What is the right way to conditionally “fasttrack” packets ?
I changed “FastTrack” to “accept” a while back to enable processing of traffic VIA mangle. Sometimes though, I just want the traffic Fast Tracked in hardware.
A little background.
Due to having two kids and two WAN links on one hardware router I use Queues and Mangle rules to process routing marks. All this I really only care about for the WAN.
I also run a number of VLANS which are all off one physical port. So its a hybrid trunk port in essence. Since the VLAN’s only deal with Hyperv Guest traffic and nothing else this works fine. My VLAN purpose is network aggregation not segmentation.
So, here is the problem. To route between VLANS requires coming out of Layer2 into the CPU, and that is limited and slow. I see the CPU at 100% when copy files between of any size and its least once a week its 80G per machine and there are 20 guest machines. So, its SLOW.
So, when traffic is between the VLAN’s I want to avoid all the mangle and firewall rules since these are not needed for this traffic, they are all about the WAN and QOS etc.
I guess this is a FASTTRACK rule on the input chain?
I also guess I just need to specify source and destination addresses, since you can’t deal with ports on the input chain?
I don’t really know, if that sounds plausible, that’s a lucky guess on my part.
Is this even possible ?
No, traffic between VLANs passes through forward, not input. Unless your Mikrotik has a switch chip with L3 hardware offload the routed traffic is still handled by the CPU, fasttrack merely skips some of the processing and typically improves performance by a factor around 2-3 times.
You could qualify the fasttrack rule, e.g. with connection-mark=no-mark to handle everything which doesn’t have a connect mark applied, or out-interface-list=!WAN for everything not destined for a WAN interface.
What you need to do is copy and paste information within the same VLAN, and do this behind a SWITCH with greater than 1gig ports.
Other wise a. your limited to 1 gig ports to begin with and then the ROUTING capacity of the router ( whether its between internet and vlans or between vlans
Why not load balance between 2 WANs… The only reason to queue is if they are preventing the rest of the users from doing something?
If that is the case, ask them what they are doing, and then address that directly, either by doing it between certain times, doing it for them so they can focus on school work, exercise etc…
If they are streaming something outwards, that has potential negative ramifications and could be another problem altogether.
Or you can explicitly accept (legitimate) traffic, which should not be fasttracked, by and “ordinary action=accept” rule which is placed above the fasttrack rule.
This sort of “fasttrack avoidance” does come with overhead of an additional rule (or a few), but avoids complexity of exclusion criteria on fasttrack rule.
