One way to make the traffic to and from the router more visual might be to add a symbol right in the middle of the diagram that represents the router itself and its different services.
Jinx @jaclaz. 
Yours was way more professional!
P.S.
Just noticed the picture in your first post - cracked me up! 
I actually like this. Itâs definitely a step away from the sterile view of presenting only the kernel subsystem. But it could very well be way easier to understand.
Maybe even go further, and have the ârouterâs internal processesâ as one entity, with packets entering and leaving it. The symbol should be something âcloudyâ to suggest that various things can go on inside. I would still label the input/output arrows with the current âto routerâs internal processâ and âgenerated by routerâ, just so the diagram can be easily linked to the more conventional depictions.
Thoughts?
Are you talking about something like the gray circle (with services) in my suggestion, or are you referring to a completely different approach?
Added some semi-random graphics in the middle.
It seems to me like better representing the idea that there is some mechanism inside the router that will take some decision.
Yes. 
I was referring to something very much like yours, with the gray circle. My suggestion was to basically just have the gray circle, and give the things that are now rounded rectangley less focus. Simply because itâs pointless to write âto local processâ, when we have a box labeled âlocal processesâ and an arrow pointing to itâŚ
Upon seeing it, I like jaclazâs the best: the packet entrance/exit points are preserved (and on second thought that was not nice about my previous approach, it looked like just another processing step, which it is not). But with things grouped in the braces, all this is clear.
I would only suggest that instead of the assorted kitchen utensils, actual text could be included, like âservicesâ, and while Iâm a bit âput offâ by it, I think actually including some well-known examples, such as âDNS, Winbox, SSHâ there would certainly help in making the idea immediately recognizable. (Maybe with small letter?) Maybe these labels donât deserve their own box? Maybe they should be in some sort of âcloudâ symbol to show that they are sort of indefinite (or a loose assortment), at least from the POV of the diagram.
Just an important note: IPSec should never be put in there. IPSec, especially policy-based (the only one Mikrotik does) is not done there. If we want to be pedantic, the IKE service does run there, but actual encryption/decryption does not.
Only little problem being that we donât have âa box labeled âlocal processesâ and an arrow pointing to it.â 
, nor we have written anywhere (on the flowchart) âto local processâ 
.
We do have a box labeled âto routerâs internal processâ with an arrow pointing to it, though 
.
Make an exact list of those services.
I have about six lines available in Excel that should be enough for about 6 or so (maybe a few more if three or four letters) of them in 10 points characters (they will become roughly 8 points in the final svg/png A3 version), small but still readable:
1.
2.
3.
4.
5.
6.
7.
8.
9.
Then I will find a suitable symbol to enclose them.
Loosely something like:
Now youâre just being cruel⌠
I think as a symbol something like this is fine.
It wasnât my intention to list all the services, because obviously we could start at OpenVPN and end at file sharing like SMB, NFS, etc. My thought was just to give a few (maybe 2-3-4?) well-known examples. Those were the first that came to my mind, but if someone has a more universally recognized selection, Iâm all for it.
Thanks again for tolerating all the âlittle ideasâ.
One of the example processes should be something that actively initiate connections (such as fetch, traceroute, or netwatch, that start with #15), not only those that normally first listen for incoming connections.
Why exactly do you think that the example has three dots last? I could even change those to âetc.â
Your mission, should you accept it, is to list a number (no less than 6, no more than 12) of the most commonly used things, those that can be considered exemplary for the concept to be easily graspable, in an order similar as much as possible as their usage in the real world.
To make an example[*] with the the three services mechanisms (as fetch, netwatch or traceroute are not services AFAICT) mentioned by CGGXANNX:
- traceroute - used before or later by 100% of users â RELEVANT
- netwatch - used very often later by 45% of users â MARGINAL
- fetch - used only later by 17.8% of users â fetch WHAT?
[*] I simply love to cite freshly invented statistic data
1 Like
This post does self-destruct within 5 seconds, doesnât it ? 
Naah, it uses Mikrotik v 6 date/time format, but runs on v 7 so it will self-destruct at a random instant between last week and next year.
Okay:
- DNS (a usual well-known service)
- Winbox (an example of an admin interface)
- SSH (donât know really, I just think itâs so ubiquitous that itâs somehow worth mentioning)
- traceroute (a diagnostic function)
- OpenVPN (a well known user-space VPN)
- detect internet
I have no idea for no. 6, actually, but by listing everyoneâs favorite feature, it can at least be ensured that you get plenty of suggestions
I would personally refrain from mentioning scripting functionality, and netwatch, not because itâs not a perfect example, but the naming is absolutely Mikrotik-specific.
I think CGGXANNX at least deserves to be given no. 6, and also to replace SSH if he thinks thereâs a better example.
- DNS
- DHCP
- NTP
- Winbox
- WebFig
- Rest API
- SSH
- IPSec
- L2TP/PPTP/SSTP
- Wireguard
- ZeroTier
- OpenVPN
- SNMP
- BGP/OSPF/RIP/MPLS
- FTP
- CAPsMAN
- RoMON
@Larsa: I get your point, just please donât go overboard:
- IPSec is not handled this way, only the IKE daemon runs as an actual process, the policies are matched elsewhere
- MPLS is not handled according to this diagram at all (other than in the sense that the routing protocols that signal it do)
- RoMON also fundamentally works in a way not described in this diagram
Well, maybe theyâre at different levels in the stack, but they still have to be handled by the internal services to work, so they definitely belong in the box. But those were just examples, so just throw in whatever you think fits best. Personally, Iâd go with a few that are pretty well known and recognized even by people who are new to ROS.
LOL, @Larsaâs list is list the âhard modeâ of the MikroTik forumâs password challenge (where they ask you identify routers in a list as captcha)⌠Except, @Larsa list is âwhich of the following do NOT involve the Layer3 IPv4 firewallââŚ
The value, I think, of @jaclazâs work is X and Y axis, configuration section vs chain. Something like IPSec is just complex, and already covered by MikroTik existing ones & full fidelity would likely make jaclaz work just as confusing.
Now WireGuard⌠is not covered in either caseâ but Iâm not sure anyone could definitely describe its flow . That seems like it should have its own diagram one day â since itâs even more confusing from packet flow than IPSec.
(From photo, I guess I was typing: âWe have another hole to dig after this one is doneâ)
You must be joking , that is Rule #5 of the Mikrotik Club:
http://forum.mikrotik.com/t/the-twelve-rules-of-mikrotik-club/182164/1
no way it will be mentioned on the flowchart as people might believe that it actually does something (useful).
Not detect internet, pleaseâŚ
@Larsa: MPLS and RoMON do not interact with the ip firewall and are not shown; IPSec of course does, but it is explicitly excluded due to the complexity/confusion that it adds.
@Amm0: Actually Wireguard is fully covered. The only strange thing about wg regarding the firewall diagram is that it runs in kernel space, but it has a fully functional and equivalent user space implementation (written in Go no less). The peculiarities around its routing are not because itâs different as a service but because of certain design decisions that were made during its development. (It may be hard to believe, but sometimes they are actually to your advantage.)
@jaclaz & @holvoetn: Read the sentence immediately following the quote. I was trolling - apparently successfully