MikroTik Fast Track Learning Experience

Free performance enhancement? Must be a catch….

I’ve recently had to investigate making some lower powered MikroTik devices route at decent speeds, there is a much longer story which I won’t be going in to but in short I had a task of making a CRS112 (low powered 400Mhz single core CPU) able to route 100Mb services.

A little background is the CRS112 is primarily a switch, using hardware offload you can easily switch at line rate (Gigabit) however they don’t really do too well in routing or anything CPU oriented. For example viewing Winbox uses 20% CPU resources as does running FTP, Telnet and WWW services!

For basic NAT masquerade and a simple 12 line firewall rule my initial testing was only yielding speed test results in the 30-40Mb region. The first 2 lines of my firewall were as follows to try and be as efficient as I could be;

/ip firewall filter

add action=accept chain=forward comment="ACCEPT ESTABLISHED & RELATED" connection-state=established,related in-interface=pppoe_client1

add action=accept chain=input comment="ACCEPT ESTABLISHED & RELATED" connection-state=established,related in-interface=pppoe_client1

The goal was to route at least 50Mb through the CRS so I picked up something I left alone a long time ago as then there was no need to use CPU limited products and the cons outweighed the gains.

Fasttrack is a powerful little tool you can use to vastly improve throughputs on CPU limited devices, the plus sides of it are that my CRS112 that was only previously capable of routing 30Mb was now being limited by my PPP account at 150Mb and it still had gas in the tank! The device suddenly becomes a much more viable router however the draw back to this is that fast track effectively allows the packet “through the gates” and then takes no further part in it’s journey. Connection tracking is disabled meaning any further mangling of packets and queues simply do not know about the packets we have just expedited.

In most situations fasttrack is probably going to break more things than you’d like whilst trying to squeeze the last bit out of your router however on heavily CPU limited tasks where you only need a basic router it will certainly help.

The final firewall configuration only needed 2 lines adding (yes I tried without the accept rules and it won’t work);

/ip firewall filter

add action=fasttrack-connection chain=forward comment="ACCEPT ESTABLISHED & RELATED" connection-state=established,related in-interface=pppoe_client1

add action=fasttrack-connection chain=input comment="ACCEPT ESTABLISHED & RELATED" connection-state=established,related in-interface=pppoe_client1

add action=accept chain=forward comment="ACCEPT ESTABLISHED & RELATED" connection-state=established,related in-interface=pppoe_client1

add action=accept chain=input comment="ACCEPT ESTABLISHED & RELATED" connection-state=established,related in-interface=pppoe_client1

So to summarise, fasttrack is the devil unless you have a low powered device. Connection tracking is probably more valuable than making your under specced kit last an extra couple of weeks but a very good learning experience.

Home Router Upgrade

It’s been a busy day or 2 for me getting parts together and getting ready for a fairly big shift around my home network environment. It’s all being done in the name of education as I want to run a CHR as my border router to give me some real horsepower for some scripting I’m looking at trying to do.

As part of the move around I will end up removing a MikroTik RB3011, HP N54L and a PoE injector and will be swapping over onto an RB260GSP (taking the place of the PoE and converting to fibre), a rack mounted server and a CHR which I’m currently about finished configuring.

Over the next few days I will be installing the 260GSP switch/converter and re configuring the CRS125 switch in the cave and then it should be about time to “cut over”  and get my CHR live.

This is all a test though and there is a possibility it’ll all move back if I can’t put up with the noise from the server in the cave.

6-config-moved