Fasttrack & queue tree non-global queues

According to the Wiki on Fasttrack, it looks like it should work with PCQ queues that in the queue tree are attached to specific interfaces - not global:

Warning: Queues (except Queue Trees parented to interfaces), firewall filter and mangle rules will not be applied for FastTracked traffic.

We have our queue trees associated to specific ports (LAN and WAN Ethernet). When I turn on Fasttrack on the router, any users that are assigned to a queue suddenly bypass the queue and get the full bandwidth of the router. While I can create an exception rule in the fasttrack to exclude those addresses that should be getting queued, it still seems to go against what I expect the fasttrack to do from the documentation.

We serve customers with the following packages: 25 Mbps, 50 Mbps and unlimited. The router has around 600 Mbps feeding it (symmetrical). When we have a customer assigned to the “unlimited” plan, they top out at 360 / 250 Mbps (download/upload). If I enable fasttrack on the router, they see 660 / 550 which is the limit of the microwave link to that router. Pretty significant difference. But, as soon as I enable fasttrack, the 25 and 50 mbps clients see unlimited as well even though the queue tree for them is not using global.

Maybe packets no more mangling? Without packets marks queue don’t work? WTF?


Yours respectfully!

We are not running many firewall rules to take that much of a toll on CPU:

add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=accept chain=input comment="Allow API from Sonar" dst-port=8728 in-interface=ether1-WAN protocol=tcp
add action=accept chain=input comment="Accept SSH, webfig, WinBox from MGT LAN" dst-port=22,8080,8291 protocol=tcp src-address-list=Management
add action=accept chain=input comment="Accept SNMP from MGT LAN" dst-port=161 protocol=udp src-address-list=Management
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN

Our Mangle rules are below. We are marking connection and then packet for the queue tree:

add action=mark-connection chain=prerouting comment="mark connection 25" new-connection-mark=connection_25 passthrough=yes src-address-list=Residential25
add action=mark-packet chain=forward comment="packet mark 25" connection-mark=connection_25 new-packet-mark=packet_25 passthrough=no
add action=mark-connection chain=prerouting comment="mark connection 50" new-connection-mark=connection_50 passthrough=yes src-address-list=Residential50
add action=mark-packet chain=forward comment="packet mark 50" connection-mark=connection_50 new-packet-mark=packet_50 passthrough=no

Then the Queue’s:

/queue type
add kind=pcq name="25 Shaping UP" pcq-classifier=src-address pcq-dst-address6-mask=64 pcq-rate=28M pcq-src-address6-mask=64
add kind=pcq name="25 Shaping DOWN" pcq-classifier=dst-address pcq-dst-address6-mask=64 pcq-rate=28M pcq-src-address6-mask=64
add kind=pcq name="50 Shaping UP" pcq-classifier=src-address pcq-dst-address6-mask=64 pcq-rate=53M pcq-src-address6-mask=64
add kind=pcq name="50 Shaping Down" pcq-classifier=dst-address pcq-dst-address6-mask=64 pcq-rate=53M pcq-src-address6-mask=64
/queue tree
add name="25 Download" packet-mark=packet_25 parent=bridge queue="25 Shaping DOWN"
add name="50 Download" packet-mark=packet_50 parent=bridge queue="50 Shaping Down"
add name="25 Upload" packet-mark=packet_25 parent=ether1-WAN queue="25 Shaping UP"
add name="50 Upload" packet-mark=packet_50 parent=ether1-WAN queue="50 Shaping UP"

Nothing here suggests that fasttrack would bypass the queue. I am also a bit surprised by the bandwidth hit:

Speedtest with no fasttrack:

Speedtest with fasttrack on:

AS manual stated - firewall rules (including your packet marks) are skipped, only mark you can use is default “no-mark”

Cwachs - i’m curious, what model routerboard are you running? to see such a speed difference between fasttrack on and off. I’m seeing almost exactly the same bandwidth numbers on my RB3011, with fasttrack off it tops out around 250 to 300mbit (however I do have quite a bit more firewall rules then you’re basic, minimal set of rules). Of course with fast track ON , my devices see the maximum of my line, around 700Mbit, through the RB 3011.

( also, in regards to your question, it looks like the wiki was updated to show that only interface type queues will work when fasttrack is on, so I can’t think of a way you can classify your different speed packages / offerings unless you either upgrade your single routerboard to a faster model (maybe?) , or add two or three new routerboards behind your current , core routerboard ( Ie keep your current routerboard w fasttrack on, then have 2 or 3 dedicated routeboards, one for each bandwith package you offer (To spread the load around)
Thanks