This article doesn’t have any mentions about lags when mangle activated.
That is because there is no “lags when mangle activated”.
The documentation says:
FastTracked packets bypass firewall, connection tracking, simple queues, queue tree with parent=global, ip traffic-flow(restriction removed in 6.33), IP accounting, IPSec, hotspot universal client
So you should have noted that you CANNOT use “/ip firewall mangle” in combination with fasttrack.
The reason you get “lags” instead of complete failure is also explained:
Note that not all packets in a connection can be FastTracked, so it is likely to see some packets going through slow path even though connection is marked for FastTrack.
However I agree that is documentation page is far too vague and should explain a bit more about such topics.
Should it? What you call “lags” are symptoms, not the problem itself. The main thing that article tells you is the following:
Warning: > Queues (except Queue Trees parented to interfaces), firewall filter and mangle rules will not be applied for FastTracked traffic.
Everything else is just an effect of you trying to apply mutually incompatible technologies to the same traffic. What those effects are depends heavily on your router’s configuration, and I don’t see documenting every possible symptom being in any way feasible.
Well, the documentation page looks more like a change list item made when the feature was introduced than a useful documentation page for the feature.
It should start with a paragraph that explains what Fasttrack actually is and does, and why.
Many users now seem to believe that this is just a “set and forget” option that only brings you benefits and it would be stupid to turn it off and get worse performance.
Especially because it is enabled by default, and all those places where other features (e.g. mangle in this case) are explained usually do not refer back to fasttrack.
(“before you can use this feature, you first need to turn off fasttrack, see https://wiki.mikrotik.com/wiki/Manual:IP/Fasttrack”)
So it is actually not so surprising that a newish user who is searching for a solution to their particular requirement and finds and configures is, is then surprised that it does not work and it is because fasttrack is still enabled on his router.
Well, we are getting a bit off-topic here…
To be clear, I’m not saying that the documentation as it is now is perfect. You are right in that it may and should be improved in lots of rather reasonable ways. However complaining about the fasttrack page not telling about “lags when mangle activated” is still silly.
Data is only updated when beamforming is working - we will fix this in upcoming versions
Hi 2 all! If I’ll upgrade mikrotik from 6.42.1 to 6.43.11 with a lot firewall rules, caps-man and vlan created I will get problem that something will not work ?
If this would be true, then a tx power of 17dbm with 3 chains should results in about 12dbm, which it aint, it’s 14dbm (still just the minus 3dbm configured antenna gain)
No one can possibly answer that question. Start with checking changelogs: https://mikrotik.com/download/changelogs
Hi pe1chl
I just want to say “thanks” to you after I removed fasttrack as your suggestion. Everything is working perfectly.
You’re a lifesaver !
Ok I hope you also have read the remainder of the discussion that explains how this confusion arises and why it sometimes causes problems.
Completely disabling fasttrack is the safest solution. It may cause some performance hit but modern devices usually have enough performance.
(you can check the CPU load of the router and/or do some speedtest)
Forced to drop back to 6.43.8 on RB4011. Not stable and drop in routing performance with some CAPS and VPN issues.
May have been script specific. Not sure how to downgrade once you update the Routerboard FW. Lucky I had a new spare 4011 in box,
EDIT: Disabling FastTrack fixed all… Thanks !! I’m not clear on possible IPSec changes however.
I don’t think there’s a limitation that routerboot should not be higher version than ROS.
That is right, you can downgrade just the RouterOS, there is no need to downgrade the Routerboard Firmware.
There is usually no change in them anyway. A while ago the unfortunate decision was made to release the Firmware under the same version number as RouterOS itself, but usually there are no changes and the update from 6.43.8 to 6.43.11 in Firmware just changed the version number, nothing else.
(before this, the firmware had a much lower version number that rarely changed. it was probably modified because people when asked “what RouterOS version do you have” sometimes replied with the Firmware version number which was useless)
In my setup 6.43.11 slows down and cause troubles to VPNs of connections encapsulated in PPPoE that pass through a bridge if I have “/interface bridge settings set use-ip-firewall=yes use-ip-firewall-for-pppoe-yes” to snoop inside pppoe packets and set priorities accordingly (to handle voip QoS).
Setup (things between square brakets are separate devices):
[router] ––[bridge with use-ip-firewall]—[pppoeconcentrator]---->theinternet
Good afternoon from western Wisconsin,
After upgrading my company’s CCR1009 to v6.43.11, the local DNS resolver stopped resolving. A rollback to v6.43.4 restored local DNS resolution. Has anyone else experienced this same issue after upgrading to v6.43.11 ?
Thank you in advance,
Isaac Grover
Such power correction based on the antenna gain makes the use of antennas with dbi > 2 practically useless. Since using a high gain antenna, we trade the width of the “beam” into its “concentration” to get the range increase. Then, with such auto correction , we will get almost the same range with degraded spreading. I would like to hear an official opinion of Mikrotik on this matter. Am I right in my reasoning that the use of such antennas when specifying the correct data in the settings is impractical? And the only use for them is commercial use with broadcast licenses and using manual settings (not a regulatory)?
That is incorrect. The gain concentrates your TX power in a smaller spot, but it also concentrates your receive spot which means you reduce the interference and you also gain signal.
This increases your performance on point-to-point links, which is what those antennas are for.
The licensing has always specified power as EIRP, Effective Isotropic Radiated Power, which means the 1W EIRP is the same as a 1W transmitter radiating into an antenna with 0dBi gain and when your antenna has gain you should reduce the transmit power.
Note that this change is not something invented by MikroTik who are trying to kill your links.
It is enforced by regulators who have told MikroTik they facilitate illegal use of the bands (even with default settings) and they had to correct this or else stop sales.
New version 6.43.12 has been released in stable RouterOS channel:
http://forum.mikrotik.com/t/v6-43-12-stable-is-released/127609/1