Community discussions

just joined
Topic Author
Posts: 1
Joined: Thu Oct 05, 2017 4:41 pm

Understanding fast path, fasttracking, and fast-forward

Thu Oct 05, 2017 8:43 pm

Hey all. I recently set up a basic home router AP at home and I'd like to dive in a bit deeper in understanding networking fundamentals. Though, I don't understand the differences and functionalities for following options, so I thought I'd ask for some help to point me forward.
  • Interfaces: Fast Path. According to wiki page it "improves forwarding speeds significantly". In other words should I just enable this to all active interfaces? Why is it enabled on wlan1 interface by default?
  • Firewall filters: Fast Track. Wiki page: "IPv4 FastTrack handler is automatically used for marked connections." -> What is a marked connection and based on what is it marked? "Use firewall action "fasttrack-connection" to mark connections for fasttrack." -> How is this determined?
  • Bridge: fast-forward. Wiki page: "Special and faster case of Fast Path which works only on bridges with 2 interfaces (enabled by default only for new bridges)" -> So how I understood this is that if I have just two interfaces bridged, not like bridging wlan1 and a switch group master ether2 for instance, the packet processing between interfaces is faster?
Moreover, do these features overlap? Can or should they all be enabled if possible?

Last edited by eryan on Thu Oct 05, 2017 11:04 pm, edited 1 time in total.
User avatar
Posts: 28
Joined: Sat Jun 20, 2015 7:19 pm
Location: Ontario, Canada

Re: Understanding fast path, fasttracking, and fast-forward

Thu Oct 05, 2017 10:48 pm

A basic firewall rule set would include just the permit and deny statements necessary to control traffic. This would be inefficient since once a connection/stream has been established, you don't need to check all the rules for subsequent packets as long as you know the packet is a member of a stream that has already been approved.
add action=accept chain=forward connection-state=established,related
So we add this line and put it at the top of your firewall rules. This way once a connection is established, subsequent packets will be permitted by this rule which is at the top of the list where it will be processed first/fast. Only the first packet of the connection has to scan all the firewall rules to find a permit statement.

You can expand this even further with FastTrack. Fast track bypasses even more of the logic of the firewall for established connections resulting in even greater performance. You do lose some features like queue's depending upon your setup.
add action=fasttrack-connection chain=forward connection-state=established,related
Move this line all the way to the top of your rules.

Who is online

Users browsing this forum: MSN [Bot] and 24 guests