Page 1 of 1

Re: New Packet flow diagram

Posted: Fri Mar 28, 2014 12:53 am
by tomaskir
I propose to consider another option
Great work there!

I like as well - but, is there any way to make it horizontal instad of vertical?
If it was horizontal, it would fit on a widescreen monitor much better.

Also, there is bunch of spelling errors, and on the right side, it should say Encapsulation (currently says Decapsulation).

But great work otherwise!

Could you please please please upload an editable version?

Re: New Packet flow diagram

Posted: Fri Mar 28, 2014 11:14 am
by andriys
I propose to consider another option
Awesome!
What diagramming tool did you use?

Re: New Packet flow diagram

Posted: Fri Mar 28, 2014 12:53 pm
by noviy
Fixed small bug

Re: New Packet flow diagram

Posted: Fri Mar 28, 2014 1:49 pm
by noviy
For preview:
Packet Flow Diagram r20140328.jpg

Re: New Packet flow diagram

Posted: Fri Mar 28, 2014 2:37 pm
by efaden
For preview:
Packet Flow Diagram r20140328.jpg
Nice... PDF or SVG or some sort of vector image would be ideal. Looks great though.

Re: New Packet flow diagram

Posted: Fri Mar 28, 2014 3:25 pm
by noviy
Nice... PDF or SVG or some sort of vector image would be ideal. Looks great though.
See my previous post.

Re: New Packet flow diagram

Posted: Fri Mar 28, 2014 3:42 pm
by tomaskir
Nice... PDF or SVG or some sort of vector image would be ideal. Looks great though.
See my previous post.
Any chance for an editable version?

Thanks!

Re: New Packet flow diagram

Posted: Fri Mar 28, 2014 4:13 pm
by efaden
Nice... PDF or SVG or some sort of vector image would be ideal. Looks great though.
See my previous post.
Any chance for an editable version?

Thanks!
+1

Re: New Packet flow diagram

Posted: Sun Mar 30, 2014 12:31 pm
by noviy
Some changes, for a better understanding of travel of packets.
Fixes:
2014.04.05
- Corrected position 'IPSec Decryption' and 'IPSec Encryption' boxes in ROUTING (gratitude: macgaiver);
- Fixed form blocks 'Bridge Decision' in 'Forward' and 'Output' Chain.
2014.04.10
- Added "Configurable Facilities": Menu items of RouterOS corresponding function blocks;
- Corrected name of block "Decapsulation 
(TE, VPLS, VLAN, Tunnel)" to "Encapsulation (TE, VPLS, VLAN, Tunnel)" in "OUT-INTERFACE 
LOGICAL" line;
- Corrected name of block "Bridge Adjustm." to "Routing Adjustm." in "Output" chain (gratitude: greek);
- Corrected bloks in "Input" and "Postrouting" chains: "Global HTB" > "HTB Global | Queue tree", added "Simple Queues" (gratitude: greek);
Packet Flow Diagram r20140410.png
P.S. I am also willing to listen to any comments and additions.

Re: New Packet flow diagram

Posted: Fri Apr 04, 2014 2:38 pm
by macgaiver
Nice one - very informative. Just "IPSec Decryption and Encryption boxes need to be swapped - traffic comes to router and in case it is IPSec it will have policy and will be decrypted, not encrypted
and when leaving if there is IPSec policy it will be encrypted - this fix was also done on the wiki:
http://wiki.mikrotik.com/wiki/File:Pack ... m_v6_b.svg

Re: New Packet flow diagram

Posted: Sat Apr 05, 2014 7:21 pm
by noviy
Nice one - very informative. Just "IPSec Decryption and Encryption boxes need to be swapped
Thank you, fixed - see updated my post.

Re: New Packet flow diagram

Posted: Tue Apr 08, 2014 9:59 pm
by greek
Thank you, fixed - see updated my post.
Why last block in output chain is "Bridge Adjustm"?
In original scheme it's "Routing Adj."

And why "Simple queues" blocks is absent in "Input" and "Postrouting" chains ?

Re: New Packet flow diagram

Posted: Thu Apr 10, 2014 2:01 pm
by noviy
Why last block in output chain is "Bridge Adjustm"?
In original scheme it's "Routing Adj."

And why "Simple queues" blocks is absent in "Input" and "Postrouting" chains ?
Fixed - see updated my post
Thank you!

