RouterOS Fasttrack

    Source :

    Linux Fasttrack


    Fast path allows to forward packets without additional processing in the Linux kernel.
    (reducing overall system performance compared with the capability of the underlying hardware)

    Easy way to make your Firewall/NAT router up to 5x faster.

    Any packet processing can be broken into:

    CP (Control path)
    DP (Data path)

    There are different types of fastpath implementations in the industry today.

        * ASIC-based fastpath implementations.
        * Network-processor-based fastpath implementation
        * Control plane and data plane with some cores running CP and
          some cores running Bare Metal DP or executive fastpath.
        * Linux-network-driver-based fastpath for devices that use Linux SMP.

    In a typical network-processing applicaton, there can be thousands of flows. All flows are created equal.

    After the initial setup/verification, most of these flows require a simple and deterministic processing.

    By recognizing and caching such flows and processing such packets in a separate highly optimized context, these flows can be put on a fast track.



    RouterOS Fasttrack


    * ipv4 fasttrack fastpath – accelerates connection tracking and nat for marked connections (automatically)

    * currently limited to TCP/UDP only;

    * more than 5x performance improvement compared to regular slow path conntrack/nat

    * added ~fasttrack-connection~ firewall action in filter/mangle tables for marking connections as fasttrack;

    * added fastpath support for bridge interfaces – packets received and transmitted on bridge interface can go fastpath;

    # At the top of the Firewall Filter

    # Use firewall action “fasttrack-connection” to mark connections for FastTrack.

    /ip firewall filter
    add chain=forward action=fasttrack-connection connection-state=established,related
    add chain=forward action=accept connection-state=established,related
    add chain=forward action=drop connection-state=invalid


     – that all packets that goes fasttrack,

       will not be visible in firewall and you will not be able to limit them in queue global.

     – Not all packets in a connection can be FastTracked,

       even though connection is marked for FastTrack.


    Linux Implement


    application-specific fastpath (ASF)

    All the packets entering the system are forwarded from an Ethernet driver to ASF module.

    * accelerate the packet processing of most commonly used functionalities

    • IPv4 forwarding
    • NAT
    • firewall
    • IPSEC
    • QoS


    Recent Articles


    Related Stories

    Stay on op - Ge the daily news in your inbox