i just wonder,
what is the different between connection mark and pakcet mark (in /ip mangle)?
when do we use them?
what is more effective in what situtation?
thank you
To answer this question correctly, it largely depends on your use of the mark. For example, if you are using the mark to propigate a particular firewall chain then a connectoin mark would suffice, due to the fact that the firewall typically only deals with the initial connection (provided you have coded the firewall correctly with the connectoin state set to already established) only once. This keeps the overhead of each chain down and your firewall / mangle rules more efficent keeping the processing overhead low on the router. In a case where each packet needs to be considered (for example the Q tree) then you need a packet mark. The Q tree does not look at connection marks at all, without them you cannot create P2P throttling Q’s or QOS shaping rules with the Q tree. So to answer your question you would use connectoin marks whenever possible to keep the overhead down on the router, however in cases where connection marks cannot be used (such as some Q’s) the paket marks work well. There is also another reason. In many instances a “connection” may begin on one port then move to another (such as some P2P connections) this is where a combination of both marks comes in handy to ensure you capture all the traffic to the correct rule or Q. You would create one connection mark that in turn determines the packet mark to be placed. This flags all the packets for that particular connection regardless of the subsequent port etc.
Hope that helps 