Community discussions

MikroTik App
 
zcqian
just joined
Topic Author
Posts: 5
Joined: Thu Jul 30, 2020 9:00 am

FastTrack Not Working

Fri Jul 31, 2020 9:56 pm

I have a CCR2004 and recently I noticed FastTrack is not working. I'm running RouterOS 6.47.1.

Mainly the router is just forwarding packets between VLANs, defined on the same bridge interface (bridge-main in the configuration).

When I run /ip settings print I get
              ip-forward: yes
          send-redirects: yes
     accept-source-route: no
        accept-redirects: no
        secure-redirects: yes
               rp-filter: no
          tcp-syncookies: no
    max-neighbor-entries: 8192
             arp-timeout: 30s
         icmp-rate-limit: 10
          icmp-rate-mask: 0x1818
             route-cache: yes
         allow-fast-path: yes
   ipv4-fast-path-active: no
  ipv4-fast-path-packets: 0
    ipv4-fast-path-bytes: 0
   ipv4-fasttrack-active: yes
  ipv4-fasttrack-packets: 0
    ipv4-fasttrack-bytes: 0
And that means FastTrack is active but no packets are going through FastTrack?

Here is my highly redacted router configuration, let me know if I should leave in more details, or remove more unrelated information so it's easier to read.
/interface bridge
add admin-mac=REDACTED auto-mac=no igmp-snooping=yes name=bridge-main vlan-filtering=yes
/interface ethernet
set [ find default-name=sfp-sfpplus2 ] auto-negotiation=no
/interface vlan
add interface=bridge-main name=vlan-att vlan-id=401
add interface=bridge-main name=vlan-ipcam vlan-id=201
add interface=bridge-main name=vlan-lan vlan-id=100
add interface=bridge-main name=vlan-mgmt vlan-id=99
/interface list
add comment=management name=mgmt
add comment=LAN name=lan
add name=main-trunk
/ip pool
add name=pool-ipcam ranges=REDACTED/24
/ip dhcp-server
add address-pool=pool-ipcam disabled=no interface=vlan-ipcam name=server-ipcam
/interface sstp-client
add authentication=mschap2 connect-to=REDACTED:1443 name=sstp1 pfs=yes profile=default-encryption user=REDACTED \
    verify-server-address-from-certificate=no
/routing bgp instance
set default disabled=yes
/user group
set full policy=\
    local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp
/certificate settings
set crl-store=system
/interface bridge port
add bridge=bridge-main disabled=yes interface=ether1 pvid=99
add bridge=bridge-main interface=sfp-sfpplus1
add bridge=bridge-main interface=lan pvid=100
add bridge=bridge-main interface=main-trunk
/interface bridge vlan
add bridge=bridge-main comment=mgmt tagged=sfp-sfpplus1,sfp-sfpplus2,bridge-main vlan-ids=99
add bridge=bridge-main comment=lan tagged=sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus4,bridge-main vlan-ids=100
add bridge=bridge-main tagged=sfp-sfpplus1,bridge-main vlan-ids=401
add bridge=bridge-main comment=iot tagged=sfp-sfpplus1,sfp-sfpplus2 vlan-ids=200
add bridge=bridge-main comment=ipcam tagged=sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus4,bridge-main vlan-ids=201
add bridge=bridge-main comment=guest tagged=sfp-sfpplus1,sfp-sfpplus2 vlan-ids=300
/interface list member
add interface=ether1 list=mgmt
add interface=vlan-mgmt list=mgmt
add interface=sfp-sfpplus2 list=main-trunk
add interface=sfp-sfpplus3 list=lan
add interface=sfp-sfpplus1 list=main-trunk
add interface=sfp-sfpplus4 list=main-trunk
/ip address
add address=REDACTED/24 comment="management vlan interface" interface=vlan-mgmt network=REDACTED
add address=REDACTED/25 interface=vlan-lan network=REDACTED
add address=REDACTED/24 comment="ATT ONU Address" disabled=yes interface=vlan-att network=REDACTED
add address=REDACTED/20 comment="IP Cameras VLAN Interface" interface=vlan-ipcam network=REDACTED
add address=REDACTED/24 comment="fuck these cams" disabled=yes interface=vlan-ipcam network=REDACTED
/ip dhcp-client
add disabled=no interface=vlan-att
/ip dhcp-server lease
add address=REDACTED client-id=REDACTED mac-address=REDACTED server=server-ipcam
add address=REDACTED client-id=REDACTED mac-address=REDACTED server=server-ipcam
/ip dhcp-server network
add address=REDACTED/20 dns-none=yes gateway=REDACTED netmask=20
/ip dns
set servers=REDACTED,REDACTED
/ip firewall filter
add action=accept chain=input comment="accept established, related" connection-state=established,related
add action=drop chain=input comment="drop invalid" connection-state=invalid
add action=accept chain=input comment="accept from UDM" connection-state=new src-address=REDACTED
add action=drop chain=input comment="drop not from management" in-interface-list=!mgmt
add action=fasttrack-connection chain=forward comment="fasttrack established, related" connection-state=\
    established,related
add action=accept chain=forward comment="allow forward established, related" connection-state=established,related
add action=accept chain=forward comment="allow forward from public ip range" src-address=REDACTED
add action=accept chain=forward comment="forward to UDM" dst-address=REDACTED
add action=drop chain=forward comment="drop everything else"
/ip firewall nat
add action=masquerade chain=srcnat dst-address=REDACTED/24 src-address=REDACTED
add action=masquerade chain=srcnat dst-address=REDACTED/16 src-address=REDACTED
/ip route
add distance=1 gateway=REDACTED routing-mark=cn-she
/ip route rule
add disabled=yes src-address=REDACTED/32 table=cn-she
/routing bfd interface
set [ find default=yes ] disabled=yes

Also, I was wondering if it's worth having connection tracking on (Connection tracking w/ FastTrack vs. conntrack disabled). In the future I may be hosting some VMs for others behind this router, so I will definitely have more rules in the forward chain. Other than that it's just a home router.

Any help is appreciated, thank you guys!


Update 1:
I removed all firewall rules, so I think Fast Path should be active. But I see that no packets are going through Fast Path. Running /ip settings print gives me:
              ip-forward: yes
          send-redirects: yes
     accept-source-route: no
        accept-redirects: no
        secure-redirects: yes
               rp-filter: no
          tcp-syncookies: no
    max-neighbor-entries: 8192
             arp-timeout: 30s
         icmp-rate-limit: 10
          icmp-rate-mask: 0x1818
             route-cache: yes
         allow-fast-path: yes
   ipv4-fast-path-active: yes
  ipv4-fast-path-packets: 0
    ipv4-fast-path-bytes: 0
   ipv4-fasttrack-active: no
  ipv4-fasttrack-packets: 0
    ipv4-fasttrack-bytes: 0
I assume this is because Fast Path is not supported on bridge with VLAN filtering on. Does this affect FastTrack?
 
angboontiong
Forum Guru
Forum Guru
Posts: 1125
Joined: Fri Jan 16, 2009 9:59 am

Re: FastTrack Not Working

Thu Dec 31, 2020 7:56 pm

in fact,
fasttrack is not working

Who is online

Users browsing this forum: No registered users and 50 guests