Fasttrack on CCR 1009-8G-1S-1S+

RouterOS General
1

Hi,

I have a CCR 1009 sitting at the core of our work network.

We have multiple VLANs, mgmt, client, Wifi, Voip, etc.

I’ve added a Fasttrack rule to the top of our forward chain with a standard accept related/est below it:

5    ;;; FastTrackTest
      chain=forward action=fasttrack-connection 
      connection-state=established,related log=no log-prefix="" 

 6    ;;; Forward established/related
      chain=forward action=accept connection-state=established,related log=no 
      log-prefix=""

This seems to work, in that it is matching traffic, but I’ve not seen any improvement on iperf tests from one vlan to another.

IP settings shows that Fasttrack is not active:

ip settings print 
              ip-forward: yes
          send-redirects: yes
     accept-source-route: no
        accept-redirects: no
        secure-redirects: yes
               rp-filter: no
          tcp-syncookies: no
         max-arp-entries: 8192
             arp-timeout: 30s
         icmp-rate-limit: 10
          icmp-rate-mask: 0x1818
             route-cache: yes
         allow-fast-path: yes
   ipv4-fast-path-active: no
  ipv4-fast-path-packets: 0
    ipv4-fast-path-bytes: 0
   ipv4-fasttrack-active: no
  ipv4-fasttrack-packets: 0
    ipv4-fasttrack-bytes: 0

And the dummy rule is not incrementing at all.

So my question is, am I missing something obvious?

Thanks

2

Fasttrack is only helping for connections that need connection tracking. NATed connections for example.
Regular routing does not benefit from Fasttrack.

What does help is Fastpath.
You don’t need to enable anything to enable fastpath. It just works when the hardware and configuration supports it.

Also see: http://wiki.mikrotik.com/wiki/Manual:Fast_Path

3

OK, but I do have NATted connections on this router, we have web-servers, email servers and so on.
My point is that the router is showing that Fasttrack is not available, it’s not ticked.
I understand that not all traffic will be Fasttracked.

Fast path only works with no firewall, is that correct?

4

If no firewall (NAT/Filter) is running, you don’t need FastTrack.

5

everybody say you dont need it but dont help to know if its correct or not

i have the same issue

6

Everything is configured as per the RouterOS manual example for Fasttrack.

We DO have NATted connections, both in and out.

So I would expected Fasttrack to work.

But IP settings show that it is not active, my question is why not?

7

What do you have in the forward chain at the top?

8

Mine’s working on my CCR-1009 using the 6.33rc’s, but don’t see much if any speed improvement with the 1009’s speed and my low volume. My CRS125 and RB2011 see a vast improvement.

They’ve been steadily improving when fast-track can be enabled, but if you have certain things active/running fast-track will be disabled.

Queue’s are a definite no. Mac Winbox would disable it while connected until a recent RC.

I believe VLANs were also recently added. (I’m running vlans)

What RoS version are you running? Can you post your configuration?

9

The Fasttrack rule is at the top of the forward chain.

Mine’s working on my CCR-1009 using the 6.33rc’s, but don’t see much if any speed improvement with the 1009’s speed and my low volume. My CRS125 and RB2011 see a vast improvement.

They’ve been steadily improving when fast-track can be enabled, but if you have certain things active/running fast-track will be disabled.

Queue’s are a definite no. > Mac Winbox would disable it while connected until a recent RC.

I believe VLANs were also recently added. (I’m running vlans)

What RoS version are you running? Can you post your configuration?

Ah, OK, I’m using Queue trees and Mangle to QoS our VoIP traffic.
So I suppose this is why it’s not active?

10

That’ll do it.