Page 1 of 1

Moving rules from Filter to RAW cause better performance?

Posted: Tue Aug 20, 2019 8:18 pm
by blackmetal
Hello,
I have a Mikrotik CCR 1036 and i have about 10 IP FIlter rules on it, in some cases (like high pps) my cpu usages is around %70 so my question is if i disable all of my ip filter firewall rules and migrate them to RAW , is it cause better performance and reduce cpu usages?
Thanks,

Re: Moving rules from Filter to RAW cause better performance?

Posted: Tue Aug 20, 2019 8:21 pm
by pe1chl
No, that will actually increase CPU usage, assuming you are running with connection tracking and have an "accept established/related" rule in your filter list.

Re: Moving rules from Filter to RAW cause better performance?

Posted: Tue Aug 20, 2019 8:32 pm
by blackmetal
my connection tracking is disabled on my routers so there is no connection tracking. and my rules are only permit or deny so there is no complicated rules.

Re: Moving rules from Filter to RAW cause better performance?

Posted: Tue Aug 20, 2019 8:42 pm
by pe1chl
In that case there will be no difference I think.
The point is that with connection tracking active (and already having taken the performance that costs) it is unwise to filter in the raw table because in
the raw table the router always has to evaluate all the deny rules, while in the filter table it usually hits on the "accept established/related" rule at the top
and never has to evaluate all those specific rules below that which match specific cases.
Without connection tracking it has to do that anyway and it will matter very little where you do it, unless you have a lot of denied traffic.
(e.g. when you are trying to fend off some attack)

Re: Moving rules from Filter to RAW cause better performance?

Posted: Tue Aug 20, 2019 8:48 pm
by blackmetal
Thank you for your comment,
Still waiting for other guys comments to choose best decision.

Re: Moving rules from Filter to RAW cause better performance?

Posted: Tue Aug 20, 2019 10:01 pm
by sebastia

Re: Moving rules from Filter to RAW cause better performance?

Posted: Wed Aug 21, 2019 7:26 am
by blackmetal
Thanks Buddy for guide me! but i read that thread and it was like a argument between two person who one of them agreed with filter chain and another one agreed with RAW chain, but personally i am agree with raw chain because it will drop before it can checkd by any other secion like queue and etc.
so whats your idea finally?

Re: Moving rules from Filter to RAW cause better performance?

Posted: Wed Aug 21, 2019 10:56 am
by sebastia
as stated there("conntrack by default is most expensive RouterOS facility"), the high cost of/before "filter" table is the connection tracking logic. If it's disabled, it won't matter whether it's in raw or filter.