This document contains the slides for a webinar presented by Achmad Mardiansyah from GLC Networks on Mikrotik fasttrack. The webinar discusses how fasttrack can improve router performance by skipping processing posts for certain connections. Fasttrack works by applying connection tracking and NAT acceleration to specific connections marked using the firewall's fasttrack-connection action. The webinar demonstrates how to configure fasttrack rules and check fasttrack status, with cautions that fasttracked packets bypass processing like queues. Attendees are invited to register for GLC Network's Mikrotik training courses.

1. www.glcnetworks.com
Fasttrack
GLC webinar, 13 july 2017
Achmad Mardiansyah
achmad@glcnetworks.com
GLC Networks, Indonesia
1

2. www.glcnetworks.com
Agenda
● Introduction
● Mikrotik fasttrack
● Demo
● Q & A
2

3. www.glcnetworks.com
What is GLC?
● Garda Lintas Cakrawala (www.glcnetworks.com)
● An Indonesian company
● Located in Bandung
● Areas: Training, IT Consulting
● Mikrotik Certified Training Partner/Consultant/Distributor
● Ubiquiti Certified Trainer/Consultant
● RedHat Certified Trainer
3

4. www.glcnetworks.com
About GLC webinar?
● First webinar: january 1, 2010 (title:
tahun baru bersama solaris - new
year with solaris OS)
● As a sharing event with various
topics: linux, networking, wireless,
database, programming, etc
● Regular schedule: every 2 weeks
● Irregular schedule: as needed
● Checking schedule:
http://www.glcnetworks.com/main/sc
hedule
● You are invited to be a presenter
○ No need to be an expert
○ This is a forum for sharing: knowledge,
experiences, information
4

5. www.glcnetworks.com
Trainer Introduction
● Name: Achmad Mardiansyah
● Base: bandung, Indonesia
● Linux user (since 1999), Mikrotik user (since 2007),
ubnt user (since 2011)
● Certified Trainer (Mikrotik, Ubiquiti, Redhat)
● Certified Consultant
● Work: Telco engineer, Sysadmin, PHP programmer,
and Lecturer
● Personal website: http://achmadjournal.com
● More info:
http://au.linkedin.com/in/achmadmardiansyah
5

6. www.glcnetworks.com
Please introduce yourself
● Your name
● Your company/university?
● Your networking experience?
● Your mikrotik experience?
● Your expectation from this course?
6

7. www.glcnetworks.com
Mikrotik Fastpath
7

8. www.glcnetworks.com 8

9. www.glcnetworks.com
Drawbacks of slowpath
● SLOW -> lower performance -> lower
packet per second
● Packets should go through many processing
post -> higher CPU usage
9

10. www.glcnetworks.com
Can we improve slowpath?
Yes -> fastpath
● Just skip the processing posts (in
case you dont use them)
● This will improve routerboard
performance. See table below
10

11. www.glcnetworks.com
Fastpath conditions (1)?
YES. fastpath will active if following conditions are met (aka. handler)
● IPv4 handler
○ firewal rules are not configured;
○ firewall address lists are not configured;
○ Simple and queue trees with parent=global are not configured;
○ no mesh, metarouter interface configuration;
○ sniffer, torch and traffic generator is not running;
○ connection tracking is not active;
○ ip accounting is disabled (/ip accounting enabled=no);
○ VRFs are not set (/ip route vrf is empty);
○ Hotspot is not used (/ip hostspot has no interfaces);
○ IpSec policies are not configured (ROS v6.8);
○ /tool mac-scan is not actively used;
○ /tool ip-scan is not actively used;
○ route cache must be enabled
○ /ip firewall connection tracking set enabled parameter has new auto value Which means that
connection tracking is disabled by default until firewall rules are added.
11

12. www.glcnetworks.com
Fastpath conditions (2)?
● IPv4 FastTrack handler -> our topic today
○ FastTrack is available on the devices with FastPath support.
● Traffic Generator handler
○ Traffic Generator fast path is automatically used for interfaces that support this feature.
● MPLS handler
○ MPLS fast path is automatically used for interfaces that support this feature.
○ Currently MPLS fast-path applies only to MPLS switched traffic
● Bridge handler
○ no bridge firewall rules (/interface bridge filter, /interface bridge nat) are configured,
○ /interface bridge settings use-ip-firwall=no,
○ no mesh, metarouter interface configuration,
○ sniffer, torch and traffic generator is not running,
12

13. www.glcnetworks.com
Mikrotik connection tracking
13

14. www.glcnetworks.com
What is connection?
A condition where a client is establishing communication to a server from
beginning until end.
Connection phase/type: New, Established, Related, Invalid
A connection usually is identified by:
● Pair of IP address (source and destination)
● Pair of port (source and destination). If it uses ports
Example: 10.10.10.10:283 -> 11.11.11.11:80
Note: Connection is not limited to TCP connection only. UDP and other protocols
can have a connection.
14

15. www.glcnetworks.com
What is connection tracking (conn-track)?
Is a linux kernel feature to keep track the connection that is flowing on linux-based
router.
Benefits of conn-track:
● For NAT purpose
● Tracking how many bytes
already downloaded by a user
● Tracking how many connections
that goes to/from IP address ->
detecting DOS attack
● Implement L-7 protocol
● Marking a connection for further
processing. E.g. fasttrack
15

16. www.glcnetworks.com
Mikrotik Fastrack
16

17. www.glcnetworks.com
What is fasttrack?
FASTPATH + CONNTRACK = FASTTRACK
● FastTrack accelerates packet processing for specific connection tracking
entries (connections)
● have full NAT support
● More than 5x performance improvement compared to regular connection
tracking and NAT
17

18. www.glcnetworks.com
Configuring fasttrack
● Use firewall filter/mangle, action = “fasttrack-connection”
● Support IPv4/TCP and IPv4/UDP connection
● Works similar to “mark-connection”
● Fasttracked packets are not be visible in firewall rule counters
● Not all packets from connection will be fasttracked, some packets will use
regular conntrack.
Example:
/ip firewall mangle add action=fasttrack-connection chain=prerouting src-address=192.168.31.31
18

19. www.glcnetworks.com
Checking fasttrack &
several cautions
To check: ip - setting
Notes:
● Fasttrack will by-pass the packet-flow
processing -> including queue. beware!!
● Test your rule before implementation
● Know what you doing, just copy and paste.
● You really must understand the concepts of
connection in RouterOS
19

20. www.glcnetworks.com
Interested?
Just come to our
training...
Special price for webinar
attendees…
http://www.glcnetworks.c
om/main/schedule
20

21. www.glcnetworks.com
End of slides
● Thank you for your attention
● Please submit your feedback: http://bit.ly/glcfeedback
● Like our facebook page: “GLC networks”
● Slide: http://www.slideshare.net/r41nbuw
● Recording: https://www.youtube.com/channel/UCI611_IIkQC0rsLWIFIx_yg
● Stay tune with our schedule
21