标签:require ips like disable initial snat gen enter and
原文:
https://wiki.mikrotik.com/wiki/Manual:IP/Fasttrack
需要两条命令来执行:
/ip firewall filter add chain=forward action=fasttrack-connection connection-state=established,related
/ip firewall filter add chain=forward action=accept connection-state=established,related
IPv4 FastTrack handler is automatically used for marked connections. Use firewall action "fasttrack-connection" to mark connections for FastTrack. Currently only TCP and UDP connections can be actually FastTracked (even though any connection can be marked for FastTrack). IPv4 FastTrack handler supports NAT (SNAT, DNAT or both).
Note that not all packets in a connection can be FastTracked, so it is likely to see some packets going through slow path even though connection is marked for FastTrack. This is the reason why fasttrack-connection is usually followed by identical action=accept rule. FastTracked packets bypass firewall, connection tracking, simple queues, queue tree with parent=global, ip traffic-flow(restriction removed in 6.33), IP accounting, IPSec, hotspot universal client, VRF assignment, so it is up to administrator to make sure FastTrack does not interfere with other configuration;
IPv4 FastTrack is active if following conditions are met:
FastTrack is supported on the listed devices.
RouterBoard | Interfaces |
---|---|
RB6xx series | ether1,2 |
RB7xx series | all ports |
RB800 | ether1,2 |
RB9xx series | all ports |
RB1000 | all ports |
RB1100, RB1000AHx2 | ether1-11 |
RB1000AHx2 | all ports |
RB2011 series | all ports |
RB3011 series | all ports |
RB4011 series | all ports |
CRS series routers | all ports except management interface (if the device has one) |
CCR series routers | all ports except management interface (if the device has one) |
All devices | wireless interfaces, if wireless-fp, wireless-cm2, wireless-rep or wireless (starting from 6.37) package used |
For example, in home routers with factory default configuration, you could FastTrack all LAN traffic with this one rule placed at the top of the Firewall Filter. The same configuration accept rule is required:
/ip firewall filter add chain=forward action=fasttrack-connection connection-state=established,related /ip firewall filter add chain=forward action=accept connection-state=established,related
View of simple FastTrack rules in the firewall, it is important to have other filter or mangle rules to get the advantage of the FastTrack:
Warning: Queues (except Queue Trees parented to interfaces), firewall filter and mangle rules will not be applied for FastTracked traffic.
FastTrack is enabled on RB2011 at chain=forward with the rule from previous example. Bandwidth test with single TCP stream is sent,
ROS的Fasttrack,可以极大的减少ROS的CPU使用率已经带宽!
标签:require ips like disable initial snat gen enter and
原文地址:https://www.cnblogs.com/itfat/p/12936850.html