请选择 进入手机版 | 继续访问电脑版

Blog.rosdns.cn 艾丝信息科技

 找回密码
 立即注册
搜索
热搜: 活动 交友 discuz
查看: 2241|回复: 0

Manual:IP/Fasttrack

[复制链接]
发表于 2016-9-26 22:54:53 | 显示全部楼层 |阅读模式
Description
IPv4 FastTrack handler is automatically used for marked connections. Use firewall action "fasttrack-connection" to mark connections for fasttrack. Currently only TCP and UDP connections can be actually fasttracked (even though any connection can be marked for fasttrack). IPv4 FastTrack handler supports NAT (SNAT, DNAT or both).

Note that not all packets in a connection can be fasttracked, so it is likely to see some packets going through slow path even though connection is marked for fasttrack. This is the reason why fasttrack-connection is usually followed be identical action=accept rule. Fasttracked packets bypass firewall, connection tracking, simple queues, queue tree with parent=global, ip traffic-flow(restriction removed in 6.33), ip accounting, ipsec, hotspot universal client, vrf assignment, so it is up to administrator to make sure fasttrack does not interfere with other configuration;

Requirements
IPv4 FastTrack is active if following conditions are met:

no mesh, metarouter interface configuration;
sniffer, torch and traffic generator is not running;
no active mac-ping, mac-telnet or mac-winbox sessions restriction removed in 6.33;
/tool mac-scan is not actively used;
/tool ip-scan is not actively used;

Supported hardware
Fasttrack is supported on the listed devices.

RouterBoard        Interfaces
RB6xx series        ether1,2
RB7xx series        all ports
RB800        ether1,2
RB9xx series        all ports
RB1000        all ports
RB1100 series        ether1-11
RB2011 series        all ports
RB3011 series        all ports
CRS series routers        all ports
CCR series routers        all ports
All devices        wireless interfaces, if wireless-fp or wireless-cm2 package used
Examples
Initial configuration
For example, in home routers with factory default configuration, you could Fasttrack all LAN traffic with this one rule placed at the top of the Firewall Filter. The same configuration accept rule is required:

/ip firewall filter add chain=forward action=fasttrack-connection connection-state=established,related
/ip firewall filter add chain=forward action=accept connection-state=established,related
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

小黑屋|手机版|Archiver|nowcc.cn ( 苏ICP备16033176

GMT+8, 2021-2-27 02:24 , Processed in 0.024915 second(s), 18 queries .

Powered by Discuz! X3.2

© 2001-2013 Comsenz Inc.

快速回复 返回顶部 返回列表