The test is SpeedTest.net. I’m not sure if they are UDP or TCP.
They are multi-stream TCP, testing the download direction first using four streams and then the upload one using another four streams.
With rules disabled I get all we are allowed to get at about 480mbit down.
This is due to one type of optimization - if there are no rules at all in the firewall, the firewall processing is skipped completely.
With even just one mangle rule enabled a huge drop to about 215mbit.
I disabled fastrack in IP -> Settings last night when I was trying some stuff but it made no difference. I don’t have any fastrack rules either, though.
Fasttracking is another kind of optimization, where you skip most of
firewall processing in a controlled way for most
mid-connection packets, so only the packets establishing the connection and every n-th mid-connection packet are handled by all stages of the firewall. Without fasttracking, the CPU may be insufficient to handle the traffic, depending on the RB model. The bad news is that fasttracking is incompatible with mangling (and IPsec policy matching) but the other way round - setting up a mangle rule does not disable fasttracking for all (which is good), you just get unexpected behaviour if you use both without taking additional measures. The correct way to make the two coexist is described here
; if the /ip route rule
s with their limited number of match conditions are sufficient to cover your policy routing needs, you can use them instead of mangle rules and fasttracking will still work without any extra measures to take.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.