Re: New Packet flow diagram

Posted: Sat Apr 12, 2014 10:46 am
by normalcy
This is fantastic. Thanks for the effort as I think this layout helps you connect the layers together better than the original separated diagrams. Hopefully it becomes the official one.

Re: New Packet flow diagram

Posted: Sat Apr 12, 2014 11:50 am
by java016
To me the first version of diagrams is easier to consume. Second version is a little bit noise. There is too many arrows. Main content is hidden in the web of transitions! Arrows that define logical layers is too big, it's not the main content.

Re: New Packet flow diagram

Posted: Mon Apr 14, 2014 12:25 pm
by noviy
To me the first version of diagrams is easier to consume. Second version is a little bit noise. There is too many arrows. Main content is hidden in the web of transitions! Arrows that define logical layers is too big, it's not the main content.
You can download the source in Microsoft Visio 2010 and disable the extra layers, making it easier diagrams at its discretion.

Re: New Packet flow diagram

Posted: Mon Apr 14, 2014 1:43 pm
by java016
To me the first version of diagrams is easier to consume. Second version is a little bit noise. There is too many arrows. Main content is hidden in the web of transitions! Arrows that define logical layers is too big, it's not the main content.
You can download the source in Microsoft Visio 2010 and disable the extra layers, making it easier diagrams at its discretion.
Thanks for reply. =))

Re: New Packet flow diagram

Posted: Thu Jun 19, 2014 2:33 pm
by normis
noviy, can we use it in the MikroTik Wiki manual ?

Re: New Packet flow diagram

Posted: Fri Jun 20, 2014 12:42 am
by greek
Why first and last figures in output chain are not a parallelepiped as in original scheme?

As i know, parallelepiped has concretic mining in flowchart http://en.wikipedia.org/wiki/Flowchart

Re: New Packet flow diagram

Posted: Sun Jun 22, 2014 1:56 pm
by noviy
noviy, can we use it in the MikroTik Wiki manual ?
Yes, of course! I'll be glad if it will be useful for Mikrotik project.

Re: New Packet flow diagram

Posted: Fri Jun 27, 2014 11:44 am
by avenn
Excellent thank you for this diagram. I have just got back from a MTCRE course in sunny England and it was causing a positive buzz! Loving it! :D

Regards

Aidan Venn

Re: New Packet flow diagram

Posted: Sun Jun 29, 2014 7:17 pm
by qwertysqwerty
Excellent work. Very useful indeed!

Thank you.

Re: New Packet flow diagram

Posted: Tue Jul 15, 2014 1:18 pm
by nest
noviy - can you get in touch with us as we would like to print these professionally as posters? :) Email me at shop (at) linitx.com

Re: New Packet flow diagram

Posted: Tue Dec 02, 2014 11:22 am
by dendlet
The new diagram is really good.

It is clearer than the previous diagram.

Re: New Packet flow diagram

Posted: Fri Dec 26, 2014 4:51 am
by Buster2
Nice comprehensive graphics!

May I suggest to stick with english grammar rules for questions: auxiliary verb, then subject, then verb

Decapsulation is needed? -> Is decapsulation needed?
Encapsulation is needed? -> Is encapsulation needed?
It's IP Traffic? -> Is it IP traffic? ("It is IP Traffic" is a statement, not a question)

These changes would give decisions a consistent wording.

Re: New Packet flow diagram

Posted: Sun Dec 28, 2014 9:54 am
by noviy
Nice comprehensive graphics!

May I suggest to stick with english grammar rules for questions: auxiliary verb, then subject, then verb

Decapsulation is needed? -> Is decapsulation needed?
Encapsulation is needed? -> Is encapsulation needed?
It's IP Traffic? -> Is it IP traffic? ("It is IP Traffic" is a statement, not a question)

These changes would give decisions a consistent wording.
Thank you for your comments! In the near future I will try to fix it.

Re: New Packet flow diagram

Posted: Fri Jan 09, 2015 10:48 pm
by b1863515
I guess you pros can understand the packet flow but I don't :(. Is there a book or a link that would explain what is actually happening in the individuals steps?

