原文:
https://wiki.mikrotik.com/wiki/Manual:IP/Fasttrack
需要两条命令来执行:
/ip firewall filter add chain=forward action=fasttrack-connection connection-state=established,related /ip firewall filter add chain=forward action=accept connection-state=established,related
描述
IPv4 FastTrack处理程序自动用于标记的连接。使用防火墙操作“ fasttrack-connection”来标记FastTrack的连接。当前,只有TCP和UDP连接实际上可以被快速跟踪(即使可以将任何连接标记为快速跟踪)。IPv4 FastTrack处理程序支持NAT(SNAT和/或DNAT)。
请注意,并非连接中的所有数据包都可以被FastTracked,因此即使将连接标记为FastTrack,也有可能看到某些数据包通过慢速路径。这就是为什么快速跟踪连接通常遵循相同的action = accept规则的原因。FastTracked数据包绕过防火墙,连接跟踪,简单队列,parent = global的队列树,IP流量(在6.33中取消了限制),IP accounting,IPSec,热点通用客户端,VRF分配,因此管理员应确保FastTrack不干扰其他配置;
要求
如果满足以下条件,则IPv4 FastTrack处于活动状态:
- 没有网状,元路由器接口配置;
- sniffer, torch and traffic generator is not running;
没有活动的mac-ping,mac-telnet或mac-winbox会话限制已在6.33中删除;- / tool mac-scan没有被积极使用;
- / tool ip-scan没有被积极使用;
- 在IP /Settings 下启用了FastPath和路由缓存
Supported hardware
FastTrack is supported on the listed devices.
| RouterBoard | Interfaces |
|---|---|
| RB6xx series | ether1,2 |
| RB7xx series | all ports |
| RB800 | ether1,2 |
| RB9xx series | all ports |
| RB1000 | all ports |
| RB1100, RB1000AHx2 | ether1-11 |
| RB1000AHx2 | all ports |
| RB2011 series | all ports |
| RB3011 series | all ports |
| RB4011 series | all ports |
| CRS series routers | all ports except management interface (if the device has one) |
| CCR series routers | all ports except management interface (if the device has one) |
| All devices | wireless interfaces, if wireless-fp, wireless-cm2, wireless-rep or wireless (starting from 6.37) package used |
Examples
Initial configuration
For example, in home routers with factory default configuration, you could FastTrack all LAN traffic with this one rule placed at the top of the Firewall Filter. The same configuration accept rule is required:
/ip firewall filter add chain=forward action=fasttrack-connection connection-state=established,related /ip firewall filter add chain=forward action=accept connection-state=established,related
View of simple FastTrack rules in the firewall, it is important to have other filter or mangle rules to get the advantage of the FastTrack:
- /ip firewall filter
- /ip firewall mangle
Warning: Queues (except Queue Trees parented to interfaces), firewall filter and mangle rules will not be applied for FastTracked traffic.
- Connection is FastTracked until connection is closed, timed-out or router is rebooted.
- Dummy rules will dissapear only after FastTrack firewall rules will be deleted/disabled and router rebooted.
FastTrack on RB2011
FastTrack is enabled on RB2011 at chain=forward with the rule from previous example. Bandwidth test with single TCP stream is sent,
