titl ... ples_b.gif

http://wiki.mikrotik.com/index.php?titl ... ples_c.gif

Rgds,
Mark.
SIS Ltd - SISCOM
http://www.sis.com.mt

mleducxit
just joined
 
Posts: 10
Joined: Mon May 13, 2013 7:09 pm

Re: New Packet flow diagram

by mleducxit » Thu Jan 23, 2014 8:23 pm

HI all,

I've read many things on this forum and I've track carefully the packet flow, but one thing are still missing. The physical interface rules. Probably it's on the hardware, but try to figure out how can I bridge 5 interfaces on a CCR-1036 6.7, setup a DHCP Server attached to the bridge and control the HTB using the etherX entry. Refering to the scenario PacketFlowDiagram_v6_example1.2.jpg, I've put somes traces (packet log) following the decisions:

There is my config, it's a vanilla one

Code: Select all

/interface bridge
add l2mtu=1590 name=BR_TEST
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m mac-cookie-timeout=3d
/interface bridge filter
add action=mark-packet chain=input in-interface=ether1 new-packet-mark=PACKET_ETH1_UPLOAD
add action=mark-packet chain=output new-packet-mark=PACKET_ETH1_DOWNLOAD out-interface=ether1
/interface bridge port
add bridge=BR_TEST interface=ether1
add bridge=BR_TEST interface=ether3
add bridge=BR_TEST interface=ether4
add bridge=BR_TEST interface=ether5
/interface bridge settings
set allow-fast-path=no use-ip-firewall=yes use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=yes
/ip address
add address=192.168.88.1/24 comment="default configuration" interface=BR_TEST network=192.168.88.0
/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no interface=ether2
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add action=log chain=forward log-prefix=FILTER
/ip firewall mangle
add action=log chain=forward log-prefix=PREROUTING
/ip firewall nat
add action=masquerade chain=srcnat


So quickly, I've add a Bridge interface name BR_TEST, with eth1,3,4 and 5, eth2 are my dhcp client into my personal network and I masquerade anything trough this interface.

I've disabled the fast path for the bridge and enabled the IP Firewall options to enter into the ip mangle table and grab somes packets log output, log that I have seen into the LOG window.

I've just realized that the represented interface are the bridge interface BR_TEST and not ether2... :shock:

I mean, the traffic are still handled by the physical port, not really, but mabe, the virtual BR_TEST port.

Question #1: It is the chipset who do this?

Always referring the chart, I've add two filter rules into the bridge management and now I can track my interface management.

So I've mark my packets, add it on seperated HTB rules and my download queue dont work...

What I'Ve missing?

User avatar
macgaiver
Forum Guru
Forum Guru
 
Posts: 1137
Joined: Wed May 18, 2005 5:57 pm
Location: Sol III, Sol system, Sector 001, Alpha Quadrant

Re: New Packet flow diagram

by macgaiver » Fri Jan 31, 2014 1:17 pm

mleducxit wrote:HI all,

...

So quickly, I've add a Bridge interface name BR_TEST, with eth1,3,4 and 5, eth2 are my dhcp client into my personal network and I masquerade anything trough this interface.

I've disabled the fast path for the bridge and enabled the IP Firewall options to enter into the ip mangle table and grab somes packets log output, log that I have seen into the LOG window.

I've just realized that the represented interface are the bridge interface BR_TEST and not ether2... :shock:

I mean, the traffic are still handled by the physical port, not really, but mabe, the virtual BR_TEST port.

Question #1: It is the chipset who do this?

Always referring the chart, I've add two filter rules into the bridge management and now I can track my interface management.

So I've mark my packets, add it on seperated HTB rules and my download queue dont work...

What I'Ve missing?



There are two perspectivs when use-ip-firewall is used.

1) layer-2 perspective - when traffic comes via one bridge port and leaves via other port of the same bridge - in this case in and out interfaces will be physical interfaces that are in the bridges

2) layer-3 perspective - when packet is routed to bridge - in all configuration packet will leave via bridge interface cause routing doesn't know anything about bridge ports. for this traffic out interface will be bridge interface and only bridge forwarding table will know what actual physical port it goes out.

This is done with one single reason - so that enabling use-ip-firewall will not break your layer-3 configuration that you might have.
I know what i don't know, do you?

andriys
Member Candidate
Member Candidate
 
Posts: 185
Joined: Thu Nov 24, 2011 2:59 pm
Location: Kharkiv, Ukraine

Re: New Packet flow diagram

by andriys » Thu Feb 27, 2014 12:25 pm

The "IPsec Encryption" and "IPsec Decryption" blocks seem to be mixed up on the Routing diagram.

noviy
just joined
 
Posts: 12
Joined: Tue Jun 18, 2013 7:00 pm
Location: Zaporizhzhya, Ukraine

Re: New Packet flow diagram

by noviy » Fri Mar 28, 2014 1:05 am

I propose to consider another option
Attachments
Packet Flow Diagram 03.pdf
(243.01 KiB) Downloaded 222 times

efaden
Forum Guru
Forum Guru
 
Posts: 1365
Joined: Sat Mar 30, 2013 2:55 am
Location: New York, USA

Re: New Packet flow diagram

by efaden » Fri Mar 28, 2014 1:16 am

noviy wrote:I propose to consider another option


I like this.

Sent from my SCH-I545 using Tapatalk
If I helped you please remember to give Karma.

  Next
73 posts   •   Page 1 of 2   •   1, 2

Who is online

Users browsing this forum: ekred, Google [Bot], tinka, zetho and 44 guests

It is currently Wed Nov 26, 2014 12:51 am