Re: New Packet flow diagram

Posted: Sat Jan 10, 2015 10:21 am
by Chupaka
I guess you pros can understand the packet flow but I don't :(. Is there a book or a link that would explain what is actually happening in the individuals steps?
check http://wiki.mikrotik.com/wiki/Manual:Packet_Flow

Re: New Packet flow diagram

Posted: Sat Jan 10, 2015 2:09 pm
by b1863515
I guess you pros can understand the packet flow but I don't :(. Is there a book or a link that would explain what is actually happening in the individuals steps?
check http://wiki.mikrotik.com/wiki/Manual:Packet_Flow
Thanks!

Re: New Packet flow diagram

Posted: Thu Sep 24, 2015 1:16 pm
by Flythroughs12
Thanks :)

Re: New Packet flow diagram

Posted: Wed Mar 16, 2016 5:24 pm
by yxudous
Trying to implement your double qos suggestions for hotel. I want to proritize traffic in queue tree and limit per user with dynamic simple queues. I can generate the simple queues in dhcp lease but what happens if a customer sets his own static ip? How can I generate his queue so that he does not bypass the limits?

Re: New Packet flow diagram

Posted: Fri Mar 18, 2016 2:22 pm
by Chupaka
How can I generate his queue so that he does not bypass the limits?
1) authorization
2) just create a queue for 'everyone else' (10.0.0.0/16) with hard limits :)

Re: New Packet flow diagram

Posted: Fri Mar 25, 2016 12:37 pm
by alexkhokhlov
I have a clarification question regarding the order of mangle and routing processing of the "output" chain.

I want a script on my router to connect to a fixed-ip website via a predefined WAN connection (in order to get my external ip on that connection).
The set-up is the following:
  1. mikrotik 951G-2HnD v6.34.3
  2. two WAN connections on ethernet ports: first is a default (higher priority in routing), second is a failover (lower priority in routing)
  3. my ip-firewall-mangle rules section contain a rule on "output" chain to mark a non-marked connection to a fixed-ip destination
  4. my ip-firewall-mangle also contain a rule to place a routing mark on all marked connections to a failover WAN (via routing table)
All is working perfectly as planned.

However, according to http://wiki.mikrotik.com/wiki/Manual:Packet_Flow_v6 the output chain does not go through a "routing decision" block (K->L flow). The absolutely fantastic new diagram in this thread also shows that local "output" block with "mangle-output" is located after the "routing decision" block (also K->L flow).

My setup clearly shows that mange-output is before "routing decision" block since routing mark changes the flow to a failover WAN connection (non-default in routing table). Without my mange rules connection goes to a default WAN connection.

And my questions are:
  1. Is it really correct on the diagrams that "output" block from local output is placed after a "routing decision" block in the flow?
  2. Is there a single-mangle-rule solution to mark all traffic (local and forwarded) going to a fixed-ip with a connection/routing mark? [I now have two identical mange rules: one for "output" and one for "prerouting"]
EDIT: is it a "routing adjustment" that actually works in my set-up? Is it not better simply to have a "routing decision" after the "output" block? Why this design decision was made?

Re: New Packet flow diagram

Posted: Mon Apr 25, 2016 1:11 pm
by NicolBolas
Hello,

Is there any detailed diagram to show how VRFs are processed ? I'm missing something here to fix my inter-VRF tunneling setup.

Thanks !

Re: New Packet flow diagram

Posted: Fri Sep 23, 2016 10:06 pm
by greek
Where is placed "IP - Firewall - Raw" menu ?

Re: New Packet flow diagram

Posted: Mon Oct 24, 2016 2:31 pm
by Chupaka
Where is placed "IP - Firewall - Raw" menu ?
Guys?..

Re: New Packet flow diagram

Posted: Mon Oct 24, 2016 3:12 pm
by nest
Where is placed "IP - Firewall - Raw" menu ?
Exactly where MikroTik said they put it. Just here...
Screen Shot 2016-10-24 at 13.05.02.png

Re: New Packet flow diagram

Posted: Mon Oct 24, 2016 3:18 pm
by Chupaka
Nice joke, thanks. But the topic is Packet flow diagram, not WinBox ;)

Re: New Packet flow diagram

Posted: Mon Oct 24, 2016 3:38 pm
by mrz
It's in the wiki

Image

Re: New Packet flow diagram

Posted: Mon Oct 24, 2016 3:39 pm
by sergejs
Where is placed "IP - Firewall - Raw" menu ?
RAW is taking action just before two connection tracking boxes in the Packet Flow diagram.

