Community discussions

MikroTik App
  4. RouterOS
  5. General

What is faster?

Post Reply
 
forne
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 65
Joined: Tue Feb 15, 2011 3:18 pm

What is faster?

Tue Feb 22, 2011 4:20 pm

What is faster: to mark a connection with the same mark on every packet flow or to mark it only once but every time check if it already has a mark?

I.e. what does consume less CPU cycles from these two:
Code: Select all
1. /ip firewall mangle add action=mark-connection chain=prerouting disabled=no \
    in-interface=iface new-connection-mark=test passthrough=no

2. /ip firewall mangle add action=mark-connection chain=prerouting disabled=no \
    in-interface=iface new-connection-mark=test connection-mark=no-mark passthrough=no
Top
 
Feklar
Forum Guru
Forum Guru
Posts: 1724
Joined: Tue Dec 01, 2009 11:46 pm

Re: What is faster?

Tue Feb 22, 2011 5:51 pm

Both of your rules are basically going to be the same. To save resources add in connection-state=new. This way the rule only fires when a new connection is being set up and not on subsequent packets after that. Every packet coming through as part of that connection will still receive the same packet mark.
Top
 
forne
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 65
Joined: Tue Feb 15, 2011 3:18 pm

Re: What is faster?

Tue Feb 22, 2011 6:08 pm

Both of your rules are basically going to be the same. To save resources add in connection-state=new. This way the rule only fires when a new connection is being set up and not on subsequent packets after that. Every packet coming through as part of that connection will still receive the same packet mark.
What is the difference in resource consumption between the conditions "connection-mark=no-mark" and "connection-state=new"? In both cases the rule will fire only once per connection.
Top
 
Feklar
Forum Guru
Forum Guru
Posts: 1724
Joined: Tue Dec 01, 2009 11:46 pm

Re: What is faster?

Tue Feb 22, 2011 7:06 pm

My understanding is this.

The no-mark needs to check every packet to make sure if it has a mark or not, so each packet is still being processed against the rule. The connect-state=new will only fire for packets that start a connection and no subsequent packets are checked against the rule.
Top
 
User avatar
Ibersystems
Forum Guru
Forum Guru
Posts: 1686
Joined: Wed Apr 12, 2006 12:29 am
Location: Cabrils, Barcelona - Spain
Contact:
Contact Ibersystems

Re: What is faster?

Tue Feb 22, 2011 11:46 pm

My understanding is this.

The no-mark needs to check every packet to make sure if it has a mark or not, so each packet is still being processed against the rule. The connect-state=new will only fire for packets that start a connection and no subsequent packets are checked against the rule.
+1
Top
 
forne
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 65
Joined: Tue Feb 15, 2011 3:18 pm

Re: What is faster?

Sat Feb 26, 2011 4:46 am

Sorry, but I don't believe it. An explanation from MK support would be good.
Top
Post Reply
  4. RouterOS
  5. General