![首頁 Logo Keith ]p !!](/themes/mytheme/logo.png){kind=logo}
最後更新: 2016-04-14
目錄
- Linux Fasttrack
- RouterOS Fasttrack
- Linux Fasttrack Implement
Linux Fasttrack
Fast path allows to forward packets without additional processing in the Linux kernel.
Traffic that belongs to a fast-tracked connection travels in FastPath,
which means that it will not be visible by other router L3 facilities.
(L3 facilities: firewall, queues, IPsec, IP accounting, VRF assignment, etc)
more than 5x performance improvement compared to regular slow path conntrack/nat
Any packet processing can be broken into:
- CP (Control path)
- DP (Data path)
There are different types of fastpath implementations in the industry today.
* ASIC-based fastpath implementations.
* Network-processor-based fastpath implementation
* Control plane and data plane with some cores running CP and
some cores running Bare Metal DP or executive fastpath.
* Linux-network-driver-based fastpath for devices that use Linux SMP.
In a typical network-processing applicaton, there can be thousands of flows. All flows are created equal.
After the initial setup/verification, most of these flows require a simple and deterministic processing.
By recognizing and caching such flows and processing such packets in a separate highly optimized context,
these flows can be put on a fasttrack.
RouterOS Fasttrack
* ipv4 fasttrack fastpath - accelerates connection tracking and nat for marked connections (automatically)
- currently limited to TCP/UDP only;
- FastTrack handler also supports source and destination NAT;
- Use firewall action "fasttrack-connection" to mark connections for FastTrack;
* more than 5x performance improvement compared to regular slow path conntrack/nat
* added ~fasttrack-connection~ firewall action in filter/mangle tables for marking connections as fasttrack;
* added fastpath support for bridge interfaces - packets received and transmitted on bridge interface can go fastpath;
# At the top of the Firewall Filter
# Use firewall action "fasttrack-connection" to mark connections for FastTrack
/ip firewall filter add chain=forward action=drop connection-state=invalid add chain=forward action=fasttrack-connection connection-state=established,related \ comment="fasttrack established/related" add chain=forward action=accept connection-state=established,related comment="accept established/related"
Note:
[Rule 1]
established/related connections go to "fasttrack"
- That all packets that goes fasttrack,
will not be visible in firewall and you will not be able to limit them in queue global.
[Rule 2]
To maintain connection tracking entries some random packets will still be sent to a slow path.
- Not all packets in a connection can be FastTracked, even though connection is marked for FastTrack.
Linux Fasttrack Implement
application-specific fastpath (ASF)
All the packets entering the system are forwarded from an Ethernet driver to ASF module.
* accelerate the packet processing of most commonly used functionalities
- IPv4 forwarding
- NAT
- firewall
- IPSEC
- QoS