Re: New Packet flow diagram

Posted: Tue Nov 08, 2016 12:56 pm
by busla
As described in the diagram RouterOS must apply dst-nat rules before filter rules. But it does not. Why?

Re: New Packet flow diagram

Posted: Tue Nov 08, 2016 2:34 pm
by Chupaka
it does. explain your problem in details

Re: New Packet flow diagram

Posted: Tue Nov 08, 2016 5:03 pm
by busla
I have service at 192.168.0.2:12345

I added the rule:
ip firewall nat add chain=forward action=dst-nat protocol=udp port=12345 to-addresses=192.168.0.2 in-interface=ether1 log=yes
but the log remains empty

Dst-NAT rule doesn't work when it isn't allow rule in input chain of filter:
ip firewall filter add action=accept chain=input in-interface=ether1 protocol=udp port=12345 place-before=3
According to the diagram packet in general can not get into the INPUT.

Re: New Packet flow diagram

Posted: Wed Nov 09, 2016 8:37 pm
by nest
busla
Please create a new topic, this conversation is not in any way related to this "New packet Flow Diagram" topic. Thank you.

Re: New Packet flow diagram

Posted: Thu Nov 10, 2016 11:07 pm
by busla
busla
this conversation is not in any way related to this "New packet Flow Diagram"
Why?
I create rules based on packet flow. Rules don't work. Either the diagram is wrong or diagram need some comments.

Re: New Packet flow diagram

Posted: Fri Nov 11, 2016 1:28 am
by Quared
Hello,

@busla:
this thread about the new packet flow diagram was started 3,5 years ago and packet flow management is a central feature of routers in general

Do you really think, your problem now relates to this packet flow diagram itself ?
Please try to understand the packet flow diagram by reading appropriate information - either here in the wiki or by searching Google.

Your problem is knowledge- and config-related.
I second nest (Ron) => open up a new forum thread, thank you

greets

Re: New Packet flow diagram

Posted: Fri Nov 11, 2016 10:16 am
by busla
The diagram is a part of wiki. I have studied it.
My sample is a sample, not a problem. I want to know a real 'paclet flow' in RouterOS. It solve all my problems.

Re: New Packet flow diagram

Posted: Fri Nov 11, 2016 2:55 pm
by Chupaka
The wiki shows 'real' packet flow. Point.

Re: New Packet flow diagram

Posted: Tue Dec 27, 2016 7:32 am
by nichky
is there any MUM presentation about v6?

Re: New Packet flow diagram

Posted: Wed Mar 15, 2017 3:15 pm
by noviy
This small update with possible can someone help better understand the place of new blocks "RAW Prerouting" and "RAW Output".
download/file.php?mode=view&id=27228

Re: New Packet flow diagram

Posted: Tue Mar 21, 2017 8:56 am
by Nemiroff84
[quote="noviy"][/quote]
Can you place the diagram in visio format too?

Re: New Packet flow diagram

Posted: Thu Dec 21, 2017 4:45 am
by bajodel
This small update with possible can someone help better understand the place of new blocks "RAW Prerouting" and "RAW Output".
@noviy
I noticed only now your 2017/03 diagram update (I know, I'm late :lol: ) .. but I want to thank you for the brilliant work!! Now with new details and raw tables is really complete.

( & "UP" ..many others may have missed it)

Re: New Packet flow diagram

Posted: Sat Mar 23, 2019 12:43 am
by NoobJambon
Hello guys !
I'm looking at those packet flow diagrams and the exemple scenario and I was wondering : where does the traffic originating from the router itself appears ?

For example let's say I bind a dhcp-client to a vlan interface, what would be the path of a DHCP Request packet on those diagram ?

Re: New Packet flow diagram

Posted: Sat Mar 23, 2019 1:17 am
by BRMateus2
Hello guys !
I'm looking at those packet flow diagrams and the exemple scenario and I was wondering : where does the traffic originating from the router itself appears ?

For example let's say I bind a dhcp-client to a vlan interface, what would be the path of a DHCP Request packet on those diagram ?
Router originated packets are always output->postrouting.
Look at, where input are packets targeted exclusively to router (or not-NATted for example), and output are exclusively outgoing originated from router.
https://wiki.mikrotik.com/images/2/2f/Pfd.png (https://wiki.mikrotik.com/wiki/Manual:Packet_Flow)