I have a question regarding the IP → Traffic Flow feature. I’m currently using Traffic Flow to export traffic data to ntop for analysis, and I’m considering enabling Fast Track for performance improvements.
My question is: Will the IP → Traffic Flow export still function correctly for flows that are offloaded via Fast Track? In my brief testing it does not seem to report flows once offloaded.
Any insights or experiences with this would be greatly appreciated!
Thanks in advance for your help!
Hi ajgnet,
I’m also using ntopng with Mikrotik and am very interested in this topic. We enable Fast Track from 7am to 6pm on working days for performance reasons. Like you, I’ve encountered issues where the Traffic Flow export doesn’t seem to capture flows that are offloaded via Fast Track.
To address your question, in my experience and based on some research, Fast Track offloads the processing of packets directly to the hardware, bypassing some of the software processing done by RouterOS, including Traffic Flow export. This is why you may not be seeing those flows in your ntopng analysis.
Has anyone found a way to have both Fast Track and accurate Traffic Flow exports working together effectively? Any insights or additional recommendations would be greatly appreciated.
In short: invest more money in hardware.
Fasttrack is designed expressly to bypass as much processing as possible. BTW, this includes mangle functionality and some others. The same is result of L3HW offload (in that case traffic never leaves switch chip towards CPU).
So if one absolutely needs some functionality incompatible with fasttrack, then the only solution is to purchase router which can handle traffic thrown at it without resorting to such performance tricks.
I have not tested this in RouterOS v7, but in RouterOS v6 it was definitely working.